Hacker is sentenced in NASA, Pentagon break-ins
Romanian national Manole Razvan Cernaianu, known online as TinKode, received a two-year suspended prison sentence for hacking into computer systems owned by Oracle, NASA, the U.S. Army and the U.S. Department of Defense and was ordered to pay damages totalling more than US$120,000.
According to Cernaianu's case file summary on the Romanian Ministry of Justice Web portal, he was sentenced on September 26 and received six prison sentences of one or two years for separate computer-related offenses.
The offenses included: gaining unauthorized access to a protected computer system; transferring data from a computer system without authorization; affecting the normal operation of a computer system by deleting, modifying or sending electronic data; creating, selling or distributing a devices or a computer program designed to be used in computer crimes; creating, selling or distributing a password or access code without authorization that could be used to access a computer system with the intention of committing a computer crime.
Because the offenses were committed concurrently, the court ruled that Cernaianu should serve only the lengthiest prison sentence of two years. Furthermore, the three months spent in arrest between January and April 2012 were subtracted from the two-year prison sentence and its execution was suspended in favor of four years of probation.
In addition, Cernaianu was ordered to pay $59,002 to Oracle, $52,575 to NASA, $5,025 to the U.S. Department of the Army and $7348 to the U.S. Department of Defense. The court's decision can be appealed within ten days of being issued.
Under the online alias TinKode, Cernaianu took credit for hacking into many high-profile websites including some belonging to the U.S. Army, NASA, the U.K. Royal Navy, the European Space Agency, MySQL—now owned by Oracle—and Google.
In some cases the hacker made efforts to notify the affected parties before publishing information about the security vulnerabilities he found, which earned him a spot in Google's Security Hall of Fame. In other cases he engaged in full disclosure and even posted confidential information taken from the compromised servers on his blog.
TinKode said in the past that his intentions had never been malicious, but some of the companies and organizations whose computers he targeted claimed that his actions resulted in damage.
"To the relief of many, TinKode appeared to be inspired more by the desire to embarrass organizations into improving web security - rather than making money," Graham Cluley, a senior technology consultant at antivirus vendor Sophos said Friday in a blog post. "Nevertheless, his actions were illegal and led to his arrest by Romanian authorities."
"That's a lesson that others would be wise to learn from if engaged in similar activities," Cluley said.
Members of the Romanian Security Team (RST) forum—the largest online hacker community in Romania, where TinKode was a high-ranking member before his arrest—took notice of the court's decision on Thursday. Some of them expressed relief that he received a lenient sentence, some felt that the amount of money he has to pay is too large and questioned his prospects of finding work with a criminal record, while others felt that he did wrong by seeking publicity which eventually led to his arrest.
TinKode's story should make hackers ask themselves whether what he did was worth it, an RST forum moderator said.
"It's no excuse for TinKode's criminal hacks, but if the websites had been properly secured in the first place they would have never found themselves embarrassed by the Romanian hacker," Cluley said.