Romanian Accused of Breaking Into NASA

alphadogg writes "Romanian authorities have arrested a 26-year old hacker who is accused of breaking into multiple NASA servers and causing $500,000 in damages to the U.S. space agency's systems. Robert Butyka, 26, was arrested on Tuesday in Western Romania following an investigation by the Romanian Directorate for Investigating Organized Crime and Terrorism. According to local reports, the hacker used the online moniker of 'Iceman.' He does not have a higher education or an occupation, a DIICOT spokeswoman said."

In soviet russia ...

NASA hacks you ...

Re:In soviet russia ...

Your ignorance of geography and history makes the joke absurd.

Re:In soviet russia ...

Romaina's capital is Rome yeah?

Bill Gates

I remember when Gates wrote that he used to do the same thing as a teenager, hack into corporate computer centers via a dialup connection and try to crash their systems (which he bragged he succeeded in doing more than once). And of course Steve Jobs was a phone phreak.

Re:Bill Gates

[Kraftwerk]

Woz was the phreak, Jobs may have been around but I don't think it was his cup of tea.

Re:Bill Gates

[Riceballsan]

Well that case, it even is still directly doing damage (crashing the server, downtime = lost sales/productivity). Compared to several other hackers that get in comparable trouble for literally just connecting and reading the content. Companies/government tend to want to hold the hackers liable when they connect/access, without actually causing any downtime. Time spent applying security updates for a flaw that should have been fixed before, is not downtime caused by the hacker that is downtime caused by the security team not having done it right the first time. Unless trade secretes were sold to a competitor, or downtime/data loss was caused, there are no "damages". In the same way that trespassing is not by definition theft.

Re:Bill Gates

Woz was the phone phreak, true. Jobs was the one who wanted to commercialize the device to do the phreaking. Woz was one guy making free calls. Jobs wanted to make money off of selling "free call devices" to others.

Re:Bill Gates

[Kraftwerk]

As punishment, they should have this young man sit down to a meal masticated by John Draper.

Re:Bill Gates

[SuricouRaven]

Common, I'd imagine. A hacker has to hack - if someone of technological talent isn't directed into a productive use of their skill, they'll likely end up using it to play around just because it's fun. I know when I was a pupil in school I used to frequently hack their primative network security, and had much fun in the dialup days port scanning and poking at whatever I found. A lot of experts today probably got started with some explorations of dubious legality.

Re:Bill Gates

[ackthpt]

Well that case, it even is still directly doing damage (crashing the server, downtime = lost sales/productivity). Compared to several other hackers that get in comparable trouble for literally just connecting and reading the content. Companies/government tend to want to hold the hackers liable when they connect/access, without actually causing any downtime. Time spent applying security updates for a flaw that should have been fixed before, is not downtime caused by the hacker that is downtime caused by the security team not having done it right the first time. Unless trade secretes were sold to a competitor, or downtime/data loss was caused, there are no "damages". In the same way that trespassing is not by definition theft.

I took over security when I started my first job as a programmer. I already had tried out code for various spoofs and what not. Never did anything nefarious with it (the worst thing I did was bring one system to its knees with a program to compute pi to some large number of places) I knew the weaknesses (those idiots in Milwaukee were only using standard passwords on DEC systems used by Field Service .. password to [1,2] was SYSTEM, password to [1,1] was DECSER or DEC[Month abbreviation]) I developed honey pots and left them around the system where people could find them. Great way to alert me what people were up to. I key scanned and logged everything of known miscreants and methods. It was fun, but too easy. Most attackers were of limited education and vision. Breaking into a system to crash it was idiotic. Breaking into a system to learn was what separated the men from the boys.

Re:Bill Gates

Breaking into a system to crash it was idiotic. Breaking into a system to learn was what separated the men from the boys.

When I took over the company web site in 1996 I found that the server had been hacked and was being used by the Tamil Tigers to post to Usenet without revealing their true IP. So that's another reason.

Re:Bill Gates

[cavreader]

A lot of guys are just attracted to the challenge. But in today's world it is becoming dangerous to take on new challenges even when no harm is intended. You also need to be good enough to recognize the potential damage you might inadvertently cause. The worm Morris unleashed back in the early 90's was not intended to do what it did. He missed a a pretty simple error in one of the loop events which caused unrestrained replication which eventually brought down a lot of systems.

Re:Bill Gates

[SuricouRaven]

There does seem to be a change in the way hacking is handled. The old way was just to identify the source machine, block it, tidy up and secure holes. If some exploring hacker managed to take your site down for a while, it happened. Now that there is a lot more money involved in IT, companies are much more eager to send out the lawyers - which makes the internet more dangerous for the developing hackers. A problem looming, because today's script-kiddie playing around from home is tomorrow's sysadmin or programmer once they mature. The current approach to handling internet crime is like throwing people in jail for littering - it'll certainly keep the streets clean, but at the cost of ruining a lot of lives, many of them people who would grow out of it anyway.

Re:Bill Gates

[cavreader]

I have been at this game for 26 years and it does not surprise me a bit when I hear of new security threats and exploits being used for fun or criminal purposes. The architecture and technology the entire Internet depends on changes and mutates at a furious rate. What was secure yesterday can be insecure today. How much time are you willing to invest in building and securing an OS or application? It seems like new exploits are being discovered every day on both Windows and Linux based platforms. If these systems were not released until they were certified 100% exploit free would the Internet even exist? OS and application releases would probably be a 5 year cycle. How do you coordinate OS, application, and hardware changes made by multiple vendors and developers to avoid accidently creating exploits when changes are made? Some say that Standards are the key but Standards can also take forever to create and end up adding more time to development and deployment time frames. Standards also have the habit of becoming obsolete as the underlying technology changes. The majority of script kiddie level attacks rely on poor system administration practices and negligent web application developers. The only really good thing about these sorts of problems is the job security it creates. The Un-employment rate may be floating around 9% overall but IT specific unemployment is sitting around 3% and those 3% are probably not even looking for a job.

Re:Bill Gates

[tehcyder]

Unless trade secretes were sold to a competitor, or downtime/data loss was caused, there are no "damages". In the same way that trespassing is not by definition theft.

If someone trespassed on their physical premises, an organisation like NASA would have to waste a lot of time (and therefore money) checking whether anything had been tampered with, even if nothing was stolen.

Re:Bill Gates

[tehcyder]

A lot of guys are just attracted to the challenge.

Well, I'm quite interested in the challenge of performing the perfect bank robbery, but if I get caught waving a shotgun in a cashier's face, I'm still going to prison for armed robbery.

Re:Bill Gates

[cavreader]

I wasn't justifying the action I was just pointing out that not ever one interested in probing for weaknesses and exploits are criminals looking to cause damage or engage in theft.

Fry Him!

He's gonna get the chair... after all, it looks bad on us if an uneducated person from Romania can break into multiple "secure" Government systems.

Re:Fry Him!

