Hackers infiltrate Large Hadron Collider systems and mock IT security

9/12/2008

Roger Highfield, Science Editor/Telegraph

http://www.telegraph.co.uk/earth/main.jhtml?xml=/earth/2008/09/12/scicern312.xml



Hackers have mounted an attack on the Large Hadron Collider, raising concerns about the security of the biggest experiment in the world.

As the first particles were circulating in the machine near Geneva where the world wide web was born, a Greek group hacked into the facility, posting a warning about weaknesses in its infrastructure.

Calling themselves the Greek Security Team, the interlopers mocked the IT used on the project, describing the technicians responsible for security as "a bunch of schoolkids."

However, despite an ominous warning "don't mess with us," the hackers said they had no intention of disrupting the work of the atom smasher.

"We're pulling your pants down because we don't want to see you running around naked looking to hide yourselves when the panic comes," they wrote in Greek in a rambling note posted on the LHC's network.

The scientists behind the £4.4 billion "Big Bang" machine had already received threatening emails and been besieged by telephone calls from worried members of the public concerned by speculation that the machine could trigger a black hole to swallow the earth, or earthquakes and tsunamis, despite endless reassurances to the contrary from the likes of Prof Stephen Hawking.

The website - www.cmsmon.cern.ch - can no longer be accessed by the public as a result of the attack.

Scientists working at Cern, the organisation that runs the vast smasher, were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12500 tons, measuring around 21 metres in length and 15 metres wide/high.

If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."

Fortunately, only one file was damaged but one of the scientists firing off emails as the CMS team fought off the hackers said it was a "scary experience".

The hackers targeted the Compact Muon Solenoid Experiment, or CMS, one of the four "eyes" of the facility that will be analysing the fallout of the Big Bang.

The CMS team of around 2000 scientists is racing with another team that runs the Atlas detector, also at Cern, to find the Higgs particle, one that is responsible for mass.

"There seems to be no harm done. From what they can tell, it was someone making the point that CMS was hackable," said James Gillies, spokesman for Cern. "It was quickly detected."

"We have several levels of network, a general access network and a much tighter network for sensitive things that operate the LHC," said Gillies.

"We are a very visible site," he said, adding that of the 1.4 million emails sent to Cern yesterday, 98 per cent was spam.

The hacking attempt started around the time that the giant machine was about to circulate its first particles, under the spotlight of the world's media.

On Wednesday afternoon, as the world held its breath as the machine sparked up, CMS team members were scouring computers at the machine for half a dozen files uploaded by the hackers on September 9 and 10.

"We think that someone from Fermilab's Tevatron (the competing atom smasher in America) had their access details compromised," said one of the scientists working on the machine. "What happened wasn't a big deal, just goes to show people are out there always on the prowl."

The CMS team studied the files inserted by the hackers carefully before deleting, in case a "backdoor" had been installed, a means of access to the computer that bypasses security.

The system the hackers managed to access was CMSMON, which monitors the CMS software system as the vast detector takes data, during collisions between particles to study the energies and physics in the immediate aftermath of the Big Bang, which created the universe.

Cern relies on a 'defence-in-depth' strategy, separating control networks and using firewalls and complex passwords, to protect its control systems from malicious software, such as denial-of-service attacks, botnets and zombie machines, which can strike with a synchronised attack from hundreds of machines around the world.

However, there have been growing concerns about security as remote or wireless access, notebooks and USB sticks offer new possibilities for a virus or worms to enter the network, not to mention hackers and terrorists who might be interested in targeting computers to shutdown the system.

More than 110 different control systems are used at Cern. These systems monitor, supervise and safeguard Cern's accelerators, experiments and infrastructure - from buildings, electricity and heating to access control, radiation protection and safety.

To refine security methods Cern set up a working group called Computing and Network Infrastructure for Controls. One document written by the group said: "Recent events show that computer security issues are becoming a serious problem also at Cern."

However, the team said yesterday that it did not want to comment on security at the international facility.

A few years ago, Stanford University in California announced that a number of high-performance academic computer centres had been attacked by hackers lured by the phenomenal power of the grid - pools of computing power linked by dedicated high-speed networks. Beyond shutting down the machines or stealing or deleting data, one likely malicious use of such power is to crack passwords.

In 2003, hackers broke into ScotGrid, a network of 150 machines based at the University of Glasgow. They intercepted the password of a remote user based in Geneva and used it to gain access to ScotGrid. They ran scripts that tried to reconfigure the machine to steal more passwords.

The commissioning of the giant machine is making extraordinary progress.

Now that the team has managed to get beams of particles circulating stably, they must be "captured" so that the particles stay in bunches.

This has now been done with the anticlockwise beam, circulating a beam for full half an hour. Commissioning, said Gillies, "is going incredibly fast."

They now hope to capture the second clockwise beam. "To give you a feel for how well these guys are doing, what happened on Wednesday was days one to four of main commissioning."

This latest step "is really a more significant achievement than Wednesday's fun and games," comments Dr David Sankey of the Rutherford Appleton Laboratory, Oxfordshire.


main page ATTRITION feedback