Romanian Police Arrest TinKode

Romanian police have arrested a man they believe is TinKode, who broke into Department of Defense Websites and other government agencies.

Razvan Manole Cermaianu, an IT student, is suspected of being TinKode, the Romanian Directorate for Investigating Organized Crime and Terrorism said in a statement Jan. 31. He’s charged with breaking into wireless systems to obtain data, unauthorized transfer of data, and seriously disrupting computer operations. The agency also claimed that Cernaianu sold hacking tools to others online.

TinKode broke into Websites belonging to the Department of Defense and the National Aeronautics and Space Administration as well as computers belonging to the United States Army. He publicized the SQL injection vulnerabilities he had discovered and he disclosed the confidential data he had stolen from the US Army online.

TinKode had “no right to access multiple servers belonging to the U.S. Army, in order to obtain confidential data” that was copied and transferred into another computer, according to a Google Translate version of the statement.

Those two incidents are not all that he’s done, as his list includes breaking into the British Royal Navy’s Website in November 2010 and obtaining several site passwords. TinKode also exploited SQL injection vulnerabilities to break into MySQL.com and the European Space Agency.

TinKode was not out for financial gain or data. The attacks were all about showing off TinKode’s abilities and getting bragging rights. Romanian security experts say that hackers are often treated like heroes in Romanian press.

Even so, “Perhaps now is a good time to remind everyone who thinks it’s cool or amusing to expose an organisation’s weak security that hacking into a site is still a crime, regardless of what your incentive may be,” Graham Cluley, a senior technology consultant at Sophos, said.