Forgot your password?
typodupeerror
Security Science

Greek Hackers Target CERN's LHC 445

Posted by ScuttleMonkey
from the try-try-again dept.
Doomsayers Delight writes "The Telegraph reports that Greek hackers were able to gain momentary access to a CERN computer system of the Large Hadron Collider (LHC) while the first particles were zipping around the particle accelerator on September 10th. 'Scientists working at CERN, the organization that runs the vast smasher, were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 meters in length and 15 meters wide/high. If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."'"
This discussion has been archived. No new comments can be posted.

Greek Hackers Target CERN's LHC

Comments Filter:
  • by Reality Master 201 (578873) on Friday September 12, 2008 @04:19PM (#24983627) Journal

    Why can anyone get to the control systems for a piece of equipment like that from the internet?

    • by Anonymous Coward on Friday September 12, 2008 @04:22PM (#24983671)

      security updates?

      • Ummm... Its impossible for someone outside of physical access to hack a system if it isn't connected to the internet.
        • Re: (Score:3, Insightful)

          by aliquis (678370)

          Make that "not connected to any network and they don't have physical access."

          Grand parent: Probably so scientist at other locations can run and investigate the results and so on of their experiments on said equipment?

          Sure they could like send a request to get something made and later returned the results but I guess for some tasks it's easier to control the equipment, see what's going on and change some parameters and so on yourself than having to ask someone else the whole time.

          Sure if everyone had their o

          • IBM (Score:3, Funny)

            Maybe if IBM had been in the LHC business rather than the computer business in the 70s, they'd have been right to dismiss the personal LHC in favor one or two LHCs worldwide that everyone uses.

            or somesuch.

    • by n dot l (1099033) on Friday September 12, 2008 @04:23PM (#24983695)

      My understanding is they have the LHC linked to universities/research firms/supercomputers all over Europe simply in order to process the massive amount of data that thing generates. I might have read that wrong though. I've had nothing but trouble finding good information between the "BLACK HOLES, WE'RE ALL GONNA DIE!", the idiot reporters doing "human interest" style pieces about it, and the incomprehensible (to me) physics-babble.

      • Re: (Score:2, Interesting)

        by Bryansix (761547)
        Then they can create a one way data warehouse dump of the data on a daily basis. Nobody needs the data faster then that. It can also be done via sneeker net. IE: Send it to an external hard drive and then move the HD over to a comp connected to the net and upload the data.
        • by Anonymous Coward on Friday September 12, 2008 @04:42PM (#24984019)

          Hard to sneaker-net data to a > 1000 machine grid.

          This system is a bit larger scale than you suspect.

          • Re: (Score:3, Informative)

            by mattfata (1038858)
            No one said the data collection server had to be off-net. The control system should most definitely not be. Control and data distribution should just be on separate machines.
        • Re: (Score:3, Funny)

          by mikiN (75494)

          Then they can create a one way data warehouse dump of the data on a daily basis.

          Just have the LHC create some nice little black holes and dump the data into them. One way data warehouse, with absolutely perfect data security.

          (sorry, couldn't resist...)

      • Re: (Score:2, Interesting)

        by NastyNate (398542)

        Couldn't you use a sneakernet link to the outside world instead?

      • by VJ42 (860241) * on Friday September 12, 2008 @04:44PM (#24984067)
        It's called "the grid". just do a google search for "LHC grid [google.com]" and you'll get lots of info. Here's a couple of links for starers:
        http://lcg.web.cern.ch/LCG/ [web.cern.ch]
        http://www.gridpp.ac.uk/cernlcg.html [gridpp.ac.uk]

        The BBC has a less tchnical piece on te grid: http://news.bbc.co.uk/1/hi/sci/tech/7534866.stm [bbc.co.uk]
      • by AlXtreme (223728) on Friday September 12, 2008 @04:55PM (#24984237) Homepage Journal

        My understanding is they have the LHC linked to universities/research firms/supercomputers all over Europe simply in order to process the massive amount of data that thing generates.

        You're correct (I did an internship recently on data management with the LCG/EGEE network). It's a massive multi-tiered network of datacenters (something like 50k nodes, 15PB of dedicated data storage, but don't quote me on these figures), all required to distribute the enormous amounts of data collected in the experiments to the researchers capable of processing the data.

        I'm not going to be an ass and piss too much on the work of thousands of others, because it took quite a bit of effort to set this up, but them getting hacked doesn't really surprise me. The architecture they set up (even for only data-distribution) is very complex, and a lot of software they use has been written in-house or has been forked (years ago). Oh, and it's all open source, readily available for whoever looks for it. With the LHC being such a high-profile target, this is IMHO a security nightmare waiting to happen.

