NASA hacker refuses to pay compensation to US government

The unusual legal case started when the US government realised it could not extradite Victor Faur, now aged 27, from his home country of Romania, despite the fact a Los Angeles court had indicted him on multiple counts.

This led the US government to prosecute Faur in his home country of Romania.

According to the Softpedia newswire, the US government claimed his actions caused $1.5 million in damages, but Faur argued that he only hacked into computers to warn owners about security problems.

"Faur, who used the hacker handle of SirVic, left taunting messages for system administrators on computers he compromised, making fun of their skills and instructing them on how to patch the machines", says the East European newswire.

"In November 2008 a Romanian court handed Faur with a sixteen-month suspended prison sentence and ordered him to pay $240,000 in damages to the US government", adds the newswire.

And now, says the newswire, he is refusing to pay the compensation, a move that will undoubtedly mean the case will return to the courts.

Commenting on the saga, Andy Kemshall, the chief technology officer of SecurEnvoy, the multi-factor authentication specialist, said the case is case is interesting.

"But more than anything, the case brings home the very real costs associated with remediating a data breach. It's not just the cost of mopping up after the hacker(s), but it's the cost of putting things completely right after the event", he said.

The case, he added, should act as a clear warning to anyone involved in IT security management, as it shows the very real costs in solving matters when things go seriously wrong, and an organisation's IT security is compromised.

It is unlikely that the US government will ever be able to recoup the cost of remediating the various systems breaches caused by the Romanian hacker in the last decade, he explained, but the size of the expenditure involved is almost certainly a lot higher than the cost of deploying effective security to defend the servers concerned.

Good IT security, says Kemshall, is never as expensive as many people think it is - and will always be cheaper than the very real costs of mopping up and making good after a data breach.

"Dr Larry Ponemon, the founder of the Ponemon Institute, has stated many times in his various reports that the real costs of remediating a data breach are very significant. His latest report in March, for example, identified that the cost had reached £1.9 million per incident, a figure that has risen steadily in recent years", he noted.

"That figure is 13% up on a year earlier, and was up 18% on a year still earlier. A two million pound price tag on a data breach is a lot of money. It's a lot cheaper to defend an IT platform", he noted.

What’s Hot on Infosecurity Magazine?