Slashdot Mirror
Romanian Accused of Breaking Into NASA
alphadogg writes "Romanian authorities have arrested a 26-year old hacker who is accused of breaking into multiple NASA servers and causing $500,000 in damages to the U.S. space agency's systems. Robert Butyka, 26, was arrested on Tuesday in Western Romania following an investigation by the Romanian Directorate for Investigating Organized Crime and Terrorism. According to local reports, the hacker used the online moniker of 'Iceman.' He does not have a higher education or an occupation, a DIICOT spokeswoman said."
Goatse, don't click.
...but why aren't IT admins being held accountable for the lax security on their servers? And no, I don't buy the "if I leave my door unlocked, it's not an invitation to break in", since it's a paid position. If a cop fails to prevent a crime due to neglicence, the city can be sued. Most of these break-ins are due to IT negligence, not hacker genius.
I'm betting the damages are formulated entirely from the cost of them having to do PR (they got hacked by a NEET after all) and 'fix' the security hole (because face it, they'll probably introduce 10 more flaws when fixing one).
I can maybe understand if a figure like that is reached via physical proximity and a sledgehammer.
But an unauthorised intrusion?
Even a complete restore from backup can't possibly cost that much in lost time for employees.
How much you make doesn't indicate how much you know.
I have a friend who is a complete idiot in the functional aspect of doing his job, lacking the background education, but he's good with people and instead delegates most of the functional work to others (basically acting like a manager, though he isn't), and makes a huge salary.
And I've another friend, who also lacks the background education, but is very competent, and makes a huge salary.
i.e. Salary does not indicate competence and qualification, sadly this seems to be especially true when you get to managerial and executive level positions, which half the time simply need a warm body to fill a chair and occasionally point in a (hopefully good) direction.
Likewise, Education (or lack thereof) does not indicate competence or qualification.
In general there are trends towards better education meaning more competence, and more competence correlating to higher salary, but they are by no means tight or without exception.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
According to local reports, the hacker used the online moniker of "Iceman." He does not have a higher education or an occupation, a DIICOT spokeswoman said.
No education and no occupation, ha?
So who is working for NASA then, that this 'no-education and no-occupation' individual is able to break into their systems?
Butyka is accused of hacking into several NASA servers over a period of time that started on Dec. 12, 2010. The authorities claim that the hacker destroyed protected data and restricted access to it. The charges brought against Butyka include obtaining unauthorized access and causing severe disruptions to a computer system, modifying, damaging and restricting access to data without authorization and possession of hacking programs.
He possess hacking programs, that means he is a terrorist. What kind of 'severe disruptions' did he cause that cost 500,000 USD?
Romanian authorities have arrested a 26-year old hacker who is accused of breaking into multiple NASA servers and causing $500,000 in damages to the U.S. space agency's systems.
- this is a bunch of nonsense.
He cost an admin a few hours of time and maybe a reinstall and reconfigure. Even at 1000USD / hour no way somebody spent 500 hours on it (that's 20.8 24 hour days) or 12.5 40 hour weeks.
This is more government nonsense.
You can't handle the truth.
They are evidently no longer basing operations within the Beta Quadrant!
Join the Slashcott! Feb 10 thru Feb 17!
Or those classified documents of how they faked the moon landings?
by the way, based on the previous thread with this same user under dev235, I am just going to assume that the picture he links to is goat love, so unless you are into that kind of shit, you may want to abstain from going there.
You can't handle the truth.
who the hell still falls for this? I just assume any link in the comments is to goatse...
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Being smart and poor ain't something to brag about. I'd know.
I bet the embarrassment alone was worth $500K and then some.
Woz was the phreak, Jobs may have been around but I don't think it was his cup of tea.
Well that case, it even is still directly doing damage (crashing the server, downtime = lost sales/productivity). Compared to several other hackers that get in comparable trouble for literally just connecting and reading the content. Companies/government tend to want to hold the hackers liable when they connect/access, without actually causing any downtime. Time spent applying security updates for a flaw that should have been fixed before, is not downtime caused by the hacker that is downtime caused by the security team not having done it right the first time. Unless trade secretes were sold to a competitor, or downtime/data loss was caused, there are no "damages". In the same way that trespassing is not by definition theft.