        In what I've seen, I'm crossing my fingers that this break-in isn't related to the grid network, and that the next few months will go smoothly, but the grid has been primarily designed for high throughput, not security. Sure, they have certificates you need to access the grid systems, the policies are there, but technically I have my doubts.

        • by jd (1658) <imipak@yaCOLAhoo.com minus caffeine> on Friday September 12, 2008 @06:17PM (#24984705) Homepage Journal
          Open Source should have meant that a few thousand eyeballs scoured that code over the years between being written and being used. However, those few thousand eyeballs can't see code that nobody is told about. I discovered the source to the various projects by scouring CERN's network and digging deep through nests of links and obscure references. The Yahoo group for discussing grid computing has barely been used in the past year, and none of it for this. If there are any records for these projects on Freshmeat, it's because I added them. The project summaries are vague, where they're given at all. This simply isn't an acceptable way of distributing information. Their brief notices on minor pages away from the real information are about as useful as a house demolition order being posted in a basement with no stairs or lights.
    • Are you asking why admins exist?
    • So smart, and yet, so stupid.

      *sigh*
    • Re: (Score:2, Funny)

      by bothra (968330)
      even scientists need to d/l pr0n while they wait for particles to fly around that thing....
    • by sakdoctor (1087155) on Friday September 12, 2008 @04:25PM (#24983737) Homepage

      Vista needs to phone home for activation.

    • by Directrix1 (157787) on Friday September 12, 2008 @04:33PM (#24983883)

      This is from telegraph.co.uk . It might as well be the National Enquirer, and placed up there with Aliens that impregnated Britney Spears. I wish slashdot had a bury button.

    • Re: (Score:3, Funny)

      by alex4u2nv (869827) *

      Wonder how they broke in? Through the backdoor of course.

      In other words: The Large Hadron Collider was Greeked

    • by smolloy (1250188) on Friday September 12, 2008 @05:10PM (#24984453)

      These things are internet connected in order to allow on-call technicians and facilities management to check/fix it remotely. All big machines work like this. Everyone claiming that it shouldn't be connected to the internet has never worked with a machine like this (PS: I have).

      Seriously, we need to stop the hysteria over this. It's not like you're presented with a "destroy the world" button when you log in!

      No, you'll land at a bash prompt. And then what? You won't know the commands necessary to get to the control system software, and, even if you did, you'd only be able to randomly tinker with magnets. This will either have no effect whatsoever, or will be prevented by the machine protection system.

      The worst you can do is to interrupt operation for a while while they kick you out, and restore any changes you made (which would be easily done from automatic history software).

      This is bad -- any crack like this is bad -- but it's not gonna cause black holes, it's not gonna release radioactivity, and it's not gonna break the machine.

      People need to calm down.

      • Re: (Score:3, Interesting)

        by Bottlemaster (449635)

        These things are internet connected in order to allow on-call technicians and facilities management to check/fix it remotely. All big machines work like this. Everyone claiming that it shouldn't be connected to the internet has never worked with a machine like this (PS: I have).

        I work at a medium-sized financial institute, and even some of our small machines need to be accessed by off-site technicians from time to time. We maintain a per-machine white list of acceptable inbound IP addresses, and we don't e

        • Re: (Score:3, Interesting)

          by smolloy (1250188)

          I think you're thinking about this the wrong way.

          When I talk about the history software, I mean the software that makes a time record of the settings of all the machine hardware.

          Typically it's used to investigate weird behaviour of the machine. If it's suspected that a magnet has changed value, then they'll try to roll it back using the history software. When that doesn't work (due to the work of the uber-hacker you described), it will be immediately obvious, since the physical problem will still be there

  • by darth_MALL (657218) on Friday September 12, 2008 @04:22PM (#24983683)
    Any chance they had a Trojan Horse at the ready?
    • Re: (Score:3, Funny)

      by Anonymous Coward

      Any chance they had a Trojan Horse at the ready?

      No, but leave it to them to find a back door.

    • Re: (Score:2, Funny)

      by R2.0 (532027)

      "Any chance they had a Trojan Horse at the ready?"

      Maybe, but I think the prospect of penetrating a big, dark tunnel was too much of a temptation.

    • How can we be sure they were Greek hackers? What if they were agents of the TechnoCore [wikipedia.org] "performing experiments on farcasters" while pretending to be Greek hackers? <_<
    • I'd be very wary of any large Mountain Dew Delivery Trucks appearing at the gates, if I were Cern.

      Or wine trucks, Or what ever European Nerds drink. Does anyone know?
  • [they] were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 meters in length and 15 meters wide/high

    quick, hide the 21x15 meter finger painting and the 21x15 meter refrigerator!

