Greek Hackers Target CERN's LHC

Doomsayers Delight writes "The Telegraph reports that Greek hackers were able to gain momentary access to a CERN computer system of the Large Hadron Collider (LHC) while the first particles were zipping around the particle accelerator on September 10th. 'Scientists working at CERN, the organization that runs the vast smasher, were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 meters in length and 15 meters wide/high. If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."'"

Re:Air gap + Sneakernet

[SBacks]

Portable harddrives to move the data?

http://www.nsf.gov/discoveries/disc_summ.jsp?cntn_id=111420 [nsf.gov]

This thing will generate 28000 TB of data per hour! Imagine the number of grad students it would take to transfer all those hard drives back and forth.

Re:Why is that even possible?

[X0563511]

I know you are being funny, but CERN uses Scientific Linux. [scientificlinux.org]

SL is a Linux release put together by Fermilab [fnal.gov], CERN [www.cern.ch], and various other labs and universities around the world. Its primary purpose is to reduce duplicated effort of the labs, and to have a common install base for the various experimenters.

Re:Why is that even possible?

[VJ42]

It's called "the grid". just do a google search for "LHC grid [google.com]" and you'll get lots of info. Here's a couple of links for starers:
http://lcg.web.cern.ch/LCG/ [web.cern.ch]
http://www.gridpp.ac.uk/cernlcg.html [gridpp.ac.uk]

The BBC has a less tchnical piece on te grid: http://news.bbc.co.uk/1/hi/sci/tech/7534866.stm [bbc.co.uk]

Re:Why is that even possible?

[Anonymous Coward]

They expect to generate something like 27 Terabytes of data every day. All those ones and zeros weigh a ton!

Re:Why is that even possible?

[AlXtreme]

My understanding is they have the LHC linked to universities/research firms/supercomputers all over Europe simply in order to process the massive amount of data that thing generates.

You're correct (I did an internship recently on data management with the LCG/EGEE network). It's a massive multi-tiered network of datacenters (something like 50k nodes, 15PB of dedicated data storage, but don't quote me on these figures), all required to distribute the enormous amounts of data collected in the experiments to the researchers capable of processing the data.

I'm not going to be an ass and piss too much on the work of thousands of others, because it took quite a bit of effort to set this up, but them getting hacked doesn't really surprise me. The architecture they set up (even for only data-distribution) is very complex, and a lot of software they use has been written in-house or has been forked (years ago). Oh, and it's all open source, readily available for whoever looks for it. With the LHC being such a high-profile target, this is IMHO a security nightmare waiting to happen.

In what I've seen, I'm crossing my fingers that this break-in isn't related to the grid network, and that the next few months will go smoothly, but the grid has been primarily designed for high throughput, not security. Sure, they have certificates you need to access the grid systems, the policies are there, but technically I have my doubts.

Re:what retard put it online?

[smolloy]

All these machines have connections to the internet. This allows on-call technicians to ssh in to debug a problem remotely, and for facilities management to make checks on the performance of the machine.

It's not like connecting to the control software will present you with a big red button labelled "Black Hole Generator". You'll be presented with a bash prompt, and, if you can figure out the right command, possibly a control screen that you don't understand.

These machines are stunningly complex, and the most likely outcome of some random script kiddie fucking with things is that *nothing* will happen. Someone more knowledgable (or lucky) might be able to find something that will be prevented by the machine protection system, or cause the machine to shut down for a while. Bad, but not as scary as you suggest.

Seriously. Anyone who thinks that random "hackers" can do any real damage, or that these machines shouldn't be on the internet, doesn't know anything about them.

(PS: I'm an accelerator physicist who has worked with several of these machines.)

Re:what retard put it online?

[JustinOpinion]

Are they anticipating researchers waking up at 1am and thinking "hey, I want to run one more experiment from home before I go to bed..."?

I know you were trying to joke... but the answer is probably "yes."

I've never worked at CERN, but it may be similar to large-scale science user facilities (e.g. x-ray synchrotrons) that I have worked at. Specifically, you want to be able to control the instruments remotely for a variety of reasons. Part of it is safety (in order to minimize time spent near radiation sources and industrial equipment). Part of it is convenience (to check on the status before driving all the way to the actual facility). Part of it is for collaboration (allowing an instrument scientist to log into the machine and change a setting for you, show you how to do something, etc.).

At many facilities, you can change samples, alter instrument settings, re-align, etc.; all without actually going to the facility. Scientists doing those kinds of experiments do indeed appreciate the ability to log into the machine at 1am and check on the status.

