Another NASA Hacker Indicted

eldavojohn writes "Earlier this year, UK citizen & hacker of NASA Gary KcKinnon was extradited to the United States (also interviewed twice). Now, another hacker has been indicted for hacking more than 150 U.S. government computers. Victor Faur, 26, of Arad, Romania claims to have led a 'white hat team' to expose flaws in U.S. government computers. It seems everyone else has been busy hacking into government systems while I've been wasting my time playing Warcraft." From the article: "The breached computers were used to collect and process data from spacecraft. Because of the break-ins, systems had to be rebuilt and scientists and engineers had to manually communicate with spacecraft, resulting in $1.36 million in losses for NASA and nearly $100,000 in losses for the Energy Department and the Navy, prosecutors said. Several suspected NASA hackers have been dealing with law enforcement recently."

Re:Hacker?

[flyingfsck]

"Sadly, almost any news involving Romania are mostly about phishers, skiddies and crackers..."

So, what happened to the gypsies? They left?

Re:When I was there...

[jd]

Good point. Boeing's aircraft research (such as the blended wing body they worked on with NASA in the 1990s) was on open servers. DES encrypted, sure, but even back then, nobody took single-pass DES seriously as an encryption system. Undoubtedly work on scramjets, rocket fuels, etc, were also on public systems with insignificant protection. So far, there is no evidence of India, Pakistan or North Korea having hypersonic intercontinental cruise missiles, which tells me that those nations too unstable to be safe with such technology were also too stupid to obtain it from open technological repositories and that those who had the necessary wits to break in also had the necessary wits to not hand over any such information they found to such people.

As a general rule, stupidity makes for a rather unreliable and unpredictable defense, even if you can practically guarantee an endless supply of it when it comes to politicians and military intelligence.

There are other considerations. How much of Iranian nuke technology was simply FTPed off US Department of Energy servers? Mr Nuke from Pakistan may well have obtained a fair amount of his knowledge by such means, as reports repeatedly indicate he worked from old US designs. So few departments have IT security scores worth a damn and it simply isn't safe to assume that hostile nations or even hostile organizations have voluntarily chosen to "do the decent thing" and not kick the US in the goolies. Again, though, we simply don't know the detection rate. It seems to be extremely low, if NASA is anything to go by, and it was reported a while back that the DoD mis-identified a scan by a US-based team of crackers as being overseas because they used nmap's spoof system.

Does this mean we should be all paranoid? Probably not. This level of sheer incompetence on the parts of all parties has gone on for many years, if not decades. It probably means that there should be better funding in IT security and a good, old-fashioned purge of delinquents in positions of authority, but that's not going to happen.