Slashdot Mirror
6-Month Sentence for NASA Cracker
lunartik noted an AP story running on a 6-month sentence given to
Gregory Aaron Herns for cracking into the computer system at NASA's Goddard Space Flight Center. 'Herns told federal agents he was looking for computer space to store movies he'd downloaded. It took hours for technicians to find the problem, fix it and patch the system's security holes.'"
I'm surprised this wasn't posted under YRO.
Support the First Amendment. Read at -1
NASA are claiming it was $200k. It'd be nice to see how much of that was spent on fixing the security holes he uncovered.
Slashdot: News for Nerds, Stuff that matters only to them
6 months in prison because he was too cheap to buy a hard drive...
Let's just download some movies. Oh wait, I've run out of space.
LETS HACK NASA!
Step 1: Download movies.
Step 2: ???
Step 3: HACK NASA!
"It would be like clearing a sidewalk full of spectators with a fire hose so you can walk through it," said Assistant U.S. Attorney Greg Nyhus.
More like breaking into a bank vault to store the bicycle you just stole.
Smoke me a kipper, I'll be back for breakfast.
"It took hours for technicians to find the problem, fix it and patch the system's security holes'"
That's so obviously the cracker's fault...
This is how the system is supposed to work.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
NASA should be allowed use these idiots in their experiments. I'm thinking 'Effects on subject A when parachutes fail to deploy on capsule dropped from 50,000 feet' or 'Impact determination of Subject A foolishly slashing open his space suit in LEO" sort of stuff.
NASA could get valuable data, some small furry woonland creatures would be saved this fate and the world would have a few idiots less. Win all round scenario.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Could you please post your address, I'd like to show you how clever I could be at breaking into your house.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Tacit approval of this sort of thing (cracking) paints us all with the same unsavory brush. If we do not start policing our own, the "geek/nerd" stigma will deepen. We are professionals, let's act like it.
Ignorance is curable, stupid is forever.
"It's not like firing up your Macintosh or your Apple where you push a button and wait six minutes for the thing to boot."
;)
He must be talking about Windows
Oh boy, this one again!
I disagree.
Cracking == Breaking or "cracking" any type of computer security, weather it be software or a server.
Hacking == Programing.
Actually, that's not it at all. According to 'purists', hacking is a term used to denote someone who programs (e.g. hacking code is programming) whereas cracking is breaking into a system with malicious intent, although the term hacker has been demonized by the media and government (e.g. Kevin Mitnick's story).
... after the accused stole my $3.59 flowerpot, I had to spend hundreds of dollars putting locks on all of my doors.
Because this happened 4 years ago when a typical hard drive could only store a dozen movies or so. And a 17 year old is unlikely to be able to afford a large drive (I don't know if he was working or not).
Remember, You are unique...just like everyone else.
.
:| )
Herns was ordered to pay restitution for the damage he caused and will have limited access to computers for the next three years. After the judge outlined the terms of Herns' restricted computer use, Levine pointed out how hard those conditions will be for a man who does everything online, including paying his bills.
"He's going to get to learn," Brown said. "There are other ways to live."
The Canadian government has declared internet connectivity to be (I forget the exact term) a "necessity" or something.
If you rob a bank, do they forbid you from walking into any type of business establishment for the entire duration of your parole? No! It would be idiotic - everyone needs a bank account or groceries in today's society, and there are already tons of other perfectly good laws to deal with the individual should they commit a crime in a bank or other "place of business" again.
If you commit a traffic violation, do they forbid you from getting into any vehicle on any road? No! They might prevent you from driving, but they still let you get in as a passenger in other people's vehicles or take the bus.
Judges are going to eventually have to stop throwing out blanket "computer bans" as minor parole conditions - and realize that they have to handle it differently. PCs may/can be the basis of entire home entertainment centers, your library, your photo album, your telephone, etc etc.
What they should do (and what would be more effective) is to ban the user from say spending more than 30 minutes at a time on a PC, or making an IP connection to a class of third parties, or posessing any tools or software that could be used for illicit purposes - and then have the parole officers make unannounced audits and/or taps.
This goes along the lines of what kind of an effect would it have on you and your life if the police seized your computer in the midst of an investigation (not even an investigation into you, say your webcam caught some images of a crime). My PC is all of the things I listed above and more. And remember, saying "make backups" doesn't cut it, they always take your backups too and withholding those could get you in even worse trouble.
To put it another way - the police need to develop methods that don't "deny you use of your entire house just to check the window for fingerprints".
If they want to ghost the drive and look at the inside of the system before they leave, that's fine. But taking the entire thing for an indefinite period - unacceptable. (I'm talking about when I'm not the suspected murder or something
I don't buy for a second that he was doing it to find space for movies. It just makes no sense at all.
