Greek Hackers Target CERN's LHC

Doomsayers Delight writes "The Telegraph reports that Greek hackers were able to gain momentary access to a CERN computer system of the Large Hadron Collider (LHC) while the first particles were zipping around the particle accelerator on September 10th. 'Scientists working at CERN, the organization that runs the vast smasher, were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 meters in length and 15 meters wide/high. If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."'"

Why is that even possible?

[Reality Master 201]

Why can anyone get to the control systems for a piece of equipment like that from the internet?

Can't we all just get along?

[mpoulton]

Can't geeks just be happy for society's scientific accomplishments and not try to screw up a good thing just because it's possible? Like the guy says, it's hard enough to make these things work when everyone's working together. Assholes.

Re:Why is that even possible?

[Directrix1]

This is from telegraph.co.uk . It might as well be the National Enquirer, and placed up there with Aliens that impregnated Britney Spears. I wish slashdot had a bury button.

Re:The correct term

[zappepcs]

I'm with you on the nomenclature issue. Such an important experiment and mankind in general offers far too many whack jobs who want to shut it down.

The logic of the 'we're all gonna die' crowd eludes me. If nothing happens, all is good. If the world ends, doesn't matter anyway. All those that think they will go to meet their maker should be happy either way, right? WTF?

Re:Why is that even possible?

[Anonymous Coward]

Hard to sneaker-net data to a > 1000 machine grid.

This system is a bit larger scale than you suspect.

Re:Why is that even possible?

[aliquis]

Make that "not connected to any network and they don't have physical access."

Grand parent: Probably so scientist at other locations can run and investigate the results and so on of their experiments on said equipment?

Sure they could like send a request to get something made and later returned the results but I guess for some tasks it's easier to control the equipment, see what's going on and change some parameters and so on yourself than having to ask someone else the whole time.

Sure if everyone had their own LHC this wouldn't be needed, but now I assume there is more users than there is LHCs ..

Um, for all you jokers out there...

[rickb928]

Wondering why the LHC is connected to the Internet 'at all'...

Why was the Web even developed? Why was HTTP even thought of? Why was a graphical browser of any interest?

CERN. Ask Mr. Berners-Lee. And then contemplate the irony of wondering this at all.

Sadly, it looks like CERN needs to work on the security more, but hey, that's in the spirit of the World-Wide Wild Web, eh?

Air gap and 15 Petabytes of data annually

[fejes]

Ok, I know you want to think that this can be done... but how exactly do you air gap a system that produces 15 Petabytes of data annually and share that data with 100's of labs around the world?

By manual entry, copying this data across the air gap (120wpm) would take:

15,000,000,000,000,000 characters /(120 words/minute * 6 characters/word) = 4*10^7 years.

Even passing that back and forth on hard drives means shutting about (15Pb/365/24 = ) 1.7 Terabytes per hour. (24 hours a day.)

At some point, you have to admit that just connecting this thing to the internet and securing it is the right thing to do.

Re:This begs the question

[supernova_hq]

Yes, sending the data is very important, however I am sure that the sensors used to collect university data are not the same sensors that are used by the control system. Do what-ever you want with the data-collection sensors, but DO NOT connect the bloody control system to the internet. If an airplane can keep the entertainment system separate from the control system, I'm sure the greatest minds in the world can do the same.

yes, yes, I remember the airplane story, no need to bring that up...

Re:what retard put it online?

[profplump]

You could make the same argument about most computers in an office -- why are they even on the Internet? It's just unnecessary risk. Why do you have someone move an external hard drive from the public mail server to the internal mail server and visa versa every hour? The few people that actually need live Internet access can use one of the dedicated systems on another physical network.

And even the totally impractical air gap doesn't really provide the protection you think it does -- it prevents interactive attacks, but it doesn't actually stop the flow of information to the Internet and back, it just make it asynchronous.

But hey, why let facts and pragmatism get in the way of your system design bashing.

Re:Can't we all just get along?

[Skal Tura]

never going to happen, there's always people wanting to gain access to such a system.

Their reasons to access LHC Grid might be many, maybe completely irrelevant to LHC itself, but gaining access to that grid. What secrets may lie in that network?

Or what could you accomplish with all that bandwidth, storage space and computational power within your grasb?

Think of the terrifying idea that in LHC GRID most of the servers in it could directly access internet on a very fast connection used as a botnet to send spam, or even worse and more likely, attack DNS root servers or something along those lines.

and like you said, some people just want to do it because they can.

This attack was catched, but think about the possibility of a stealth attack which has gone unnoticed.

Re:Why is that even possible?

[jd]

Open Source should have meant that a few thousand eyeballs scoured that code over the years between being written and being used. However, those few thousand eyeballs can't see code that nobody is told about. I discovered the source to the various projects by scouring CERN's network and digging deep through nests of links and obscure references. The Yahoo group for discussing grid computing has barely been used in the past year, and none of it for this. If there are any records for these projects on Freshmeat, it's because I added them. The project summaries are vague, where they're given at all. This simply isn't an acceptable way of distributing information. Their brief notices on minor pages away from the real information are about as useful as a house demolition order being posted in a basement with no stairs or lights.

Re:you question the actions of the scientists?

[KGIII]

Being brilliant in one field doesn't mean even a layman's ability in a different area of specialty. Me? I can't even fix my car. Turns out I don't even know where the starter is. Well, no... I do now - it's the shiny new piece of equipment under the hood.

Re:Why is that even possible?

[quanticle]

Unfortunately, it's not always that simple. Sure, there may be a few universities that have secure leased lines running to CERN, but, given the prominence of the LHC, there are sure to be researchers not from those universities who want to run LHC experiments. Cutting off those researchers simply because they're at the wrong institution doesn't seem fair.

Re:Not even a VPN?

[databeast]

yeah, because there has NEVER been an SSH exploit or man-in-the-middle attack. EVER.