NASA nabs Web vandal suspect
Special agents from the agency's cybercrime unit arrest a suspected vandal for defacing the space agency's site for human resources.
On Dec. 26, agents from NASA's Office of the Inspector General charged Matthew S. Lawrence of Shelton, Conn., with violations of state law for hacking into the Goddard Space Flight Center's human resources site last February and defacing a Web page.
Lawrence allegedly defaced the human resources department's home page, under the alias "Mr_Min," by adding a single line of text to the bottom of the Web page--"i know you have good intentions, but fix me please. mr_min."
That's not the way to report a security hole, said Jim Jackson, eastern supervisory special agent for NASA's OIG computer crime division. "If there is a problem, send us email. Once you take steps to modify something, you break the law. We have no choice. We have to follow through."
Last March, someone posted a similar message to the Web site of e-Financial, using the Mr_Min name: "fix this problem of yours before someone else takes advantage of this unlike me--mr_min."
NASA agents cooperated with the Shelton Police Department. Lawrence, who was 18 at the time of the break-in, will be prosecuted in state court as an adult.
In a statement, NASA cited damages associated with the defacement as the "labor costs to rebuild the computer system" and said the attack "kept the Web server out of service for almost a month." Jackson estimated the overtime costs related to repairing the site at about $1,700.
While NASA seemed ready to pin the entire cost of the repairs on Lawrence, the suspected Net vandal wasn't the only one to deface the site. According to security site Attrition.org, another group of vandals posted more extensive changes to the human resources page on Feb. 10, the same day Lawrence allegedly left his note.
While "Mr_Min" was the least destructive and even seemed to have altruistic motives, another group of vandals replaced the page with their own--a combination of graphics and a diatribe in Portuguese.
B.K. Delong, a staff member at Attrition.org, believes that Lawrence and the other vandals are not related. "I don't think Matthew Lawrence of Connecticut is a fluent speaker of Portuguese," he said.
Delong said he believes that the group was likely based in the Portuguese-speaking country of Brazil, which has become an incubator for Web vandals in recent years.
While stressing that NASA investigators have generally done their jobs well, Delong questioned whether they went after the wrong individual in this case.
Calling Lawrence a "nonintrusive kid," Delong said, "Did they go after him because he was the easiest to find? You don't really see them pulling in the big groups."
NASA's Jackson said the agency has to go after whomever they find trespassing on their sites. He would not say whether the investigation had concluded.
With only small successes under its belt and computers that have a reputation for being insecure, NASA will most likely see defacements continue unabated, Delong said.
"This probably won't scare the kids," he said. "As long as NASA machines are easy to break into, the kids are going to keep doing it."
NASA's Jackson seemed to agree. "It is kind of a badge of honor to (pose as) a NASA site. My job is to investigate what happens and to be a deterrent."