TinKode sentenced after hacking Oracle, NASA and others to expose weak security

TinKode sentenced after hacking Oracle, NASA and others to expose weak security

The infamous hacker known as TinKode has been sentenced by a Romanian court, according to media reports.

Cernăianu Manole Răzvan was arrested in January 2012, after a series of high profile hacks of government and military websites, exposing their poor security and often publishing passwords and screenshots as evidence.

Past victims have included website belonging to the British Royal Navy, MySQL.com (which ironically fell foul of a SQL injection attack) and NASA servers.

Royal Navy website

To the relief of many, TinKode appeared to be inspired more by the desire to embarrass organisations into improving web security – rather than making money.

Sign up to our free newsletter.
Security news, advice, and tips.

In an interview with Network World in 2011, TinKode compared his activities to a free security audit:

Until now, no. I don’t do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It’s like an security audit, but for free.

Nevertheless, his actions were illegal and led to his arrest by Romanian authorities earlier this year. Last month a Romanian court ordered Răzvan to pay 93,000 Euros (approximately $120,000) to cover the costs suffered by his breached victims, and gave him a two year suspended prison sentence.

That’s a lesson that others would be wise to learn from if engaged in similar activities.

Free TinKode petition

An online petition, started by TinKode’s sympathisers, failed to receive significant support (a hoped-for 5000 signatures has only reached 187 at the time of writing). It remains to be seen whether they will help the young Romanian pay his substantial fine.

It’s no excuse for TinKode’s criminal hacks, but if the websites had been properly secured in the first place they would have never found themselves embarrassed by the Romanian hacker.

If you haven’t already done so, check out Sophos’s free technical paper about “Securing websites”, which discusses common ways web servers are attacked and the various ways that they can be protected.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.