Hackers actually managed to infiltrate LHC Systems

INRM

Philosopher
I
Joined
Jul 24, 2002
Messages
5,505
Hackers infiltrate Large Hadron Collider systems and mock IT security
http://www.telegraph.co.uk/earth/main.jhtml?xml=/earth/2008/09/12/scicern312.xml


As the first particles were circulating in the machine near Geneva where the world wide web was born, a Greek group hacked into the facility, posting a warning about weaknesses in its infrastructure.

Calling themselves the Greek Security Team, the interlopers mocked the IT used on the project, describing the technicians responsible for security as "a bunch of schoolkids."

However, despite an ominous warning "don't mess with us," the hackers said they had no intention of disrupting the work of the atom smasher.

"We're pulling your pants down because we don't want to see you running around naked looking to hide yourselves when the panic comes," they wrote in Greek in a rambling note posted on the LHC's network.

The scientists behind the £4.4 billion "Big Bang" machine had already received threatening emails and been besieged by telephone calls from worried members of the public concerned by speculation that the machine could trigger a black hole to swallow the earth, or earthquakes and tsunamis, despite endless reassurances to the contrary from the likes of Prof Stephen Hawking.

The website - www.cmsmon.cern.ch - can no longer be accessed by the public as a result of the attack.
Click to expand...


INRM
 
Odd that the article never mentions why it's accessible to the internet in the first place. Seems to me that any sensitive system should be on an isolated network. Won't stop all the problems, but should certainly keep the script kiddies from breaking in. Maybe the international nature of it means people insist on remote access?

I dunno, odd that they'd even try to put it online.
 
Based on my experiences with academic facilities, I don't expect good IT security in them, as a rule. I imagine they have their systems accessible in that manner so that people can do remote work, but I also imagine they could probably have set them up much more securely (maybe with sequestration of the online-accessible stuff from everything else -- but then, I'm not an IT expert, so I'll leave that to those who are).
 
Reading the article, it shows a significant fault in their security. Having the network hacked and the website taken down is one thing but apparently the damn control system for the LHC is accessible online...now that's just stupid.
 
The hackers were not on the control system network, but "one step away" when they were detected.

Scientists working at Cern, the organisation that runs the vast smasher, were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12500 tons, measuring around 21 metres in length and 15 metres wide/high.

If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."

...

"We have several levels of network, a general access network and a much tighter network for sensitive things that operate the LHC," said Gillies.
Click to expand...
 
Physics guys spend all their time making it work. Security is an afterthought. When I worked at Fermilab in the 80s, we had the 414 gang trying to break in so we gave them a honeypot (the best Star Trek program we could find) and traced their numbers...
 
Haha, I was thinking, "Hey, that parking lot's lit like it's daytime, which it clearly should not be, so I doubt it's live," when the fun started.

Did you see the gorilla?
 
It's a serious danger. If they screw with the LHC they could cause all sorts of horrible problems. Especially for the workers at the place if not for nearby areas -- if not the whole world (And that includes *THEM*)


INRM
 
You must log in or register to reply here.

Back
Top Bottom