[JonahsDad]

Well, either that or Facebook will hire him.

Re:Pictures of his house during arrest

[Rootkit]

Goatse, don't click.

whata mistakea to makea ...

[armandoxxx]

Well another government mistake ... just hire the guy as a security advisor ...

...not to endorse his actions

...but why aren't IT admins being held accountable for the lax security on their servers? And no, I don't buy the "if I leave my door unlocked, it's not an invitation to break in", since it's a paid position. If a cop fails to prevent a crime due to neglicence, the city can be sued. Most of these break-ins are due to IT negligence, not hacker genius.

Re:...not to endorse his actions

[bberens]

Where do you live that a cop failing to prevent a crime can lead to the city getting sued?

Re:...not to endorse his actions

[Anrego]

Probably money.

As a programmer, while I like to think I'm diligent when it comes to security, if I could find myself in prison for introducing a security bug .. I'd be wanting a hell of a lot more money for accepting that risk.

Ultimately you'd probably just end up with the equivilant of medical malpractice insurance .. occasional screwups would be spread out and become a "cost of business", and we'd just be back to square one.

Re:...not to endorse his actions

[timeOday]

Most of these break-ins are due to IT negligence, not hacker genius.

I think negligence would be *very* hard to establish. First, most computer bugs, including vulnerabilities, are very obvious - in retrospect. Finding the needle in the haystack is easy after somebody points it out to you. That's entirely different than integrating hundreds of software components without creating any "obvious" holes.

Second, how many sysadmins are given all the resources they would like to do their jobs? Security is cost/benefit, like anything else, you devote enough resources to make the pain tolerable, and no more. That means most admins have far more responsibilities than they can cover 100%.

Re:...not to endorse his actions

[bws111]

How do you know the admin was not held responsible? He could have been fired, demoted, etc.

If you mean why isn't the admin held responsible by the legal system, what law would allow him to be held responsible? IT admins are not sworn to duty (like police) or licensed (like professional engineers).

Your example of the city being sued does not work here. The person suing the city would be the person who was harmed by the negligence. Who, other than NASA, would have standing to sue in this case? Who would they sue, themselves?

Re:...not to endorse his actions

From my personal experience a lot of the time the IT admins are not given the budgets needed to implement all required security. The phrase "just make it work" gets thrown around a lot. All the while expecting it to be done in a fraction of the time it would take under normal circumstances. Let alone after half the department has been laid off.

Re:...not to endorse his actions

If a cop fails to prevent a crime due to neglicence

Don't don't fail to "prevent crime." They only deal with crime AFTER it happens. Furthermore, cops have absolutely no legal obligation to prevent crime nor are the obligated to save you from anything if its a question of their own safety.

Re:...not to endorse his actions

[pr0fessor]

Hold up. Do you not have a Information Security depart (in my case a cissp) that does intrusion detection and checks patch levels on a monthly basis. That implements policies to keep people from creating insecure passwords be it an average user or Admin. Do they not do daily, weekly, monthly audits that fill your inbox with response required. Do user's not come to you constantly asking why they can't have or do something with which you must reply ask Information Security. More than one Admin must have dropped the ball.

Re:...not to endorse his actions

That depends on the situation. If the cop is standing there as a place is being robbed, he's going to have a LOT of explaining to do. If he wasn't doing something sensitive (meeting undercover or something) he and the city are in deep...

Having said that, someone probably got in trouble in NASA too, but the media usually doesn't cover firings by rank-and-file employees. Besides, it also depends on how good the hacker is or where the security breach was. If it was the usual and they got in through an idiot employee remember that a lot of people who work on computers are lousy at doing even simple things. They don't know the finer points of rootkits or XSS attacks. Sure, you could not give them network access but isn't connecting employees of an organization part of the reason networks were made in the first place?

Re:...not to endorse his actions

[mikael]

Usually it seems to be the configuration scripts of the system that is the problem. There isn't any need to bury bugs in source code. Think of every network based application a system may have and how many configuration files each of these has; ssh, sftp, mail-servers/clients, file-sharers, networked file systems. It only takes one to have an easy to guess password and user account or open permissions.

You just need to sugarspeak dangerous safety options in the official (or unofficial) webpage.

"If you want to access your files, movies or TV recordings from anywhere in the world without the hassle of having to enter a password, just set the default directory to /, and set read permissions to everyone. Now you can access your files any time you like. No need to send usernames or passwords across the network". If you want to upload files as well, set permissions to read and write."

Re:...not to endorse his actions

[cusco]

I rather doubt that NASA has an Information Security department, they're squeezing blood out of turnips just to keep the existing systems functioning. It doesn't help when they have lawyers and MBAs telling them "You have to build the infrastructure to send men to Mars, but we're not going to give you any money or manpower to do it with."

Re:...not to endorse his actions

Congress could act, but they don't need to sue.

They just hold a hearing, get a few sound-bites, then move on.

Re:...not to endorse his actions

[pr0fessor]

yes and very unfortunate. I'm just tired of hearing Blame the Admins.

Re:...not to endorse his actions

[tehcyder]

Oh look, it's a slight variation on the ever-popular libertarian anti-government line "the police can't be sued if they don't prevent a crime, therefore crime prevention is impossible, therefore all we should do is arm everyone so they can shoot criminals after the event". Twat.

Damages

[AdamJS]

I'm betting the damages are formulated entirely from the cost of them having to do PR (they got hacked by a NEET after all) and 'fix' the security hole (because face it, they'll probably introduce 10 more flaws when fixing one).

Re:Damages

[HopefulIntern]

I was just about to ask, how do you quantify "damage" within software (or otherwise intangible things), when I guess what they mean is reputation damage.

Re:Damages

[bberens]

You get a few senior level IT people in a room and a single meeting can easily cost $1k. Total time to figure out what happened, track the guy down, etc. could easily cost $500k.

Re:Damages

This.... this is exactly what many middle managers don't get! e.g. "lets have an hour meeting with a dozen developers" actually *does* cost the company about a thousand dollars of usually non-revenue generating activity.

Once we had a company-wide get-together, that cost ~$60k to book (rent out a hotel, and a buncha conference rooms for two days). When someone brought up that "this is a lot of money to spend on two days"... it was quickly pointed out that the company is actually spending 20x as much on the salaries of all the people who are there...

Re:Damages

As someone who worked at NASA during a hacker break-in, I am frankly surprised that the damages are that small. All of the machines were taken offline for a couple of days. All of the IT people worked round the clock to restore the servers to a previous state and try and fix the exploit. All kinds of onerous policies for the users are put in place that lasted for a month. Several new onerous policies persisted longer. Work productivity was definitely lost by all of the users (scientists) of all of the computer systems. Accusing the IT folks of being lapse is totally ignorant as well. Some of the finest IT people work for NASA. NASA's problem instead is the rule from the top. Administrators with basically no science or IT experience enact policies that those people need to follow which are stupid. Many of the IT people know it but they are stuck with the administrators' or even government mandates as to how these systems need to be operated. I remember several of the IT people during the incident that occurred while I was there complaining that they were not as yet allowed to move the systems into virtualization where far less damage occurs with exploits.

