Hacker TinKode, Romanian national Manole Rzvan Cernianu, received a two-year suspended prison sentence for hacking into computer systems owned by Oracle, NASA, the US Army and the US Department of Defense and was ordered to pay damages totalling more than $120,000.
According to Cernianu's case file summary on the Romanian Ministry of Justice web portal, he was sentenced on September 26 and received six prison sentences of one or two years for separate computer-related offenses.
The offenses included: gaining unauthorised access to a protected computer system; transferring data from a computer system without authorisation; affecting the normal operation of a computer system by deleting, modifying or sending electronic data; creating, selling or distributing a devices or a computer program designed to be used in computer crimes; creating, selling or distributing a password or access code without authorisation that could be used to access a computer system with the intention of committing a computer crime.
Because the offences were committed concurrently, the court ruled that Cernianu should serve only the lengthiest prison sentence of two years. Furthermore, the three months spent in arrest between January and April 2012 were subtracted from the two-year prison sentence and its execution was suspended in favour of four years of probation.
In addition, Cernianu was ordered to pay $59,002 to Oracle, $52,575 to NASA, $5,025 to the US Department of the Army and $7,348 to the US Department of Defense. The court's decision can be appealed within 10 days of being issued.
Under the online alias TinKode, Cernianu took credit for hacking into many high-profile websites including some belonging to the US Army, NASA, the UK Royal Navy, the European Space Agency, MySQL - now owned by Oracle - and Google.
In some cases the hacker made efforts to notify the affected parties before publishing information about the security vulnerabilities he found, which earned him a spot in Google's Security Hall of Fame. In other cases he engaged in full disclosure and even posted confidential information taken from the compromised servers on his blog.
TinKode said in the past that his intentions had never been malicious, but some of the companies and organisations whose computers he targeted claimed that his actions resulted in damage.
"To the relief of many, TinKode appeared to be inspired more by the desire to embarrass organisations into improving web security - rather than making money," said Graham Cluley, a senior technology consultant at antivirus vendor Sophos. "Nevertheless, his actions were illegal and led to his arrest by Romanian authorities.
"That's a lesson that others would be wise to learn from if engaged in similar activities," Cluley said.
Members of the Romanian Security Team (RST) forum - the largest online hacker community in Romania, where TinKode was a high-ranking member before his arrest - took notice of the court's decision last week. Some of them expressed relief that he received a lenient sentence, some felt that the amount of money he has to pay is too large and questioned his prospects of finding work with a criminal record, while others felt that he did wrong by seeking publicity which eventually led to his arrest.
TinKode's story should make hackers ask themselves whether what he did was worth it, an RST forum moderator said.
"It's no excuse for TinKode's criminal hacks, but if the websites had been properly secured in the first place they would have never found themselves embarrassed by the Romanian hacker," Cluley said.