Woz was the phone phreak, true. Jobs was the one who wanted to commercialize the device to do the phreaking. Woz was one guy making free calls. Jobs wanted to make money off of selling "free call devices" to others.
Well, either that or Facebook will hire him.
Common, I'd imagine. A hacker has to hack - if someone of technological talent isn't directed into a productive use of their skill, they'll likely end up using it to play around just because it's fun. I know when I was a pupil in school I used to frequently hack their primative network security, and had much fun in the dialup days port scanning and poking at whatever I found. A lot of experts today probably got started with some explorations of dubious legality.
It's universal that majority of people who make the most money in the world are the most connected people in the world.
The way to be the most connected is either by being born into the right family or by attending the right schools (which is similar to being born into the right family). It's good to become a member of some exclusive elite club while at school.
OTOH it's possible to make a lot of money while not having almost any formal education (Steve Jobs or what's his name Zuckerberg).
You can't handle the truth.
This number bothers me, and I find it hard to believe. /what/ it was he did.
Even more so because TFA doesn't ever mention
Sure, he broke in, but what did he do with that access?
Delete files? Rename them? Rearrange them? Simply just shut the servers down? Perhaps a virus or two?
All I can think of that should be possible remotely would just cause an IT admin a headache for a few hours while he fixed the damages.
Unless he found the "self destruct" button, and now NASA is without any equipment.
What do I know, I'm just an idiot, right?
Oh, also it's good to be a KGB agent and to be in the right place at the right time in history and to be absolutely willing and able to deal with the most shady elements of society to bring any attempt at a democracy to its knees.
It helps when you are a dictator, you can steal a lot of money, especially if the country is resource rich.
You can't handle the truth.
How much you make doesn't indicate how much you know.
Sure it does, just not in the way you expect: Power = Work / Time. Knowledge=Power. Time=Money. Thus Money = Work / Knowledge. QED.
I am officially gone from
Any link that goes to evenweb.com is goatse.
Well, the most current links going to goatse over the past month or two have been from evenweb.com
Don't know something? Look it up. Still don't know? Then ask.
If a cop fails to prevent a crime due to neglicence, the city can be sued.
http://en.wikipedia.org/wiki/Warren_v._District_of_Columbia
Set your phasers on "funky"!
Any time it is evenweb.com it is goatse, he uses many different accounts, but only one domain.
Don't know something? Look it up. Still don't know? Then ask.
Well that case, it even is still directly doing damage (crashing the server, downtime = lost sales/productivity). Compared to several other hackers that get in comparable trouble for literally just connecting and reading the content. Companies/government tend to want to hold the hackers liable when they connect/access, without actually causing any downtime. Time spent applying security updates for a flaw that should have been fixed before, is not downtime caused by the hacker that is downtime caused by the security team not having done it right the first time. Unless trade secretes were sold to a competitor, or downtime/data loss was caused, there are no "damages". In the same way that trespassing is not by definition theft.
I took over security when I started my first job as a programmer. I already had tried out code for various spoofs and what not. Never did anything nefarious with it (the worst thing I did was bring one system to its knees with a program to compute pi to some large number of places) I knew the weaknesses (those idiots in Milwaukee were only using standard passwords on DEC systems used by Field Service .. password to [1,2] was SYSTEM, password to [1,1] was DECSER or DEC[Month abbreviation]) I developed honey pots and left them around the system where people could find them. Great way to alert me what people were up to. I key scanned and logged everything of known miscreants and methods. It was fun, but too easy. Most attackers were of limited education and vision. Breaking into a system to crash it was idiotic. Breaking into a system to learn was what separated the men from the boys.
A feeling of having made the same mistake before: Deja Foobar
This reminds me of the Kurt Vonnegut bit in Slaughterhouse Five about Americans attitude towards esteem and money.
"America is the wealthiest nation on Earth, but its people are mainly poor, and poor Americans are urged to hate themselves. To quote the American humorist Kin Hubbard, “It ain’t no disgrace to be poor, but it might as well be.” It is in fact a crime for an American to be poor, even though America is a nation of poor. Every other nation has folk traditions of men who were poor but extremely wise and virtuous, and therefore more estimable than anyone with power and gold. No such tales are told by the American poor. They mock themselves and glorify their betters. The meanest eating or drinking establishment, owned by a man who is himself poor, is very likely to have a sign on its wall asking this cruel question: “if you’re so smart, why ain’t you rich?” There will also be an American flag no larger than a child’s hand – glued to a lollipop stick and flying from the cash register."