Re:Damages

NEET -> status zero
iceman -> sub zero

http://en.wikipedia.org/wiki/NEET

Re:Damages

[DigiShaman]

Meetings are important so long as they help set the agenda and ensure everyone attending is on the same page with regards to workflow and trending issues seen out in the field (campus). Simply put, it's about collaboration in areas that are meaningful and constructive.

Now, 60k for a one-time meeting in meat-space is a waste of money IMHO. In a scenario where you have managers in multiple locations, it would server better to have many reoccurring scheduled teleconferences vs. one rare expensive meeting.

Re:Damages

[Dr.Dubious+DDQ]

Isn't that their job anyway, though? Estimating the costs this way sounds a bit like Apple saying that Google cost them millions of dollars because they had to have meetings about competing with Android (for example).

Re:Damages

[bberens]

Theoretically those people would've been doing productive work. Now, instead of completing productive work, they've spent probably thousands of hours dealing with this. So the nominal cost isn't very high, but the productivity cost is high.. and I presume that some other project(s) will be late due to it.

Re:Pictures of his house during arrest

To late...

and the captcha word was "wisdom"...

How much?

[Coisiche]

I can maybe understand if a figure like that is reached via physical proximity and a sledgehammer.

But an unauthorised intrusion?

Even a complete restore from backup can't possibly cost that much in lost time for employees.

Re:How much?

[jackbird]

I could see the audit process to determine what, if anything, was downloaded/altered costing a pretty good chunk of that. Especially when you start getting lawyers involved over possible ITAR issues if someone on the inside was negligent or actively aiding the intrusion.

Re:How much?

[moogied]

Its not just a restore. There was an investigation, then an audit process for the proposed change, then you have the CAB meetings, the testing in dev, then in stage, then finally the push to production environment. Then you have possible hardware changes(depending on mode of access), and additionally you need to sanitize the environment to be 100% sure nothing was left behind. Thats easily a few hundred man hours . 500k may be a tad high(depending on a lot of things), but its not unreasonable.

Re:How much?

[gl4ss]

the costs come from noticing and investigating.
in other words, there would have been no monetary damages if they hadn't pursued the culprit.

funny, eh? the damages are thus made up from thin air.

Re:How much?

[gl4ss]

actually all that work would have been necessary regardless of the intrusion.

Re:How much?

Considering that my company is paying $1000/day for my services. Nasa has 18,000 employees. If you need to do a complete restore from backup, losing 2 days of work, then that alone would cost... $1000*2*18000=$36,000,000. So yes, it would be far in excess of $500k. More if you need to restore from further back depending on how quickly they were able to detect the intrusion, and confirm that no intrusions happened prior to 2 days ago.

Re:Education

[ByOhTek]

How much you make doesn't indicate how much you know.

I have a friend who is a complete idiot in the functional aspect of doing his job, lacking the background education, but he's good with people and instead delegates most of the functional work to others (basically acting like a manager, though he isn't), and makes a huge salary.

And I've another friend, who also lacks the background education, but is very competent, and makes a huge salary.

i.e. Salary does not indicate competence and qualification, sadly this seems to be especially true when you get to managerial and executive level positions, which half the time simply need a warm body to fill a chair and occasionally point in a (hopefully good) direction.

Likewise, Education (or lack thereof) does not indicate competence or qualification.

In general there are trends towards better education meaning more competence, and more competence correlating to higher salary, but they are by no means tight or without exception.

No education or occupation

[roman_mir]

According to local reports, the hacker used the online moniker of "Iceman." He does not have a higher education or an occupation, a DIICOT spokeswoman said.

No education and no occupation, ha?

So who is working for NASA then, that this 'no-education and no-occupation' individual is able to break into their systems?

Butyka is accused of hacking into several NASA servers over a period of time that started on Dec. 12, 2010. The authorities claim that the hacker destroyed protected data and restricted access to it. The charges brought against Butyka include obtaining unauthorized access and causing severe disruptions to a computer system, modifying, damaging and restricting access to data without authorization and possession of hacking programs.

He possess hacking programs, that means he is a terrorist. What kind of 'severe disruptions' did he cause that cost 500,000 USD?

Romanian authorities have arrested a 26-year old hacker who is accused of breaking into multiple NASA servers and causing $500,000 in damages to the U.S. space agency's systems.

- this is a bunch of nonsense.

He cost an admin a few hours of time and maybe a reinstall and reconfigure. Even at 1000USD / hour no way somebody spent 500 hours on it (that's 20.8 24 hour days) or 12.5 40 hour weeks.

This is more government nonsense.

Re:No education or occupation

[GameboyRMH]

Possession of "hacking programs" is a crime? I think all my computers except my gaming PC have "hacking programs" on them, good thing I don't travel to the states these days.

Re:No education or occupation

[roman_mir]

well, he also owns a computer, this is almost a 100% indication that he is a pedophile-terrorist, or a pedo-rist.

This is what government is for - making sure that the right people are always punished for their transgressions. That's why Jon Corzine is in charge normally, of some government and/or economic function somehow and disgusting people like Ron Paul are blacked out by the media because they challenge the status-quo.

Also USA is sending troops to Australia. You know, in case pro-Chinese Kangaroos join Al-Qaeda.

Re:No education or occupation

[TommyGunnRX]

... good thing I don't travel to the states these days.

Not sure what the laws are in the 'states' regarding hacking programs, but the article clearly states he was arrested in Romania... Does this mean residents of Romania are restricted from accessing BackTrack and BackBox linux distros?

Re:No education or occupation

[Pi1grim]

Now that I think of it, the government own quite a number of computers

Re:No education or occupation

[Sarten-X]

Reinstalling and reconfiguring every system the hacker may have touched is impractical, and would take far more time than NASA can spare. Calling in auditors to make sure there were no rootkits, backdoors, or other bad stuff on any other systems is expensive. Deleting the results (and backups) of the latest experiments means months or years of work has to be redone.

$500,000 actually strikes me as a pretty reasonable estimate.

Re:No education or occupation

[roman_mir]

Yes, and I am sure that some of those computers will be "inadvertently" found to be in possession of some of those Australian kangaroos. And Ron Paul.

Re:No education or occupation

[roman_mir]

That's just nonsense. A large organization can re-image large numbers of machines automatically, but more importantly is that in large organizations the Internet connection is normally done through one or a few systems, not every computer has its own external IP address and ports are restricted on the exit nodes. Watching and restricting the Internet-to-internal machine traffic on ports is part of what admins are for in the first place.

Fix the problem even if it means a reinstall of the exit nodes, patch the hole, change the passwords and keep watching the traffic, fixing whatever happens internally if it happens. But that's routine work for a network admin.

