Razvan Manole Cernaianu is accused of revealing security holes and publishing information about SQL injection vulnerabilities in those agencies. A 20-year-old hacker who goes by the Internet name TinKode was arrested recently by Romanian police after he bragged about hacking into Pentagon and NASA computer systems.Razvan Manole Cernaianu is accused of revealing security holes and publishing information about SQL injection vulnerabilities in those agencies.The Romanian Directorate for Investigating Organized Crime and Terrorism said Cernaianu also offered a computer program on his blog that could be used to hack into websites and published a video showing Internet attacks he had made against the U.S. government.The FBI and NASA assisted in the investigation. The U.S. Embassy in Bucharest said Cernaianu used, “advanced hacking tools to gain unauthorized access to government and commercial systems.” Cernaianu allegedly hacked into a computer server at NASA’s Goddard Space Flight Center last April, and posted a screen grab that showed files connected to confidential satellite data.Anthony M. Freed, managing editor of Infosec Island, says that TinKode is known to have taken advantage of several well-known vulnerabilities that many of his targets should have resolved before he exploited them through SQL injections — a technique many security experts now derisively call “Hacking 101.” “His targets tend to be large entities that undoubtedly have complex network deployments and multiple interfaces for third parties like contractors or client bases,” says Freed, “which provide a higher product probability of his finding unprotected points of entry.”Freed says penetration by a determined hacker is almost guaranteed in networks of this size.“They should focus on detection and data protection within the networks,” he says, “while working under the assumption that they will not be able to prevent all breach attempts.“Advanced monitoring systems, appropriate data classification, and secondary authentication protocols for access to the most sensitive information is critical both for detecting an intrusion and slowing hackers progress. This can buy the needed time to lock down the compromised system and prevent data theft.”Gary McGraw, CTO of Cigital, says if TinKode didn’t want to get caught, he should not have been bragging so publicly. “If you go looking for attention, you’re probably going to get it,” he says.McGraw says the damage caused was probably minor. “But, to get past all of these silly problems, agencies like these should build systems with security in mind in the first place. Right now they are trying to fix broken systems.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe