Greek Hackers Target CERN's LHC 445
Doomsayers Delight writes "The Telegraph reports that Greek hackers were able to gain momentary access to a CERN computer system of the Large Hadron Collider (LHC) while the first particles were zipping around the particle accelerator on September 10th. 'Scientists working at CERN, the organization that runs the vast smasher, were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 meters in length and 15 meters wide/high. If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."'"
Re:Why is that even possible? (Score:4, Interesting)
My understanding is they have the LHC linked to universities/research firms/supercomputers all over Europe simply in order to process the massive amount of data that thing generates. I might have read that wrong though. I've had nothing but trouble finding good information between the "BLACK HOLES, WE'RE ALL GONNA DIE!", the idiot reporters doing "human interest" style pieces about it, and the incomprehensible (to me) physics-babble.
Re:Why is that even possible? (Score:2, Interesting)
Re:Why is that even possible? (Score:2, Interesting)
Couldn't you use a sneakernet link to the outside world instead?
Re:Why is that even possible? (Score:1, Interesting)
I wonder if this has anything to do with the horror stories I was reading yesterday (on slashdot) about how badly the scientists treat the admins.
Given my personal experience in the IT world, it seems very plausable to me that the scientists were demanding crazy levels of Internet access for the whole system and vehemently rejecting the security concerns the admins may have voiced as being just more needless whining and obstruction from insignificant low-level functionaries.
So they are too important to let the admins do their jobs...causing stuff like this to happen...and when it happens they blame the admins.
Re:The correct term (Score:3, Interesting)
Nice. Didn't someone write 2012 being "it" (Score:1, Interesting)
sploit (Score:1, Interesting)
SL is based off of Redhat?? I think so. Maybe the hacksters got in with that latest secret exploit?
The software is Open Source. (Score:3, Interesting)
If you think there's bugs in the security, you are able to fix it. That's the brilliant thing about Open Source. We don't have to just complain, we can actually send them the necessary patches. Now, the lack of publicity regarding the source is a concern. If Arthur Dent found getting the demolition plans for his house was bad, the notices regarding what software is available and where from are even worse.
They've had TWENTY YEARS to circulate the designs, prototypes and implementations. Yes, there are fewer software engineers interested in high-energy physics than there are software engineers into bomb-proofing OpenBSD, but if you don't tell any of them what's out there, it wouldn't matter if it was one coder or a million. You can't fix what you don't know exists to fix.
These control systems are mission-critical. The particle stream can't do "extensive" damage, but it can write-off the magnets, and those are multi-million-dollar toys. It could also shut down the accelerator for years, if a hacker goes drilling holes in the mountainside. (The hole would be small, but politicians aren't interested in paying for high-energy landscaping, and CERN isn't infinitely rich.)
Ignoring for a moment that the front-line defenses should have kept intruders out (though I'll bet that they're not using IPSec VPNs, they've got firewall holes for rsh and rlogin, and use .hosts files everywhere), the bulk of grid-enabled software these days can use Kerberos V or SAML 2.0 for security. They're probably not doing anything remotely that's time-critical so an in-line active intrusion detection and countermeasures system (there's plenty of them) could have been installed. Those cost a damn sight less than the detector array.
Since they were worried about someone getting onto an internal network, they must also believe that shell access was possible, so this isn't simply a matter of someone being able to ping a machine or SNMP query a server. This was a case of CERN violating some very serious standard protocols for ensuring code safety and system safety.
The "open secret" mentality, though, is probably the most dangerous part, though. By making the source available but not telling anyone, it is most available to those of malicious intent. Obscurity is not security, guys! That includes obscuring your announcements, it's not confined to merely obscuring the code itself. If you're going to release source (which is a Good Thing), you want to broadcast that fact to as WIDE an audience as possible. (In fact, if it's network-related, WIDE would be a good place to start announcing.) Get ALL the eyes you possibly can onto that code, for a comprehensive, rigorous audit. And if you're worried you can't get enough eyes, use static code checkers and test harnesses. Bet you anything none of the coders for the LHC have been using such resources beyond a superficial level, if at all.
All in all, I am impressed by the fact that the code is out there, and can be fixed, but I am NOT impressed with the secrecy mentality that created this utterly unnecessary security fiasco. If I'd wanted my tax money to go into security holes, I'd have paid Group Four to build the LHC. I want INTELLIGENT people to be doing the work.
Re:you question the actions of the scientists? (Score:5, Interesting)
remember: everything PhDs do is art. everything. including using their alma mater's mascot name as their password. art, i tell you!
Years ago (when I still worked in science) I got a call from the US military. It seems one of our scientists was attacking one of their systems.