Re:No education or occupation

[timeOday]

So who is working for NASA then, that this 'no-education and no-occupation' individual is able to break into their systems?

So anybody who can smash a car window and steal a stereo is smarter than the guys who design cars? That is not a logical conclusion.

Re:No education or occupation

[roman_mir]

If that's your metaphor for an unpatched system or a system with some weak passwords in it, then I can't help you.

The work of an admin is not to leave an 'unsecured car' without supervision. If the 'windows can be smashed', it means the admin is not doing his job.

Actually it's more like having a tank with a hutch opened, and somebody throwing a hand grenade into it.

Re:No education or occupation

[nigral]

good thing I don't travel to the states these days.

Does it sound like he did?

Re:No education or occupation

[Hentes]

No education and no occupation, ha?

So who is working for NASA then, that this 'no-education and no-occupation' individual is able to break into their systems?

This is Eastern Europe. He might have a job and just evading taxes.

Re:No education or occupation

[roman_mir]

Evading taxes? Oh crap, don't tell that to the prosecutors. Like the guy doesn't have enough problems on his plate already. Shush.

Re:No education or occupation

He possess hacking programs, that means he is a terrorist. What kind of 'severe disruptions' did he cause that cost 500,000 USD?

Romanian authorities have arrested a 26-year old hacker who is accused of breaking into multiple NASA servers and causing $500,000 in damages to the U.S. space agency's systems.

- this is a bunch of nonsense.

He cost an admin a few hours of time and maybe a reinstall and reconfigure. Even at 1000USD / hour no way somebody spent 500 hours on it (that's 20.8 24 hour days) or 12.5 40 hour weeks.

This is more government nonsense.

No, the real cost is that their systems needed to have their security upgraded to where they should have been in the first place.

Re:No education or occupation

[Sarten-X]

I take it you've never actually worked on a high-security system. Here's what I remember of the procedure at the last high-security place I worked:

In the event that a machine (including a gateway) is compromised, any machine it can access is considered threatened, and must be thoroughly checked. No, NAT does not help, because once someone has control over the bridge, they can send data to any machine they want, even those without an external IP address. If any router, switch, or machine shows any slightly-suspicious activity (even as benign as an unscheduled database login), that machine gets an even more thorough examination to find out whether the activity was actually related to the hack, and what resources the hacker may have gained access to. If there's any indication that the hacker had shell access or retrieved data, the machine is considered compromised. If the machine stored any sensitive data, that data is reviewed to see if it could allow access to other systems (such as challenge questions & answers for resetting passwords). This investigation, which often involves the use of outside consultants (because there may have been inside help) continues throughout the whole network until the full extent of the breach is known. Being a government agency, the breach will likely involve a several-hundred-page report covering every detail. Somebody has to write that.

The cost is already in the hundreds of thousands of dollars, and only then can the repairs start. It's often not as simple as just restoring a backup, either. Sure, the operating system can usually be done quickly (including fixes for the responsible security holes), but if there's any indication of data being touched (which, in this case, there was), that has to be addressed, too. Backups are usually old. In an ideal world we'd be making hourly backups stored offsite in an everything-proof vault, but that's never really the case. If an admin's lucky, he has a backup that's less than a week old - or it was when the breach occurred. Somehow (best described as "magically"), the admin has to figure out what changes were intentional (like experiment results, or customer orders, or whatever) and what was the result of the breach, then piece together the data to get something reasonably complete and up-to-date. Finally, after days, weeks, or months of reconstruction (most vital systems first, of course), the system is declared clean. Until then, projects get postponed, and other employees are being paid to play solitaire until their real work can continue.

Then there's the "let's not do this again" phase, where employees change passwords, get lectured on security practices, sit through seminars on how to properly encrypt data, and so forth, all of which costs even more money. There's probably still an ongoing investigation as to whether anyone inside the organization helped the hacker, likely being run by consultants.

Then there's the damages caused by any delays, which may involve contractual obligations. That's more money.

It's not as simple as just re-imaging and assuming that everything's fine. Sure, that works on workstations, but it's unlikely that a workstation was all that was damaged. Once a server gets touched, the costs rise dramatically.

Re:No education or occupation

[roman_mir]

More nonsense. This is not CIA, it's NASA. Yes, I worked in banks and telcos, and sometimes viruses were found in the systems (email is the usual culprit, or maybe somebody's flash card or some disk). Normally the the work stations are NOT re-imaged or anything, but they can be cleaned by an admin, either over the network or even coming physically to a machine with a piece of software.

All this other stuff, the gateway, the routers, the servers, etc.etc., it's all admin's responsibility on day to day basis, and it's just BS that all machines become magically compromised just because somebody penetrated an Internet facing server. Sure, you can't be totally certain, but it's an internal network. Fix the gateway and watch the traffic inside.

All these numbers (500K) are artificial nonsense.

Re:No education or occupation

[cachimaster]

No education and no occupation, ha?
So who is working for NASA then, that this 'no-education and no-occupation' individual is able to break into their systems?

A virus can break into your huge, complex and perfectly evolved human immune system, while being the simplest lifeform.

Defending is a much harder problem than attacking.

Re:No education or occupation

[Creepy]

This easily falls under the CFAA in the United States, but so does practically anything, like, say lying about your weight on a dating site (seriously - there was an article about it on the Register yesterday as of this writing). I'm sure hacking programs are also covered in an over broad way on that law.

And of course United States laws apply to everyone... but I can see Romanian authorities bowing to the whims of the United States - if the US has a friend in Europe, it is Romania. When I was there about the only anti-US thing I saw was a little kid with a CCCP T-shirt. Aside from that, I saw a lot of EU and US help, and well needed at that - the Soviet era road system was in a pretty bad state, and it was easy to tell the old trains from the new. Not sure how much has changed since then.

Re:No education or occupation

[roman_mir]

A virus can break into your huge, complex and perfectly evolved human immune system, while being the simplest lifeform.

- I don't think viruses are 'simplest lifeforms' or even 'lifeforms', and I certainly don't think that I have an immune system that is that perfect at all. It's not that wonderful and also if it's not a virus but a brick thrown into the head, then it's pretty much useless!

Re:No education or occupation

[sgt+scrub]

So who is working for NASA then, that this 'no-education and no-occupation' individual is able to break into their systems?

So who was working for NASA then, that this 'no-education and no-occupation' individual is able to break into their systems? FTFY

What kind of 'severe disruptions' did he cause that cost 500,000 USD?

It costs money to replace your entire IT department.

Re:No education or occupation

[sgt+scrub]

You have vi on all but one of your machines? You damned criminal types! :P

Re:No education or occupation

[roman_mir]

so your contention is that NASA's IT dep't must be fired?

Aren't you this guy? You didn't answer the question yet.

For a guy who is for burning people if they don't hire some folks above the rate, that would make them actually profitable to a company, you are quick to assume people should be fired for whatever mistake. Interesting.