There are of course safeguards in place (e.g. hardware safety triggers that cannot be remotely over-ridden)... but it is sometimes possible to break something with remote commands. Now, most of the facilities that work like this are running samples, and need remote manipulation to switch samples and re-align and so forth. LHC doesn't have the same set of requirements... but there are indeed a variety of legitimate reasons why a scientist might need to remotely log into the system and change some settings.

Large facilities are designed to "do science" 24/7. Remote control is one thing that helps scientists maximize the usefulness of equipment. (Such as waking up at 1 am, checking on an experiment you started before leaving work, realizing the data is no good, fixing a few parameters, and running a new more useful experiment.)

Re:Why is that even possible?

[smolloy]

These things are internet connected in order to allow on-call technicians and facilities management to check/fix it remotely. All big machines work like this. Everyone claiming that it shouldn't be connected to the internet has never worked with a machine like this (PS: I have).

Seriously, we need to stop the hysteria over this. It's not like you're presented with a "destroy the world" button when you log in!

No, you'll land at a bash prompt. And then what? You won't know the commands necessary to get to the control system software, and, even if you did, you'd only be able to randomly tinker with magnets. This will either have no effect whatsoever, or will be prevented by the machine protection system.

The worst you can do is to interrupt operation for a while while they kick you out, and restore any changes you made (which would be easily done from automatic history software).

This is bad -- any crack like this is bad -- but it's not gonna cause black holes, it's not gonna release radioactivity, and it's not gonna break the machine.

People need to calm down.

Re:This begs the question

[Anonymous Coward]

Because the experts on each experiments cannot be running LHC 24/7.
Most of the times, each experiments are operated by small shift crews. When they see a problem that they cannot solve themselves, they would call the expert on that particular system.
Then, the expert would remote login and make the adjustments necessary. Therefore, the Internet connectivity is important.

Re:Air gap and 15 Petabytes of data annually

[conspirator57]

if your control system is that poorly designed that you pass all your data through it and make it publicly accessible, then you deserve the consequences.

*Control* systems ought to be separate from publicly accessible

*Data presentation* systems to the extent possible.

i.e. presentation systems with external availability should take orders from the control system but not communicate back to the control system. If you need data in your control loop, then you make a separate data collection system for that purpose. alternatively, one could get (an) optical network card(s) and only connect the TX fiber(s) on the collection system, thereby making data only flow out into the analysis network.

Re:Why is that even possible?

[mattfata]

No one said the data collection server had to be off-net. The control system should most definitely not be. Control and data distribution should just be on separate machines.

Meaning of the Hacker's text

[arigram]

If you're interested to know, the text the hackers left is a childish rant against others that they claim pretend to be l33t but are not unlike them. Pretty stereotypical hacker/cracker message since the dawn of machines. Probably every hacking group in history has written such a message claiming superiority over lazy, unskilled pretenders. It actually has nothing to do with the LHC. The only reason they hacked this site was because as they state was going to be popular, thus a good place to advertise their rant and group.

Re:Air gap + Sneakernet

[ndsbriand]

This thing will generate 28000 TB of data per hour!

Not to start a pissing contest over how much data the LHC will produce, but I got this directly off of the CERN web site:

The Large Hadron Collider will produce roughly 15 petabytes (15 million gigabytes) of data annually - enough to fill more than 1.7 million dual-layer DVDs a year!

That is closer to 1.7 TB per hour.

Re:Why is that even possible?

[sexconker]

Networks are fine.

The damned thing being on the INTERNET is retarded.

Physically sever (or never connect) anything this important from the internet.

CMS != LHC

[cuantar]

I don't know if anyone has pointed this out yet, but if so, it bears saying again: the control system in question belongs to the CMS detector, not to the LHC. These are two entirely different beasts.

Re:Why is that even possible?

[jackchance]

i don't know if you meant that as a joke, but this technique is part of the spec for TMDS [wikipedia.org] (used in DVI & HDMI video)

the first eight bits are optionally inverted to even out the balance of ones and zeros and therefore the sustained average DC level. The tenth bit is added to indicate whether this inversion took place.

Re:Can't we all just get along?

[dominious]

I'm greek so I'll give a summary of what they say in the defaced site: They say that they did not attempt to mess with any data in the system and did not want to destroy anything. In fact, they FIXED the bug that let them in. Mainly they just accuse some members of GHS (which i guess is another underground hacker team). The defacement was actually done in order to prove themeselves to other hackers, not to attack CERN itself.