Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another NASA Hacker Indicted

Posted by kdawson on from the white-hats-provide-poor-cover dept.

eldavojohn writes "Earlier this year, UK citizen & hacker of NASA Gary KcKinnon was extradited to the United States (also interviewed twice). Now, another hacker has been indicted for hacking more than 150 U.S. government computers. Victor Faur, 26, of Arad, Romania claims to have led a 'white hat team' to expose flaws in U.S. government computers. It seems everyone else has been busy hacking into government systems while I've been wasting my time playing Warcraft." From the article: "The breached computers were used to collect and process data from spacecraft. Because of the break-ins, systems had to be rebuilt and scientists and engineers had to manually communicate with spacecraft, resulting in $1.36 million in losses for NASA and nearly $100,000 in losses for the Energy Department and the Navy, prosecutors said. Several suspected NASA hackers have been dealing with law enforcement recently."

9 of 164 comments (clear)

  1. Teh Interwebs by foldingstock · · Score: 5, Insightful

    If a system is that important, and only has a single task, such as communicating with a spacecraft, why would it be accessible from outside sources?

    1. Re:Teh Interwebs by The+Zon · · Score: 5, Funny

      It's NASA 2.0. They're looking for input from the community.

      --
      Some attitudes replaced or by cgi optimizes
    2. Re:Teh Interwebs by wximagery95 · · Score: 5, Interesting

      I work for Lockheed Martin on a classified contract for the USAF and our entire classified network infrastructure is not accessible from the outside (no VPN, no dial in, no nothing). It's a completely isolated AND encrypted network. It's a pain to work on/maintain, but it's the only way you can guarantee no one other than an insider can compromise the system by manually copying data to removable media and taking it with them. Leaked information at this level could causer serious harm to nation's national security.

      When I read articles like this one, it makes me wonder what classification of information was compromised. I highly doubt it's DoD Secret or greater and if it's less than that, the damage caused by this information landing in the wrong hands is probably minimal, though disconcerting.

  2. Not very bright and certainl not "white hat" by madsheep · · Score: 5, Interesting

    If you ever went to the websites that this "Victor" character hosted their "hacks" on you could see what kind of geniuses they were. The "White Hat Team" as they called themselves were/are a bunch of clueless script kiddies. They would host their website (www.whitehat.ro) on hacked servers, so it would frequently go down and be reuploaded elsewhere. They flat out told you this on their ugly poorly designed webpage. On top of that they had tons of screen shots of various systems they compromised accounts on (and sometimes gained root). It was fully of typos, bad commands, and just other terribly embarassing things.
    Honestly, I feel bad for this guy (and probably the rest of the team when they're indicted), not because he's been arrested, but because he is such a moron! Hackers... not at all. White hats.. nope (about as smart as the Ironic on). Morons..yes.

    1. Re:Not very bright and certainl not "white hat" by Anonymous Coward · · Score: 5, Funny

      > It was fully of typos, bad commands, and just other terribly embarassing things.

      Sounds like he has a bright future right here, on slashdot.

  3. Re:Prove it by loraksus · · Score: 5, Funny

    What are you talking about? NASA had to hire hundreds of people to write the communications out by hand in binary and send over 200,000 pigeons to deliver it to the spacecraft (where they had significant issues with packet loss).
    Those numbers are extremely conservative!

    --
    1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcfv gbhnjmk,l.;/
  4. I'm not sayin'... by lazycam · · Score: 5, Interesting

    I agree with hacking into US goverment machines. I have no plans of spending the next 10 years in a federal prison or Gitmo for that matter. But, who is then responsible for testing the security of our critical systems? Is that no our duty as programming and security professionals? Please explain to me why such machines were connected to the internet again? That's like walking outside the door in the morning without a pair of pants.

    --
    my mom posts on slashdot.
  5. Re:When I was there... by dgm3574 · · Score: 5, Interesting

    I was there too. I worked as a contractor at JPL for a little over 3 years, on various projects, building what I'll call "mission support software" in the interest of brevity.

    What I learned after being there long enough (and it took me a long time) is that one of the main reasons computer security at NASA sucks is funding; or really a lack of it. Bear with me as I explain...

    The IT security people (and really, IT people in general) are considered about the lowest form of life at places like JPL, because we are ancillary to the mission. We are overhead. Our work, while helpful, is not viewed as "critical" to mission success. This is an unfortunate and incorrect perception. Try launching anything remotely complex without a computer or a network to support the mission and see what happens.

    Most of the science people at NASA just want to get their work done, get the mission to fly, get their science data back, and do their analyses. The problem is that they don't value network/computer security like IT people do. They just have their narrow view of their narrow area of responsibility. This tunnel vision prevents them from caring about security until Something Bad happens and they lose mission data. Then get ready to hear the screaming. IT people get fired. Heads roll. Memos are written. Policies changed.

    And then everything goes back to exactly how it was, again.

    Underlying all of this is the fact that IT, because of how it is perceived, is poorly funded and therefore understaffed. Without enough staff, they can't respond to all the incoming requests for IT work.

    Remember those science people? They will not accept anything getting in their way, least of all some sorry excuses from the IT department about how they can't get to your server today.

    Consider this conversation:

    IT: "I'm sorry, we're backlogged right now and I won't be able to do that for you today."

    ScienceGuy: "No, you'll fix my server today or the lab director (basically the president of JPL) will hear about it and you'll lose your job because I won't be able to talk to the Mars rover today."

    IT: "Uh, ok. You're the 5th person to threaten my job today. Looks like I'm getting fired. What would you like me to do?"

    ScienceGuy: "Just give me the root password and I'll do it myself. I use a Mac with OS X, so I am a Unix Genius."

    IT: "Sure thing. The password is p198*#&$S(s. Have a great day!"

    ScienceGuy: "Thanks for being a team player! I'll make sure to write a memo to your boss about how you helped us."

    And so, in order to "stay out of the way" of the science people, the IT people have to give away a lot of system administration duties. For this they are rewarded.

    Now, remember that those science people don't care about security? And they don't let anything get in their way? Think they'll do goofy things to make their server or data more easily accessible? You bet they will, regardless of the policies. And you know what? That is why places like JPL are so successful. The science people are dedicated, and will generally stop at nothing to make their missions successful. Most of them are what I would call True Believers. They really are there because they believe in what they do. Unfortunately, they often work within very limited budgets, and within the institutional limitations like limited funding for IT staff.

  6. Project Gutenberg by Anonymous Coward · · Score: 5, Informative

    http://www.gutenberg.org/etext/101