Re:No education or occupation

[Sarten-X]

So let me get this straight... If a workstation is compromised, it's cleaned, but there's no need to bother reimaging. If a server is compromised, and data is lost/damaged, it doesn't matter because it was already the admin's job to fix it, so it doesn't cost anything? And the lost productivity due to countless meetings to review doesn't cost anything? And the projects that get delayed don't cost anything, regardless of being under contracts? And the resulting investigation, likely involving travel to foreign countries, doesn't cost anything?

That is what I call nonsense.

But hey... I guess you know your stuff. After all, banks are very secure.

Re:No education or occupation

[DeltaVelocity]

... good thing I don't travel to the states these days.

Uhm, hello??? He was arrested in Romania by Romanian authorities and is being charged under Romanian laws in the Romanian court system. It's not illegal to have "hacking programs" in the States.

Re:No education or occupation

[DriedClexler]

... and quite a number of hacking programs, for that matter!

Re:No education or occupation

[roman_mir]

Yeah, all those banks had problems with debit cards. There are even cases when banks are compromised internally.

Banks take their security seriously enough, it's part of their jobs and it's their money on line (well, or the Federal money, which of-course means - who cares).

Yes, most of the time workstations are not reimaged anywhere even if a virus or a trojan was found. Normally a patch and some clean up is done automatically. This may shock you, but that's how they NORMALLY operate, so saying somebody spent 500,000 on this sounds ridiculous, because it's not their normal operating procedure.

Re:No education or occupation

[DriedClexler]

No, but a guy who figured out how to throw a pebble in *just* the right way to allow access to a locked car (and drive it) without setting off the car alarm or giving much evidence of intrusion is smarter than the guy who designed the car's security measures.

Re:No education or occupation

roman_mir - You sound like someone who has never worked in the Real World. Sarten-X is absolutely right on the cost calculations for damages. Damages may not be "things that were broken" but they may indicate "things we need to do to make sure things aren't broken." There are huge costs to doing that.

Re:No education or occupation

[ThatsNotPudding]

I'm now fairly certain Ron Paul is the reincarnation of Ann Rynd.

Re:No education or occupation

[roman_mir]

No, it's sartenx and you sound like you have never worked in the real world.

In the real world it's very very rare to see any action like that described by sartenx take place. It never happens. It's not the standard procedure.

It is your imagination. You THINK it works that way, because you think you know what is the right thing to do. Well, it's not what actually happens, it is NOT what actually happens in real world.

It's like that xkcd cartoon about the strong passwords and how in the real world they are quickly extracted by applying a 5 dollar hammer to the knees.

Re:No education or occupation

This is still the Admin's job to do. There is nothing you posted that goes beyond that realm.

Re:No education or occupation

[royallthefourth]

Q: What's a libertarian's favorite snack?
A: Pyrk rands.

Re:No education or occupation

This is Eastern Europe. He might have a job and just evading taxes.

This is Eastern Europe. He might have a job and the employer is just evading taxes.

There. Fixed that for you. In reality it's the employer suggesting to pay the employees on the black market. Salaries often being at the limit people accept anything for the extra cash. The company usually pays more taxes for an employee than the employee himself.

And I know this because I live in Eastern Europe.

Re:No education or occupation

[roman_mir]

I'm now fairly certain Ron Paul is the reincarnation of Ann Rynd.

First: it's Rand (or Alisa Rosenbaum).

Second: that would be a neat trick. Ron Paul was born in 1935 and she died in 82.

Re:No education or occupation

[Rich0]

I work in a large company (not government/CIA) and if we had some kind of break-in with our systems we'd be going through all the sorts of things you suggest. And we care about turning a profit so it isn't like we just spend money for the sake of doing so. The CIO would be ticked, but he'd be brining in those consultants pronto because with something like this you have to do it right.

I'm sure some data would be lower risk than others and might not get as much scrutiny, but just determining what is important and what isn't costs money. You find a server that you think might be at risk, then you look up the contact for that server, then you trigger a 30-email conversation (for one server) as they track down the people who are REALLY responsible and have the authority to speak for it, and then you send them the 14-question survey and put the score on the big list.

Oh, and if any of the data in those systems is subject to regulation (EVERY big company is regulated in some way) you get the lawyer-types asking "what if" questions and you end up assessing more than you probably need to anyway.

As you indicated you can't just roll back production systems a few weeks once you realize the exploit is that old. Does amazon.com just forget about every order they took in the last month that they billed but didn't ship? Do they just reset their inventory to what it was a few weeks ago (an eternity in the just-in-time world)? Do they bill and re-ship orders they already filled? Do they forget about pre-orders and lose business and frustrate customers who wanted their widget on day one at the same time?

And even if you trust that it isn't an inside job you still need the army of consultants. Companies don't staff to just absorb these kinds of distractions - they run their staff at 120% on an average day. You need an army of consultants just to make sure this stuff all gets done reasonably quickly.

Then there is the distraction factor as everybody is busy doing risk assessments and reviewing data when they'd normally be doing something that actually makes the company money (ostensibly the reason they have jobs in the first place).

Yup, a breach like this is simple in the same way that backing up your computers is simple, or buying a hard drive at 0.1 cents/GB is simple. It is all simple until you have a bazillion of them, and your job is on the line.

Re:No education or occupation

Well, just looking at wiki, Paul left politics for a while after 1984.

*gasp* after Rand died in 82, she possessed Paul which led to his departure! The short break was to let the two libertarian minds to meld into one powerful ULTRA libertarian!

Re:No education or occupation

[iamlucky13]

He possess hacking programs, that means he is a terrorist. What kind of 'severe disruptions' did he cause that cost 500,000 USD?

If he disrupted servers used by NASA to provide data to their employees, it could easily reach that. For example, the Planetary Data System servers are the normal point of access for thousands of researchers around the country working with raw data from NASA space probes. Take that off line for a day and you've disrupted quite a lot of work. Similar if you take down a technical data server that suppliers need to access detailed requirements or coordinated design data like CAD models of a system a supplier needs to make a subsystem interface with.

Re:No education or occupation

[roman_mir]

Rand wasn't a libertarian. She called herself an 'objectivist'.

Re:No education or occupation

[timeOday]

Do we have some reason to think the intruder in this case built his own toolkit or devised his own methods?

Re:No education or occupation

[sgt+scrub]

so your contention is that NASA's IT dep't must be fired?

Yes. If someone with no education or experience can infiltrate your network, your IT department is non-existing. It needs to be replaced. Are you suggesting equal opportunity can not co-exist with the right to replace someone incompetent?

Aren't you this [slashdot.org] guy [slashdot.org]?

Yes.

You didn't answer [slashdot.org] the question [slashdot.org] yet.

It was not a question. It was a troll. A question is, "How do all AAA nations have profitable businesses when they have a minimum wage. Another example of a question is, "How does a AA nation like the U.S. have profitable businesses when it has a minimum wage".

Re:No education or occupation

[rim_namor]

Oh, it was a troll? Wasn't your premise a troll, that people who don't hire others for less than their worth deserve to be BURNED with 'tires over their heads'? I think somebody protests too much of being the real troll.

Re:No education or occupation

[cusco]

He cost an admin a few hours of time and maybe a reinstall and reconfigure.

This is not your home media server with your pirated music and downloaded porn, these are thousands of servers worldwide running one-of-a-kind custom written software and mission critical systems. After finding which exploits were used they need to find which systems could have been affected. The need to know which systems can be taken off the network in what time frame, and what needs to be done to each. Apply the wrong patch to some of them and you'll lose communication with Voyager or be unable to model the next week's journey for the Mars rovers.

Don't worry, some day if you apply yourself they'll let you come work with the big boys.

Re:No education or occupation

[sgt+scrub]

the fact that you were trolling for personal information makes it a troll. http://developers.slashdot.org/comments.pl?sid=2521666&cid=38038114

Re:No education or occupation

[roman_mir]

How many jobs have you created? You are claiming people should be burned with tires on their heads if they don't create unprofitable 'jobs' (whatever that means), so how many jobs have you created, because you need to undergo your owned prescribed treatment if you are not creating any.

Re:No education or occupation

[sgt+scrub]

You are claiming people should be burned with tires on their heads if they don't create unprofitable 'jobs'

I made that claim? Are you sure you are not just repeating it in hopes that someone believes you?

How many jobs have you created?

I don't respond to trolls. However, If you want an answer regarding the possibility of a successful business model in an economy with minimum wage you can simply look at the success failure rate of businesses in the U.S., U.K., France, Germany, Australia, Canada and Japan over the last 50 years. They have all had minimum wage over that period of time and have the most successful economies. They have the largest success rate for start up companies and, despite the fact that most fail regardless of the country they start up in, have the lowest failure rate for start up businesses in general.

http://money.cnn.com/magazines/fortune/fortune500/2011/full_list/
http://www.moyak.com/papers/business-startups-entrepreneurs.html

Re:No education or occupation

[roman_mir]

Again, how many jobs have you created.

Your precise statement was this (full comment, nothing taken out, and the context is in this thread):

If you don't hire people because you don't want to pay minimum wage you should be jailed for your protection. People not being hired for less than minimum wage should toss a tire around your head and burn you alive.

Don't tell me somebody else has minimum wage, I know that the countries the world over are screwed up.

Your words: if you don't hire people because you don't want to pay mnimum wage, tire should be tossed around your head and you should burn alive.

So tell me, are YOU creating any jobs that are unprofitable? Because if you PERSONALLY aren't creating the jobs that are unprofitable, then you should have your own prescription applied to you.

Why? Because that quote, that statement was a response to this statement I made.:

No, minimum wage only outlaws some people from working.

NOBODY can FORCE me to hire someone, who is not producing more than minimum wage worth of value after all of the expenses for a higher than minimum wage salary.

If you hire a person, that person has to produce enough value to offset the cost of hiring, all of the associated expenses and he has to produce some profit.

So if somebody produces 6 dollars worth of revenue and he costs say 5 dollars, then the 1 dollar is profit. If the minimum wage is 7.25, then by hiring that person at that wage instead of generating 1 dollar worth of profit you generate 1.25 loss.

It makes no sense to hire somebody (unless you are a government), who costs your business money and generates a loss (well, there are instances where it may be a strategic hiring, something special, used to create a tax deduction or something).

But basically by setting minimum wage you outprice some people from the market.

If the entire world set a minimum wage of say 10 dollars per hour, then the result would be massive unemployment everywhere, as those people who were making under that amount and who are not producing enough revenue to cover and make some profit would all be fired.

Nobody can FORCE a company to hire somebody and nobody can force a company to hire somebody to make a loss. That's just weird misunderstanding of how economy works and why people start businesses.

In your world the total unemployment would be on the order of 30% total throughout the entire world.

That's the entire statement.

In response to a comment, that states that nobody has any obligation (and indeed would be an idiot), to hire people so that the company would make a LOSS on hiring them, your response was: tire should be put around your head and you should be burnt alive.

-

Thus the question is absolutely legitimate: how many jobs have YOU created that are a loss generator? If you are not creating those jobs, then YOU should have a tire on your head burning you alive by YOUR OWN WORDS.

So come on, fess up.

EITHER: you are hiring all the people around you and making a loss.
OR: you should be burnt with a tire around your head.

OR: you are full of shit.

Re:No education or occupation

[sgt+scrub]

Despite the fact that your a fucking troll I will answer this question.

how many jobs have YOU created that are a loss generator?

None. I assure you. I have never created a loss generator job.

Re:No education or occupation

[roman_mir]

Thus you now have to apply the burning tire to your head or have somebody apply it to you. As to who is a 'troll' here, you should really think about that.

Re:Pictures of his house during arrest

goatse... who the hell still does this.
Apparently there is a part of the world that just now starts receiving internet jokes from the last decade.

Alien Secret Documents

...OK, but did he get to the Secret Documents about the Aliens?

Re:Alien Secret Documents

[sizzzzlerz]

Or those classified documents of how they faked the moon landings?

The United Federation of Planets must know!

[sl4shd0rk]

They are evidently no longer basing operations within the Beta Quadrant!

Re:Pictures of the arrest

[GameboyRMH]

Anyone who clicks on these deserves it. Lazy fucker's using a URL that trolls have been using for at least a year now.

Re:Pictures of the arrest

[roman_mir]

by the way, based on the previous thread with this same user under dev235, I am just going to assume that the picture he links to is goat love, so unless you are into that kind of shit, you may want to abstain from going there.

Re:Pictures of his house during arrest

That's a thorough police search and no mistake.

Re:Pictures of his house during arrest

[ByOhTek]

who the hell still falls for this? I just assume any link in the comments is to goatse...

Re:Education

[trum4n]

Being smart and poor ain't something to brag about. I'd know.

So NASA was p0wned by a newb?

I bet the embarrassment alone was worth $500K and then some.

When this happens...

You wonder why your security was bad enough that that guy got through it.

Re:Pictures of the arrest

[roman_mir]

The above user loves goats.

Re:Education

[roman_mir]

It's universal that majority of people who make the most money in the world are the most connected people in the world.

The way to be the most connected is either by being born into the right family or by attending the right schools (which is similar to being born into the right family). It's good to become a member of some exclusive elite club while at school.

OTOH it's possible to make a lot of money while not having almost any formal education (Steve Jobs or what's his name Zuckerberg).

$500,000?

[JustAnotherIdiot]

This number bothers me, and I find it hard to believe.
Even more so because TFA doesn't ever mention /what/ it was he did.
Sure, he broke in, but what did he do with that access?
Delete files? Rename them? Rearrange them? Simply just shut the servers down? Perhaps a virus or two?
All I can think of that should be possible remotely would just cause an IT admin a headache for a few hours while he fixed the damages.
Unless he found the "self destruct" button, and now NASA is without any equipment.

Re:$500,000?

[GodfatherofSoul]

I'm guessing you're a hacker apologist? After an intrusion there are resources that have to be redirected to find out what access the intruder got; there's downtime hardware, there's the cost of the investigation e.g. flying inspectors out to Romania if needed.

No harm-no foul rules only count on non-critical systems. Most admins don't take intrusions as an "academic act of altruism granted to them by white hats."

Re:$500,000?

[JustAnotherIdiot]

Not in the slightest. I was questioning the number, not his punishment.

Re:$500,000?

So why are not the people who's application had the hole he used not responsible at all.
I bet there would be a lot fewer holes to exploit.
And with all the billion NASA has or can earn if they wont stand behind a NASA used application then NASA should write it themselves. Not let something that critical connect to a public network.
Not spend my tax dollar finding some guy with no education in Romania how much do you think that cost.

Re:$500,000?

[Grand+Facade]

"Even more so because TFA doesn't ever mention /what/ it was he did."

He found the Directors pr0n collection....

Re:$500,000?

[JustAnotherIdiot]

Hah! That's some pretty expensive porn.

Re:$500,000?

Happened to me a while back.

Here's the catch: We didn't know what the black hat had done. Some stuff was obvious, like the size changes on /bin/passwd and /bin/su. But we don't know what else he changed. You can't trust anything on the system. You can't boot up and run md5sum on every file as md5sum may be compromised. You can't even trust the kernel. You can't trust anything. Even booting off CD, there are issues of verifying all the rpms that were installed, and finding what is now on disk that didn't come from any known RPMs and has it been compromised? (Or is it a compromise, like an extra "su" command located elsewhere on the common path.)

As I recall, we gave up, sent the disk out, and had it reimaged. At considerable cost of money and weeks of lost time. But it had a lot of special research software pre-installed that we couldn't otherwise validate.

And then, IIRC, I "tinkered" with it. And then the project lead called me on the carpet complaining how ftp (or was it telnet) no longer worked, and why do we need a firewall anyway? And I said I'd "look into it" (which translates into geek-speak as "Fix it? I just broke it!"), but in the meantime perhaps he could use scp (or ssh). Especially from unsecured locations. And our system stopped getting broken into so often. *sigh* Bright guy, but no concept of security.

Re:Education

[roman_mir]

Oh, also it's good to be a KGB agent and to be in the right place at the right time in history and to be absolutely willing and able to deal with the most shady elements of society to bring any attempt at a democracy to its knees.

It helps when you are a dictator, you can steal a lot of money, especially if the country is resource rich.

Re:Education

[roman_mir]

(looks like his agents have preemptively modified my previous comment, so it wouldn't link to the story correctly. I am taking another risk here, I don't particularly enjoy polonium 210).
--

Oh, also it's good to be a KGB agent and to be in the right place at the right time in history and to be absolutely willing and able to deal with the most shady elements of society to bring any attempt at a democracy to its knees.

It helps when you are a dictator, you can steal a lot of money, especially if the country is resource rich.

Re:Education

[dkleinsc]

How much you make doesn't indicate how much you know.

Sure it does, just not in the way you expect: Power = Work / Time. Knowledge=Power. Time=Money. Thus Money = Work / Knowledge. QED.

Re:Pictures of his house during arrest

[Jeng]

Any link that goes to evenweb.com is goatse.

Well, the most current links going to goatse over the past month or two have been from evenweb.com

Not in DC

[srussia]

If a cop fails to prevent a crime due to neglicence, the city can be sued.

http://en.wikipedia.org/wiki/Warren_v._District_of_Columbia

Re:Not in DC

That explains why DC is crime free...I know there was a good reason.

Re:Not in DC

[LateArthurDent]

If a cop fails to prevent a crime due to neglicence, the city can be sued.

http://en.wikipedia.org/wiki/Warren_v._District_of_Columbia

From that wikipedia page:

DC's highest court ruled that the police do not have a legal responsibility to provide personal protection to individuals, and absolved the police and the city of any liability

If the police have no responsibility to provide personal protection to individuals what the hell are they for?

Re:Not in DC

Protecting citizens from each other happens to occasionally be a good way to avoid them becoming angry at the state, but don't let that confuse you as to the police's real purpose: to protect the state from its citizens.

Re:Not in DC

"DC's highest court ruled that the police do not have a legal responsibility to provide personal protection to individuals, and absolved the police and the city of any liability.[2]"

the boss/PHB needs to be accountable they control

the boss/PHB needs to be accountable they control funds.

It may be like the IT admin needs more man power / new software / severs and they can't get them. Or is NASA and you need LIKE A PHD just for help desk LEVEL 1

Re:Pictures of the arrest

[Jeng]

Any time it is evenweb.com it is goatse, he uses many different accounts, but only one domain.

Re:Education

[ByOhTek]

Hmmm.

I believe it was Forbes that said the average CEO worked about 80 hours a year on the position (not counting schmoozing events).

That must mean these people are real vegetables to get so much money with so little work.

"Damn. I lost another chess match with that rutabaga, maybe I should just give up and compete against the celery instead."

wich one?

is he like val kilmer, ( iceman in topgun ) or did he watch to much '84 movies (there's even a new one coming out soon)
but if he named himself after the iceman (val kilmer in topgun), i'd have a hard time calling the dude a terrorist....
anyhow, if it's only a scriptkiddy (26 is a bit old for that, but then... it's only a term), nasa should be looking at themselves before whoopin his scrony little ass with words like terrorist...

Top Gun References Abound....

I feel the need ... the need for speed....

Talk to me Goose.....

You are writing checks your body can't cash!!!

Re:Education

[0-until-pink]

This reminds me of the Kurt Vonnegut bit in Slaughterhouse Five about Americans attitude towards esteem and money.

"America is the wealthiest nation on Earth, but its people are mainly poor, and poor Americans are urged to hate themselves. To quote the American humorist Kin Hubbard, “It ain’t no disgrace to be poor, but it might as well be.” It is in fact a crime for an American to be poor, even though America is a nation of poor. Every other nation has folk traditions of men who were poor but extremely wise and virtuous, and therefore more estimable than anyone with power and gold. No such tales are told by the American poor. They mock themselves and glorify their betters. The meanest eating or drinking establishment, owned by a man who is himself poor, is very likely to have a sign on its wall asking this cruel question: “if you’re so smart, why ain’t you rich?” There will also be an American flag no larger than a child’s hand – glued to a lollipop stick and flying from the cash register."

Re:Education

[ackthpt]

Being smart and poor ain't something to brag about. I'd know.

Ruthless people make the money. Intelligent and ruthless people keep it

No different than

[future+assassin]

the DEA stating that each cannabis plant is equal to a lb of weed, Sure its possbile if you grew it outdoors in Calfornia but 99% of the time people get no where near that. With big plants (6 week veg) they might get 4oz dry off each plant.

