Razvan Manole Cernaianu is accused of revealing security holes and publishing information about SQL injection vulnerabilities in those agencies. A 20-year-old hacker who goes by the Internet name TinKode was arrested recently by Romanian police after he bragged about hacking into Pentagon and NASA computer systems.Razvan Manole Cernaianu is accused of revealing security holes and publishing information about SQL injection vulnerabilities in those agencies.The Romanian Directorate for Investigating Organized Crime and Terrorism said Cernaianu also offered a computer program on his blog that could be used to hack into websites and published a video showing Internet attacks he had made against the U.S. government.The FBI and NASA assisted in the investigation. The U.S. Embassy in Bucharest said Cernaianu used, “advanced hacking tools to gain unauthorized access to government and commercial systems.” Cernaianu allegedly hacked into a computer server at NASA’s Goddard Space Flight Center last April, and posted a screen grab that showed files connected to confidential satellite data.Anthony M. Freed, managing editor of Infosec Island, says that TinKode is known to have taken advantage of several well-known vulnerabilities that many of his targets should have resolved before he exploited them through SQL injections — a technique many security experts now derisively call “Hacking 101.” “His targets tend to be large entities that undoubtedly have complex network deployments and multiple interfaces for third parties like contractors or client bases,” says Freed, “which provide a higher product probability of his finding unprotected points of entry.”Freed says penetration by a determined hacker is almost guaranteed in networks of this size.“They should focus on detection and data protection within the networks,” he says, “while working under the assumption that they will not be able to prevent all breach attempts.“Advanced monitoring systems, appropriate data classification, and secondary authentication protocols for access to the most sensitive information is critical both for detecting an intrusion and slowing hackers progress. This can buy the needed time to lock down the compromised system and prevent data theft.”Gary McGraw, CTO of Cigital, says if TinKode didn’t want to get caught, he should not have been bragging so publicly. “If you go looking for attention, you’re probably going to get it,” he says.McGraw says the damage caused was probably minor. “But, to get past all of these silly problems, agencies like these should build systems with security in mind in the first place. Right now they are trying to fix broken systems.” Related content news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Generative AI Machine Learning news analysis Attackers could abuse Google's SSO integration with Windows for lateral movement Compromised Windows systems can enable attackers to gain access to Google Workspace and Google Cloud by stealing access tokens and plaintext passwords. By Lucian Constantin Nov 30, 2023 8 mins Multi-factor Authentication Single Sign-on Remote Access Security feature How to maintain a solid cybersecurity posture during a natural disaster Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. By James Careless Nov 30, 2023 8 mins Security Operations Center Data and Information Security Security Practices news Amazon debuts biometric security device, updates Detective and GuardDuty Amazon’s latest security offerings, announced at its re:Invent conference, cover everything from advanced biometrics to new tools for defeating runtime and cloud threats, including identity and access management (IAM) capabilities. By Jon Gold Nov 29, 2023 3 mins Biometrics Security Monitoring Software Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe