Slashdot Mirror

← Back to Stories (view on slashdot.org)

6-Month Sentence for NASA Cracker

Posted by CmdrTaco on from the be-careful-who-you-crack dept.

lunartik noted an AP story running on a 6-month sentence given to Gregory Aaron Herns for cracking into the computer system at NASA's Goddard Space Flight Center. 'Herns told federal agents he was looking for computer space to store movies he'd downloaded. It took hours for technicians to find the problem, fix it and patch the system's security holes.'"

7 of 329 comments (clear)

  1. Hacking Vs Cracking by Archon-X · · Score: 1, Informative

    The age old terminology debate.
    Cracking == bypassing software protection
    Hacking == Bypassing server protection

    1. Re:Hacking Vs Cracking by MikeyVB · · Score: 5, Informative

      Oh boy, this one again!

      I disagree.

      Cracking == Breaking or "cracking" any type of computer security, weather it be software or a server.

      Hacking == Programing.

    2. Re:Hacking Vs Cracking by Flaming_cows · · Score: 4, Informative

      Actually, that's not it at all. According to 'purists', hacking is a term used to denote someone who programs (e.g. hacking code is programming) whereas cracking is breaking into a system with malicious intent, although the term hacker has been demonized by the media and government (e.g. Kevin Mitnick's story).

  2. Re:Maybe he hadnt checked pricewatch recently by saider · · Score: 3, Informative

    Because this happened 4 years ago when a typical hard drive could only store a dozen movies or so. And a 17 year old is unlikely to be able to afford a large drive (I don't know if he was working or not).

    --


    Remember, You are unique...just like everyone else.
  3. Re:I'd love to see a breakdown of the damages by More+Trouble · · Score: 3, Informative

    Are you going to take him at face value and continue using the system as is, after patching the security hole that let him in?

    Am I a competent sysadmin in this scenario? If "yes," then I guess I'm probably running a tripwire of some sort. So I boot from CD, take a look at what's been changed, and fix it. If I'm really on the ball, I'm using something like radmind, in which case I still boot from CD, but I let radmind reverse any damage that had been done.

    :w

  4. Re:In space nobody can ... by the_2nd_coming · · Score: 2, Informative

    a 6 month sentence will likely be done in a minimum security prison since it is less than 3 years.

    --



    I am the Alpha and the Omega-3
  5. Re:I'd love to see a breakdown of the damages by Twanfox · · Score: 3, Informative

    The safest and most reliable way to 100% be assured that you have wiped all trace of actions done is to roll back to a prior backup. While yes, Tripwire is a great program and yes, while using it myself I conceed that it does in fact trap file alterations well, I seem to recall there was a story not too long ago about generating two files of the same MD5 hash. If that is even remotely possible, then you cannot trust life and death situations and billions of dollars to a system that can still be compromised just because you didn't want to take the time to roll back the system to a known 'sane' version.

    It's just a matter of principle in high value systems. What happens if he replaced the policy and key files for tripwire, masking his trail? What happens if he knew the passphrase to use the local and site keys? Even if you know he could not, it just isn't worth the risk. Either take your time to drill down and dig out the pieces, or take the same time to wipe and reinstall. For my money, I feel more secure about wiping and reinstalling.