Your kidding right, they're the government

[Shivetya]

We have the head the of SEC replying when asked "why can't we fire failed regulators" respond by saying that that would harm the agency.

http://www.washingtonpost.com/business/economy/seven-sec-employees-disciplined-on-failure-to-stop-madoff-fraud/2011/11/10/gIQA3kYYCN_story.html

We just had a recent story about how the IRS can't get its act together and I betcha they are not in worry about losing their jobs. We have more government workers making over 100k a year and 900+ over 170k a year. Do you think any are truly accountable now?

We are Greece, we just fail to admit it. When one in seven works for a government agency I think it is a clue. Protect your own is their motto.

Re:Education

[trum4n]

When I'm a full time project engineer and can't afford to move out of my mom's basement, It's pretty bad. Renting an apartment costs nearly twice what a house costs to buy, per month. And because i have student loans, my credit is so bad i cant get a mortgage, despite having perfect credit otherwise. Being poor sucks.

Re:Education

[trum4n]

I've noticed. I'm wondering why i obey laws at all. I'm about to just file a patent for "the use of a road with wheels somehow involved" and bribe the patent office. Then ill just sue everyone. Seems to work for apple, ibm, microsoft, and trolls everywhere.

Re:this aFP for GNAA?

[Sarten-X]

Gesundheit.

Romanian Accused of Breaking Into NASA

[roman_mir]

I see his problem.

He should have just asked nicely, wouldn't have to break in.

OTOH he IS Romanian... so. that too. Maybe if he was Jamie Dimon then he could just say: well, some money did disappear, but then again, I am just a CEO. What do I know?

Then NASA, CIA and FBI and Fed would just give him a bunch of money and let him continue doing what he does....

But this guy is a nobody, that's his real problem.

Re:Education

[smooth+wombat]

I'll agree with your assessment. I'm trying to move from a general IT position to a project management job and the salaries I see, considering the experience they want, are generally shit.

On rare occasions, when they want at least ten years hardcore experience, you might find a few jobs over $80K, but most are in the $50K - $60K range, even with the experience.

Granted, I'm only looking on the east coast so maybe the midwest, south and west coast are different.

The real story here...

[DeltaVelocity]

...is not that a Romanian hacker got into NASA systems and caused an alleged $500k in damages/remediation expenses. The real story is that the Romanian authorities actually DID something about it.

Re:The real story here...

...is not that a Romanian hacker got into NASA systems and caused an alleged $500k in damages/remediation expenses. The real story is that the Romanian authorities actually DID something about it.

And... the actual amount claimed by NASA as damages/remediation was much lower - say, under 10K. The rest was added to the bill by the Romanian authorities.

Re:The real story here...

I was about to say the same thing.

Re:Education

[trum4n]

yea, im in WV, where the median income is 37K. While i'm making $35K fresh out of college, it am stuck here, and slipping. There is not advancement in this arrangement. Sure i could work my way up to 55K, but that still wont mean shit. Hopefully i can trick the government into letting me build electric cars. All i need is to finish the suspension/body design and some venture capital. i even have a long list of people who want to work for me.

Romulan accused of breaking into NASA

...is how I read the headline at first glance. Those sneaky bastards!

Damn...

[bradorsomething]

So much for getting my astronaut application in ahead of everyone else. I thought he said this was foolproof!

Blaming a Romanian is Sooooooooo 1995

This is 2011 - the CHINESE and IRANIANS are the ones we blame for everything now!

Re:Education

[LateArthurDent]

When I'm a full time project engineer and can't afford to move out of my mom's basement, It's pretty bad. Renting an apartment costs nearly twice what a house costs to buy, per month. And because i have student loans, my credit is so bad i cant get a mortgage, despite having perfect credit otherwise. Being poor sucks.

Assuming you're making your student loan payments on time (and since you say you have perfect credit otherwise, I assume you are), that really shouldn't affect your credit like that. I just bought a house, and I have student loans to pay the total of which exceed my annual salary. My credit score was 820 and the loan process went off without a hitch (although it was still a ridiculous pain in the ass, they were still getting information from my employers the day before closing day. I understand that they'd call to simply ask, "has anything changed since we've spoken with you last month?" but I don't understand why they'd be trying to get anything new from them at that stage of the game).

Most people that haven't been delinquent in their bill payments but still have credit problems have it because their credit history isn't long enough. Keep in mind that they only count *currently open credit accounts* for credit history. The other problem is that their available credit to amount owed ratio is too low, so focus on paying off any credit card debt you have as soon as it's feasible (If you have any accumulated debt, I know that's easier said than done, but it should be a priority even if you don't care about your credit score).

I got my first credit card when I was 18, and it absolutely sucked. I have a better credit card now, but I do not dare cancel the other card because it's my longest piece of credit history, and it would kill my credit score. I just don't use it, and in fact I don't keep any balances on any credit card. My only debt were the student loans. I suspect your problem is that you closed some of your older credit card accounts because you got better cards. If that's the case, just remember not to do that again, it's one of the most important parts of your credit score, second only to actually paying your bills.

Either that or the amount you have to pay every month on your student loan debt is too high relative to how much you get paid per month. That's not a credit issue though, so I assume your problem is the length of credit history.

Why brag about it?

[eminencja]

What a stupid thing to brag about. If they caught him, they could try to make use of his skills an knowledge.

26 + lives in Romania + no college + unemployed

= SUSPICIOUS.

Seriously... everyone who can afford to, leaves the country as soon as they graduate from high school. Unless they go to college, in which case they leave as soon as they graduate from that (or finish their military service, if they went to military college). Unless they find a good job in Romania which is capable of sustaining them... HAHAHA, just kidding, no such jobs exist in Romania. Well, very few of them, anyway.

Any Romanians care to verify what I just said?

Re:26 + lives in Romania + no college + unemployed

Who says he can afford to leave?

Re:26 + lives in Romania + no college + unemployed

If he can afford to live there, he can afford to leave.

DontStealMe

I think NASA needs to create a heavily secured network, that contains a single text file called DontStealMe.txt; this file will contain a congratulatory notice to the reader that they have bested the Space Agencies best security measures, and they should feel really good about their diabolical genius. This way, they can steal something worthless and stop causing damage to important science programs.

Yes he does have an occupation

[Stan92057]

Yes he does have an occupation its called "A Criminal" our prisons are full of them and some innocents as well.

Re:Education

[chimpo13]

You should buy something small on that card and pay it off because they might cancel it since you don't use it. Small like a book or magazine or bottle of beer. I lost my oldest credit card for never using it.

Re:Education

[tehcyder]

(successful six figure earning high school drop out)

Big deal, there are plenty of stupid rich people around.

Re:Education

[tehcyder]

Being smart and poor ain't something to brag about. I'd know.

It's still better than being dumb and rich. Having lots of money proves that you are good at getting lots of money, nothing more.

Re:Pictures of his house during arrest

[tehcyder]

I'm 12 years old and what is this??

Your dad.