Since the scientist in question was on the other side of the world on a field trip at the time, it seemed likely that someone had compromised his account, and I shut it down.
When I eventually asked the scientist if was using a strong password, he was proud to recite a long dog-latin linnean binomial. It was very difficult to spell or pronounce.
Of course, that was also the first word you saw if you searched for his name on the Internet (using WAIS, since this was before commercial search engines). This particular scientist was the world's foremost authority on the organism with that difficult name, and had published dozens of papers on it.
To put it in modern geek terms, it was like this guy was Bill Gates, his userid was gates, and his password was microsoft.
The idea that criminal hackers might actually look up his name came as a total surprise to this world-famous scientist with multiple PhDs...
Re:you question the actions of the scientists? (Score:4, Interesting)
Don't you know it.
Several years ago, I was working on tightening up our password system in a university department of Electrical Engineering and Computer Science (i.e. people who should definitely know better).
I was running crack on our userbase, to identify users with weak passwords so we could require them to change their password. One of the options was to look for passwords in .signature files. It seemed really silly to me. Who would be foolish enough to put his/her password in his/her email signature?
One of the first hits (right after someone with "password", I think) was a signature hit. It turns out, it was indeed one of our Ph.D. professors who did indeed have his password in his .signature file.
How? The password was his ham radio call sign, which, of course, he proudly listed in his email signature.....
Re:Why is that even possible? (Score:4, Interesting)
I have the excuse I wrote part of the code for one of the LHC's predecessors. In this case, the grid software is very generic. ShibGrid doesn't care if it's securing a particle accelerator or a wide-area distributed MMORPG, but I bet you anything that if WoW was a part of the Grid Gaming consortium, ShibGrid would be more audited than OpenBSD by more anal coders than Theo ever thought of being. There may be only one LHC, but anybody can run a Globus module through a static code checker and fix "obvious" coding errors.
True, the LHC has limited staff and can't check every patch people send to them. But the same problem is faced by OpenBSD, Linux, X.Org, the GCC developers, and a thousand and one other mega-coding projects. They seem to solve the problem without too much strain, so what do they do that the LHC guys aren't? I don't have to be a genius to solve the LHC's security issues, I merely have to know where the geniuses are and see what they do different.
Also true, the size of the code base makes the idea of bug-free code laughable. The middleware alone is HUGE. However, that's deceptive. There's a fascinating paper on Trusted Software. Not "trustworthy", "Trusted". As in A1 Orange Book Trusted. The paper basically states that buggy software is not the issue. So long as you have a small, tightly-written security kernel within key components, where that security kernel can be proven correct, bugs elsewhere can never pose a security risk. They can do lots of other nasty things, but they can never compromise the security of the system.
As the paper in question (which I've linked to previously, on the issue of security) is written by one of those aforementioned geniuses, and as this is something those geniuses do differently, it follows that this is a factor in what makes the difference between secure software and insecure software. MPI, a common message-passing system, usually uses RSH to start applications across a cluster or grid. Since MPI is generally not going to have any means of providing passwords, this means you're looking at .rhosts files, which means you've a wide-open security hole right there. And, yes, having worked at such facilities I can tell you that they often don't use SSH or a Kerberos-hardened RSH, just the vanilla form that no sane person would use in a million years. (This goes to show that, yes, scientists truly are mad.)
Misleading Telegraph (Score:5, Interesting)
"If they had hacked into a second computer network, they could have turned off parts of the vast detector "
"We have several levels of network, a general access network and a much tighter network for sensitive things that operate the LHC," said Gillies.
Basically they defaced a web page which is hosted on a server which is nothing to do with the LHC control network. Haven't we had enough ridiculous LHC scare stories yet?
Comment removed (Score:3, Interesting)
Re:Why is that even possible? (Score:3, Interesting)
I think you're thinking about this the wrong way.
When I talk about the history software, I mean the software that makes a time record of the settings of all the machine hardware.
Typically it's used to investigate weird behaviour of the machine. If it's suspected that a magnet has changed value, then they'll try to roll it back using the history software. When that doesn't work (due to the work of the uber-hacker you described), it will be immediately obvious, since the physical problem will still be there.
They'll then look at the magnet current on the control system, and (cos the uber-hacker attacked that as well), it will report the old value -- a value that simply disagrees with the physics.
Eventually, after an hour or so, someone will drive out there with a voltmeter (which can't be hacked), and then it will all become clear.
Remember, Cern is a high profile target, but only for vandals, not for the financially motivated crackers you guys will see. There's no motivation, beyond simple vandalism, for anyone to put that much work into an attack.