Romanian Accused of Breaking Into NASA 169
alphadogg writes "Romanian authorities have arrested a 26-year old hacker who is accused of breaking into multiple NASA servers and causing $500,000 in damages to the U.S. space agency's systems. Robert Butyka, 26, was arrested on Tuesday in Western Romania following an investigation by the Romanian Directorate for Investigating Organized Crime and Terrorism. According to local reports, the hacker used the online moniker of 'Iceman.' He does not have a higher education or an occupation, a DIICOT spokeswoman said."
Re:Bill Gates (Score:3, Informative)
Not in DC (Score:5, Informative)
If a cop fails to prevent a crime due to neglicence, the city can be sued.
http://en.wikipedia.org/wiki/Warren_v._District_of_Columbia [wikipedia.org]
Re:No education or occupation (Score:5, Informative)
I take it you've never actually worked on a high-security system. Here's what I remember of the procedure at the last high-security place I worked:
In the event that a machine (including a gateway) is compromised, any machine it can access is considered threatened, and must be thoroughly checked. No, NAT does not help, because once someone has control over the bridge, they can send data to any machine they want, even those without an external IP address. If any router, switch, or machine shows any slightly-suspicious activity (even as benign as an unscheduled database login), that machine gets an even more thorough examination to find out whether the activity was actually related to the hack, and what resources the hacker may have gained access to. If there's any indication that the hacker had shell access or retrieved data, the machine is considered compromised. If the machine stored any sensitive data, that data is reviewed to see if it could allow access to other systems (such as challenge questions & answers for resetting passwords). This investigation, which often involves the use of outside consultants (because there may have been inside help) continues throughout the whole network until the full extent of the breach is known. Being a government agency, the breach will likely involve a several-hundred-page report covering every detail. Somebody has to write that.
The cost is already in the hundreds of thousands of dollars, and only then can the repairs start. It's often not as simple as just restoring a backup, either. Sure, the operating system can usually be done quickly (including fixes for the responsible security holes), but if there's any indication of data being touched (which, in this case, there was), that has to be addressed, too. Backups are usually old. In an ideal world we'd be making hourly backups stored offsite in an everything-proof vault, but that's never really the case. If an admin's lucky, he has a backup that's less than a week old - or it was when the breach occurred. Somehow (best described as "magically"), the admin has to figure out what changes were intentional (like experiment results, or customer orders, or whatever) and what was the result of the breach, then piece together the data to get something reasonably complete and up-to-date. Finally, after days, weeks, or months of reconstruction (most vital systems first, of course), the system is declared clean. Until then, projects get postponed, and other employees are being paid to play solitaire until their real work can continue.
Then there's the "let's not do this again" phase, where employees change passwords, get lectured on security practices, sit through seminars on how to properly encrypt data, and so forth, all of which costs even more money. There's probably still an ongoing investigation as to whether anyone inside the organization helped the hacker, likely being run by consultants.
Then there's the damages caused by any delays, which may involve contractual obligations. That's more money.
It's not as simple as just re-imaging and assuming that everything's fine. Sure, that works on workstations, but it's unlikely that a workstation was all that was damaged. Once a server gets touched, the costs rise dramatically.
Re:Damages (Score:2, Informative)
As someone who worked at NASA during a hacker break-in, I am frankly surprised that the damages are that small. All of the machines were taken offline for a couple of days. All of the IT people worked round the clock to restore the servers to a previous state and try and fix the exploit. All kinds of onerous policies for the users are put in place that lasted for a month. Several new onerous policies persisted longer. Work productivity was definitely lost by all of the users (scientists) of all of the computer systems. Accusing the IT folks of being lapse is totally ignorant as well. Some of the finest IT people work for NASA. NASA's problem instead is the rule from the top. Administrators with basically no science or IT experience enact policies that those people need to follow which are stupid. Many of the IT people know it but they are stuck with the administrators' or even government mandates as to how these systems need to be operated. I remember several of the IT people during the incident that occurred while I was there complaining that they were not as yet allowed to move the systems into virtualization where far less damage occurs with exploits.