TinKode sentenced after hacking Oracle, NASA and others to expose weak security

TinKode sentenced after hacking Oracle, NASA and the Pentagon

TinKodeThe infamous hacker known as TinKode has been sentenced by a Romanian court, according to media reports.

Cernăianu Manole Răzvan was arrested in January 2012, after a series of high profile hacks of government and military websites, exposing their poor security and often publishing passwords and screenshots as evidence.

Past victims have included website belonging to the British Royal Navy, MySQL.com (which ironically fell foul of a SQL injection attack) and NASA servers.

Royal Navy website

To the relief of many, TinKode appeared to be inspired more by the desire to embarrass organisations into improving web security – rather than making money.

In an interview with Network World in 2011, TinKode compared his activities to a free security audit:

Until now, no. I don't do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It's like an security audit, but for free.

Nevertheless, his actions were illegal and led to his arrest by Romanian authorities earlier this year. Last month a Romanian court ordered Răzvan to pay 93,000 Euros (approximately $120,000) to cover the costs suffered by his breached victims, and gave him a two year suspended prison sentence.

That’s a lesson that others would be wise to learn from if engaged in similar activities.

Free TinKode petition

An online petition, started by TinKode’s sympathisers, failed to receive significant support (a hoped-for 5000 signatures has only reached 187 at the time of writing). It remains to be seen whether they will help the young Romanian pay his substantial fine.

It’s no excuse for TinKode’s criminal hacks, but if the websites had been properly secured in the first place they would have never found themselves embarrassed by the Romanian hacker.

If you haven’t already done so, check out our free technical paper about “Securing websites”, which discusses common ways web servers are attacked and the various ways that they can be protected.