Let's assume for a moment that all of his movies were DivX-encoded at 650 MB each, just for the sake of argument.
* Hard drives four years ago were still relatively inexpensive. By working at McDonald's part-time for three weeks or so he could have had a new hard drive.
* Even if he had so many movies that he required an additional hard drive, why could these movies not have been burned to CD-R instead? CD writers were available for less than $100 and CD-Rs could have been found for less than 50 cents a piece. He could have had virtually unlimited space as long as he purchased a new spindle now and then. (See afformentioned McDonald's reference.)
* Most importantly, what did he expect to do with those movies? Unless he had a T3 or something equivalent to his house, he would have had to wait hours to both upload for storage and download to view. I've had 1.5 Mb/sec DSL for four years, so I know that it would have been feasible back then, but it still would have been far less effort to burn them to CD-R. And at least then they would have been portable, far more so than a hard drive.
* Assuming 1.5 Mb/sec broadband, it would have taken almost an hour just to download one movie. So, he would have taken an hour to download, an hour to upload (at the VERY least since most broadband companies don't use the same upload/download speed), and another hour to download when he wants to watch it? Was he planning on installing a streaming media server as well?
* Why NASA? Why not find some schlep on his ISP who wasn't running a firewall, had lots of space, and store the data there? A Joe-Clueless-User would have been far less able to determine who was storing data on his system than NASA.
I'm sorry, but I just dont buy the "he was looking for computer space to store movies he'd downloaded" line. It makes absolutely no sense whatsoever. Sounds more to me like he was doing something nefarious and was hiding it or he was just looking for ego points and got nabbed in the process.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
I guess he should have thought about that before HACKING A BOX AT *NASA* for pete's sake - and to do what, use it for Divx movies?
This guy was an idiot and got what he deserved. Sorry. Perhaps he should have though first before compromising a piece of United States Government property.
They didn't have any chairs to sit on in the server room while they fixed security holes, so they made a big pile of money and sat on that, and it worked almost as well. After the whole fiasco NASA is now researching a new more expensive type of money that is more easily convertable to a sitting appliance.
Cracking into NASA is one thing. You're up against propellor-heads and zoomies, nice people who think space is neat. Cracking into the NSA is a whole 'nother ballgame. Those folks are professional paranoids, and while they don't kill people, they certainly know people who do.
This next song is very sad. Please clap along. -- Robin Zander
say a vulnerability is posted on the web and it happens to affect your systems. how much does it cost you to get your IT department to locate, fix, and patch the problem?
let's further assume that the party that posted the vulnerability is being purposefully uncooperative. but they agreed to get the vulnerability tested independently by a third party who also happens to be uncooperative. how much does it cost your IT department?
i havent got a clue. but 200k seems like a lot. it would seem that keeping a network secure is very expensive business. and i agree that this is true for physical installations, but digital? i mean seriously. unless of course you are over working your staff who also answer all the phones for tech support in-house making it impossible to manage their time or actually do the work they were hired for in the first place. but 200k for a bug? jesus.
i feel really bad for nasa. no matter what system you use there will be bugs and even when that is not the case a system can be badly configured. if each of these issues costs on average 100k (just a guess) to "locate, fix, and patch" can you imagine how much money is going into IT departments right now? or how much money is going into the IT industry? its like paying the plumber 4 times (just a guess) more than his already expensive rates (apparently there is a shortage of plumbers) and honestly believing that this is the way the world should work.
for crying out loud people. what exactly did this kid do? "shutdown -h now"? and it takes 15minutes to boot up? i mean sorry guys, but maybe you should be protecting your system a little better. i always tell myself. if a teenager can pull a prank like this one there are two things you should do. punish the teenager the way we punish any teenager for a prank like this (which they have sort of done). secondly, get some help securing your systems because a foreign nation will not be looking for space to store movies. they will be out there looking to cripple your systems and not necessarily permanently, 30mins could be critical for a crack squad tectical unit and if it is as easy as just shutting down a server......
ps. to be fair, it could be that restarting the system as part of their "locate, fix, and patch" program takes a lot of time (more than 10 minutes?). there again my friends i would suggest a better system to reduce your costs. this has nothing to do with me believing you shouldnt punish this guy. but quit posting damages that could have been avoided if you spent a little more time designing a better system that met your needs. if google can do it i am sure you can too.
if it takes so long to restart your system even during normal maintenance then build redudancy for your production environment. if this is really just about your personal inconvience then remember you are a plumber and that crap cloggin the pipe is your job.