September 12th, 2008
Hackers deface LHC site, came close to turning off particle detector
Is it now cyberwar over atom-smashing? A team of Greek hackers calling themselvses Greek Security Team has penetrated the Large Hadron Collider and defaced a public website. No real damage done, but the hackers got perilously close. The hackers attacked the Compact Muon Solenoid Experiment, or CMS. The Guardian reports:
Scientists working at Cern, the organisation that runs the vast smasher, were worried about what the hackers could do because they were “one step away” from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 metres in length and 15 metres wide/high.
If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, “it is hard enough to make these things work if no one is messing with it.”
Fortunately, only one file was damaged but one of the scientists firing off emails as the CMS team fought off the hackers said it was a “scary experience”.
Check out ZDNet’s other coverage on the Collider:
- LHC a sure sign that Europe is the center of physics
- The Collider and the Grid: Distributed computing made LHC possible
- LHC and faith-based science
- Photo Gallery: Where particles, physics theories collide
- Gallery: Scientists react to Hadron success
- Ed Burnette: Has the Large Hadron Collider destroyed the world yet?
- Mitch Ratcliffe: LHC, Genomics and the era of massive data sets
- Zack Whittaker: Just in case the world does end
- John Carroll: The LHC and the importance of pure research
The hackers breached the CMSMON system, which monitors the CMS software system. CMS takes vast amounts of data during collisions. About CERN’s security apparatus:
Cern relies on a ‘defence-in-depth’ strategy, separating control networks and using firewalls and complex passwords, to protect its control systems from malicious software, such as denial-of-service attacks, botnets and zombie machines, which can strike with a synchronised attack from hundreds of machines around the world.
However, there have been growing concerns about security as remote or wireless access, notebooks and USB sticks offer new possibilities for a virus or worms to enter the network, not to mention hackers and terrorists who might be interested in targeting computers to shutdown the system.
Update: Received the following comments from Andrew Storms, director of security ops at nCircle Network Security:
It’s always difficult for outsiders to understand what may have really
happened without the first-hand technical recount of the events. However,
two things we can always count on — 1) the higher value targets will
receive more attention from hackers 2) the more sophisticated hackers won’t
be knocking on the front door.
If its true that the access vector was a Fermilab worker had their access
information compromised, then this points to the higher level of
sophistication of the hackers. They knew that the front door would be
locked, so they probably targeted a trusted individual who would have access
to the LHC networks.
Its important to note that the compromise probably began with a human. We
are more than often the fault for most system compromises. Hackers know
this and have actively been targeting people for years now, with the
understanding that they may unknowingly give the attackers access to what
they seek.
Even those with PHDs and deep understanding of higher level mathematics and
physics are prone and susceptible to computer and information security
intrusions.
