"Computer Geek" Gets Six Months For Breaking In To Systems
Gregory Herns helped NASA
technicians improve the security of their computers, but they
didn't show him a lot of gratitude. Instead, they helped put him in
jail. Maybe that's because of the way Herns pointed out security
deficiencies of the space agency's powerful information systems --
by exploiting them to give himself a place to store movies that he
had downloaded from the net.
System administrators are not, as a rule, too fond of
system-crackers who mess with their machinery. Those at NASA are no
exception. They had the US Attorney in Portland out for blood at
Herns's sentencing. In his defense, the hacker pointed out that,
when he committed the crime, he was just a kid of 17. He apologized
to NASA and the federal agents who hunted him down. "These actions
took place years ago and are behind me," he told the judge,
according to Portland Oregonian reporter Noelle Crombie. "I've
moved on since."
The prosecutor countered with a description of the chaos that
Herns spread in the space agency's computers, and NASA's estimate
of $200,000 damage. And Herns might have been good with computers,
but maybe not with numbers -- he was been 17 when he started the
misconduct in 2000, but persisted until well after he turned 18 in
2001, making himself eligible for prosecution as an adult.
Hackers like Herns typically break into a powerful computers and
computer networks that are connected to the internet by broadband.
Their motive, in general: to set up illicit FTP or file-trading
sites. They may trade pirated movies (as Herns did), hacking tools,
kiddie porn, spam utilities, or other computer contraband. The
first clue to administrators might only come when a little-used
system suddenly gets busy for no apparent reason.
Herns knew he was breaking the law and tried to disguise his
attack on the NASA machine as coming from the University of
Minnesota. That's where the investigation led. But NASA technicians
and federal agents were able to trace Herns through a university
computer they say Herns hacked. From there, the trail led back to
Portland, where it ended at Herns' fingertips.
US District Judge Anna Brown sentenced Herns to six months in
Federal prison, and three years of probation -- with specific
limitations on computer use during the probation period. Herns will
also have to pay restitution.
In an update of the old
Herns's lawyer, Michael Levine, describing his client as a
"computer geek," complained that the restrictions on computer use
were too harsh, as Herns does "everything" online. He didn't know
how to pay his bills without the Internet.
"He's going to get to learn," Judge Brown shot back. "The
exercise may be useful to you, Mr. Herns." Herns might even have to
find a new major in college as he was studying (what else?)
This story has taken slightly different spins in the popular
press, the aerospace press, and the computer-technical press. A
lively thread on the computer site Slashdot has explored most of
the technical angles, and some of the social ones, to a
fare-thee-well. One Slashdot poster offered the following pithy
"...to anyone considering taking a stab at *.nasa.gov space:
Historical statistics show that you'll find suitable targets and
manage to compromise a system. But keep in mind, for the US
Government, that is just the beginning. The FBI [is patient],
making progress over several years of investigation and finally
prosecution. So the compromise of a system that takes minutes, and
the abuse of that system over a period of weeks or months may mean
that years later you'll find yourself in court."
Pity that Greg Herns didn't heed that advice in 2001. Or as
another poster put it, "Wow... 6 months in prison because he was
too cheap to buy a hard drive..."
But the last word goes to another Slashdot wag. Noting that
Herns said he broke into the systems because he ran out of space on
his own computer, he pointed out: "Who has more experience solving
space problems than NASA?"