"Computer Geek" Gets Six Months For Breaking In To Systems

Gregory Herns helped NASA technicians improve the security of their computers, but they didn't show him a lot of gratitude. Instead, they helped put him in jail. Maybe that's because of the way Herns pointed out security deficiencies of the space agency's powerful information systems -- by exploiting them to give himself a place to store movies that he had downloaded from the net.

System administrators are not, as a rule, too fond of system-crackers who mess with their machinery. Those at NASA are no exception. They had the US Attorney in Portland out for blood at Herns's sentencing. In his defense, the hacker pointed out that, when he committed the crime, he was just a kid of 17. He apologized to NASA and the federal agents who hunted him down. "These actions took place years ago and are behind me," he told the judge, according to Portland Oregonian reporter Noelle Crombie. "I've moved on since."

The prosecutor countered with a description of the chaos that Herns spread in the space agency's computers, and NASA's estimate of $200,000 damage. And Herns might have been good with computers, but maybe not with numbers -- he was been 17 when he started the misconduct in 2000, but persisted until well after he turned 18 in 2001, making himself eligible for prosecution as an adult.

Hackers like Herns typically break into a powerful computers and computer networks that are connected to the internet by broadband. Their motive, in general: to set up illicit FTP or file-trading sites. They may trade pirated movies (as Herns did), hacking tools, kiddie porn, spam utilities, or other computer contraband. The first clue to administrators might only come when a little-used system suddenly gets busy for no apparent reason.

Herns knew he was breaking the law and tried to disguise his attack on the NASA machine as coming from the University of Minnesota. That's where the investigation led. But NASA technicians and federal agents were able to trace Herns through a university computer they say Herns hacked. From there, the trail led back to Portland, where it ended at Herns' fingertips.

US District Judge Anna Brown sentenced Herns to six months in Federal prison, and three years of probation -- with specific limitations on computer use during the probation period. Herns will also have to pay restitution.

In an update of the old my-client-killed-his-parents-have-pity-on-the-poor-orphan plea, Herns's lawyer, Michael Levine, describing his client as a "computer geek," complained that the restrictions on computer use were too harsh, as Herns does "everything" online. He didn't know how to pay his bills without the Internet.

"He's going to get to learn," Judge Brown shot back. "The exercise may be useful to you, Mr. Herns." Herns might even have to find a new major in college as he was studying (what else?) computer science.

This story has taken slightly different spins in the popular press, the aerospace press, and the computer-technical press. A lively thread on the computer site Slashdot has explored most of the technical angles, and some of the social ones, to a fare-thee-well. One Slashdot poster offered the following pithy advice:

"...to anyone considering taking a stab at *.nasa.gov space: Historical statistics show that you'll find suitable targets and manage to compromise a system. But keep in mind, for the US Government, that is just the beginning. The FBI [is patient], making progress over several years of investigation and finally prosecution. So the compromise of a system that takes minutes, and the abuse of that system over a period of weeks or months may mean that years later you'll find yourself in court."

Pity that Greg Herns didn't heed that advice in 2001. Or as another poster put it, "Wow... 6 months in prison because he was too cheap to buy a hard drive..."

But the last word goes to another Slashdot wag. Noting that Herns said he broke into the systems because he ran out of space on his own computer, he pointed out: "Who has more experience solving space problems than NASA?"

FMI: www.nasa.gov, www.bop.gov