Being smart and poor ain't something to brag about. I'd know.
Ruthless people make the money. Intelligent and ruthless people keep it
A feeling of having made the same mistake before: Deja Foobar
the DEA stating that each cannabis plant is equal to a lb of weed, Sure its possbile if you grew it outdoors in Calfornia but 99% of the time people get no where near that. With big plants (6 week veg) they might get 4oz dry off each plant.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
We have the head the of SEC replying when asked "why can't we fire failed regulators" respond by saying that that would harm the agency.
http://www.washingtonpost.com/business/economy/seven-sec-employees-disciplined-on-failure-to-stop-madoff-fraud/2011/11/10/gIQA3kYYCN_story.html
We just had a recent story about how the IRS can't get its act together and I betcha they are not in worry about losing their jobs. We have more government workers making over 100k a year and 900+ over 170k a year. Do you think any are truly accountable now?
We are Greece, we just fail to admit it. When one in seven works for a government agency I think it is a clue. Protect your own is their motto.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
When I'm a full time project engineer and can't afford to move out of my mom's basement, It's pretty bad. Renting an apartment costs nearly twice what a house costs to buy, per month. And because i have student loans, my credit is so bad i cant get a mortgage, despite having perfect credit otherwise. Being poor sucks.
I've noticed. I'm wondering why i obey laws at all. I'm about to just file a patent for "the use of a road with wheels somehow involved" and bribe the patent office. Then ill just sue everyone. Seems to work for apple, ibm, microsoft, and trolls everywhere.
Gesundheit.
You do not have a moral or legal right to do absolutely anything you want.
I see his problem.
He should have just asked nicely, wouldn't have to break in.
OTOH he IS Romanian... so. that too. Maybe if he was Jamie Dimon then he could just say: well, some money did disappear, but then again, I am just a CEO. What do I know?
Then NASA, CIA and FBI and Fed would just give him a bunch of money and let him continue doing what he does....
But this guy is a nobody, that's his real problem.
You can't handle the truth.
I'll agree with your assessment. I'm trying to move from a general IT position to a project management job and the salaries I see, considering the experience they want, are generally shit.
On rare occasions, when they want at least ten years hardcore experience, you might find a few jobs over $80K, but most are in the $50K - $60K range, even with the experience.
Granted, I'm only looking on the east coast so maybe the midwest, south and west coast are different.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
A lot of guys are just attracted to the challenge. But in today's world it is becoming dangerous to take on new challenges even when no harm is intended. You also need to be good enough to recognize the potential damage you might inadvertently cause. The worm Morris unleashed back in the early 90's was not intended to do what it did. He missed a a pretty simple error in one of the loop events which caused unrestrained replication which eventually brought down a lot of systems.
...is not that a Romanian hacker got into NASA systems and caused an alleged $500k in damages/remediation expenses. The real story is that the Romanian authorities actually DID something about it.
yea, im in WV, where the median income is 37K. While i'm making $35K fresh out of college, it am stuck here, and slipping. There is not advancement in this arrangement. Sure i could work my way up to 55K, but that still wont mean shit. Hopefully i can trick the government into letting me build electric cars. All i need is to finish the suspension/body design and some venture capital. i even have a long list of people who want to work for me.
There does seem to be a change in the way hacking is handled. The old way was just to identify the source machine, block it, tidy up and secure holes. If some exploring hacker managed to take your site down for a while, it happened. Now that there is a lot more money involved in IT, companies are much more eager to send out the lawyers - which makes the internet more dangerous for the developing hackers. A problem looming, because today's script-kiddie playing around from home is tomorrow's sysadmin or programmer once they mature. The current approach to handling internet crime is like throwing people in jail for littering - it'll certainly keep the streets clean, but at the cost of ruining a lot of lives, many of them people who would grow out of it anyway.
So much for getting my astronaut application in ahead of everyone else. I thought he said this was foolproof!
When I'm a full time project engineer and can't afford to move out of my mom's basement, It's pretty bad. Renting an apartment costs nearly twice what a house costs to buy, per month. And because i have student loans, my credit is so bad i cant get a mortgage, despite having perfect credit otherwise. Being poor sucks.
Assuming you're making your student loan payments on time (and since you say you have perfect credit otherwise, I assume you are), that really shouldn't affect your credit like that. I just bought a house, and I have student loans to pay the total of which exceed my annual salary. My credit score was 820 and the loan process went off without a hitch (although it was still a ridiculous pain in the ass, they were still getting information from my employers the day before closing day. I understand that they'd call to simply ask, "has anything changed since we've spoken with you last month?" but I don't understand why they'd be trying to get anything new from them at that stage of the game).
Most people that haven't been delinquent in their bill payments but still have credit problems have it because their credit history isn't long enough. Keep in mind that they only count *currently open credit accounts* for credit history. The other problem is that their available credit to amount owed ratio is too low, so focus on paying off any credit card debt you have as soon as it's feasible (If you have any accumulated debt, I know that's easier said than done, but it should be a priority even if you don't care about your credit score).
I got my first credit card when I was 18, and it absolutely sucked. I have a better credit card now, but I do not dare cancel the other card because it's my longest piece of credit history, and it would kill my credit score. I just don't use it, and in fact I don't keep any balances on any credit card. My only debt were the student loans. I suspect your problem is that you closed some of your older credit card accounts because you got better cards. If that's the case, just remember not to do that again, it's one of the most important parts of your credit score, second only to actually paying your bills.
Either that or the amount you have to pay every month on your student loan debt is too high relative to how much you get paid per month. That's not a credit issue though, so I assume your problem is the length of credit history.
I have been at this game for 26 years and it does not surprise me a bit when I hear of new security threats and exploits being used for fun or criminal purposes. The architecture and technology the entire Internet depends on changes and mutates at a furious rate. What was secure yesterday can be insecure today. How much time are you willing to invest in building and securing an OS or application? It seems like new exploits are being discovered every day on both Windows and Linux based platforms. If these systems were not released until they were certified 100% exploit free would the Internet even exist? OS and application releases would probably be a 5 year cycle. How do you coordinate OS, application, and hardware changes made by multiple vendors and developers to avoid accidently creating exploits when changes are made? Some say that Standards are the key but Standards can also take forever to create and end up adding more time to development and deployment time frames. Standards also have the habit of becoming obsolete as the underlying technology changes. The majority of script kiddie level attacks rely on poor system administration practices and negligent web application developers. The only really good thing about these sorts of problems is the job security it creates. The Un-employment rate may be floating around 9% overall but IT specific unemployment is sitting around 3% and those 3% are probably not even looking for a job.
What a stupid thing to brag about. If they caught him, they could try to make use of his skills an knowledge.
Yes he does have an occupation its called "A Criminal" our prisons are full of them and some innocents as well.
Jack of all trades,master of none
You should buy something small on that card and pay it off because they might cancel it since you don't use it. Small like a book or magazine or bottle of beer. I lost my oldest credit card for never using it.
riding round the world on an old motorcycle
Unless trade secretes were sold to a competitor, or downtime/data loss was caused, there are no "damages". In the same way that trespassing is not by definition theft.
If someone trespassed on their physical premises, an organisation like NASA would have to waste a lot of time (and therefore money) checking whether anything had been tampered with, even if nothing was stolen.
To have a right to do a thing is not at all the same as to be right in doing it
A lot of guys are just attracted to the challenge.
Well, I'm quite interested in the challenge of performing the perfect bank robbery, but if I get caught waving a shotgun in a cashier's face, I'm still going to prison for armed robbery.
To have a right to do a thing is not at all the same as to be right in doing it
(successful six figure earning high school drop out)
Big deal, there are plenty of stupid rich people around.
To have a right to do a thing is not at all the same as to be right in doing it
Being smart and poor ain't something to brag about. I'd know.
It's still better than being dumb and rich. Having lots of money proves that you are good at getting lots of money, nothing more.
To have a right to do a thing is not at all the same as to be right in doing it
I'm 12 years old and what is this??
Your dad.
To have a right to do a thing is not at all the same as to be right in doing it
I wasn't justifying the action I was just pointing out that not ever one interested in probing for weaknesses and exploits are criminals looking to cause damage or engage in theft.