Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another NASA Hacker Indicted

Posted by kdawson on from the white-hats-provide-poor-cover dept.

eldavojohn writes "Earlier this year, UK citizen & hacker of NASA Gary KcKinnon was extradited to the United States (also interviewed twice). Now, another hacker has been indicted for hacking more than 150 U.S. government computers. Victor Faur, 26, of Arad, Romania claims to have led a 'white hat team' to expose flaws in U.S. government computers. It seems everyone else has been busy hacking into government systems while I've been wasting my time playing Warcraft." From the article: "The breached computers were used to collect and process data from spacecraft. Because of the break-ins, systems had to be rebuilt and scientists and engineers had to manually communicate with spacecraft, resulting in $1.36 million in losses for NASA and nearly $100,000 in losses for the Energy Department and the Navy, prosecutors said. Several suspected NASA hackers have been dealing with law enforcement recently."

5 of 164 comments (clear)

  1. Re:$1.3? $100k?! by h2g2bob · · Score: 3, Informative

    For extradition, there's often a minimum amount of damage (in $$$) that is required before someone can be extradited.

  2. Hacker Crackdown by dbIII · · Score: 4, Informative

    Read Bruce Sterling's "The Hacker Crackdown" for how these spurious figures are calculated. The examples are old but so is the mindset behind this. The author has put the entire book online.

  3. Re:Teh Interwebs by cyclone96 · · Score: 4, Informative

    If a system is that important, and only has a single task, such as communicating with a spacecraft, why would it be accessible from outside sources?

    Indeed. The article is pretty thin on what was actually compromised and what "manually communicating with spacecraft" really meant. Rule number 1 with mission critical systems at NASA (I work for them, but not at the locations attacked) is that they are *completely* walled off from the outside.

    Now, there are some mission associated systems that are accessible from the internet which are storing spacecraft data. Here's one that has datasets from the acceleration system on the International Space Station:

    http://pims.grc.nasa.gov/html/ISSAccelerationArchi ve.html

    It's out there because that's the easiest way to get the data to researchers, many of whom are at universities around the world. I suppose if that server ended up hacked, it would hit the news as "Hacker brings down Space Station support system!". Sounds bad, but it's not like you can actually gain control of the spacecraft. I suspect the machines affected were used for this sort of purpose.

    --
    Worst...sig...ever!
  4. Project Gutenberg by Anonymous Coward · · Score: 5, Informative

    http://www.gutenberg.org/etext/101

  5. Re:Say it with me again folks... by _Sprocket_ · · Score: 3, Informative

    Various US Government Agencies have been slow to pick up information security. With few notable exceptions, the US Government just doesn't get infosec. But what the US Government does understand is law. Law is a relatively slow process compared to the hack. Some of these cases take years before the Feds are knocking on doors. If you're a script kiddie who's keen on a *.gov address for your IRC bot, keep that in mind. In the short term you may be successful. But you have no idea if the US Government actually did notice and are taking the long, drawn out process to bring you down via whatever Law allows it.

    I once attended an infosec meeting at a NASA center several years ago. The initial presentation was an analysis of an incident involving some Oganization's lab systems. It was well done and full of very handy technical information, lessons learned, and advice to other Orgs on how to avoid a simular incident. I looked around the room. Most eyes were well glazed over. Obviously the information was lost on an audience who should be taking notes. The next presentation came from our FBI representative. The rep. basically talked about the lab equipment that was confiscated... what was happening to the HDs during analysis... and the process of "getting the bad guys." The crowd lit up. Everyone was rather excited. They were going to get the bad guys. Few there seemed to realize that this was not "good news". Rather, it was a failure as the lab systems compromised represented lossess to already-tight budgets.

    Things have changed since that time. Infosec is changing... at least at NASA. There are new attitudes, new requirements, new regulations. I've still got my own concerns and criticisms of the state of things. It's far from perfect, to say the least. But there is change. We'll see how well it holds.