  • They were probabaly commissioned to hack the LHC by the Greek Orthadox chruch hahahah
  • by KalvinB (205500) on Friday September 12, 2008 @04:24PM (#24983733) Homepage

    but some jackasses decided to mess with things they knew nothing about.

    I'll get my towel.

  • by Yetihehe (971185) on Friday September 12, 2008 @04:26PM (#24983763)
    See? See? Computer security is harder than building 27km ring with enough precision to smash single protons!
  • by mpoulton (689851) on Friday September 12, 2008 @04:27PM (#24983771)
    Can't geeks just be happy for society's scientific accomplishments and not try to screw up a good thing just because it's possible? Like the guy says, it's hard enough to make these things work when everyone's working together. Assholes.
  • by Rinisari (521266) *

    It won't be physicists that create a black hole at the LHC. It will be some idiot script kiddie from half the world away!

  • LHC webcams (Score:5, Funny)

    by GoNINzo (32266) <GoNINzo@@@yahoo...com> on Friday September 12, 2008 @04:28PM (#24983799) Homepage Journal
    I found an interesting video feed for the system they were accessing.

    http://www.cyriak.co.uk/lhc/lhc-webcams.html [cyriak.co.uk]

    Watch it for a minute, you can see the effects the hackers are having on them.
  • My BAD.... (Score:3, Funny)

    by zannox (173829) on Friday September 12, 2008 @04:29PM (#24983817)

    I was told I could download Spore without DRM from that IP.

  • Epic FAIL (Score:2, Funny)

    by davidwr (791652)

    What could have been:

    Cracker1: Cool, looks like we got into the outer network, let's try the inner one.
    Cracker2: OK, try this...
    Cracker1: What's this program "/staff/sfalken/games/Tictacto.exe [wikipedia.org]"
    Cracker2: I don't know, let's try it.
    Cracker1: OK.
    *EARTH-SHATTERING BOOM*

    God: It's the end of the world as I made it, and I feel fine.

  • Given Wednesday's article [slashdot.org] on hacking industrial control machinery.

    And given the number of astounded comments, I'm guessing no one else read it.

    Why have it connected to the internet? Because the people who design the machinery for these things aren't IT, they are engineers. They don't think they NEED to worry about security. And when they do, it's physical, not electronic.

    Wasn't the first go around of the internet being designed almost completely without any thought towards security a lesson to anyone? Have

  • by Bo'Bob'O (95398)

    I don't know who you guys are, but stop this shit, seriously.

    We don't need a Mark Chapman of the geek world.

  • perhaps a beam of antiprotons pointed at athens will solve the problem
     

  • by Gotung (571984) on Friday September 12, 2008 @04:37PM (#24983953)
    Just wondering if they used a trojan to gain access.

    Sneaky Greeks.
    • by Luyseyal (3154)

      Just wondering if they used a trojan to gain access.

      Only to your wife. :)

      -l

      • by Gotung (571984)
        I'm not married but thanks for the heads up.

        I will be sure to keep closer watch on the future Mrs. Gotung
  • What kind of idiot decided it would be a good idea to hook up that network to the outside world? Are they anticipating researchers waking up at 1am and thinking "hey, I want to run one more experiment from home before I go to bed..."?

    Their internal network ought to be completely physically segregated, and results transferred via sneaker-net. Anything else is just inviting outsiders to break in and play with really large magnets and particle guns. It's no different than them securing the entry doors with

    • by Aphoxema (1088507) *

      Sounds like an Act of God to me, it's gonna cost you a fortune, and won't you feel like shit when a black hole doesn't crush all your property into a space that's size can't even yet be speculated?

    • by smolloy (1250188) on Friday September 12, 2008 @05:02PM (#24984333)

      All these machines have connections to the internet. This allows on-call technicians to ssh in to debug a problem remotely, and for facilities management to make checks on the performance of the machine.

      It's not like connecting to the control software will present you with a big red button labelled "Black Hole Generator". You'll be presented with a bash prompt, and, if you can figure out the right command, possibly a control screen that you don't understand.

      These machines are stunningly complex, and the most likely outcome of some random script kiddie fucking with things is that *nothing* will happen. Someone more knowledgable (or lucky) might be able to find something that will be prevented by the machine protection system, or cause the machine to shut down for a while. Bad, but not as scary as you suggest.

      Seriously. Anyone who thinks that random "hackers" can do any real damage, or that these machines shouldn't be on the internet, doesn't know anything about them.

      (PS: I'm an accelerator physicist who has worked with several of these machines.)

    • by JustinOpinion (1246824) on Friday September 12, 2008 @05:04PM (#24984363)

      Are they anticipating researchers waking up at 1am and thinking "hey, I want to run one more experiment from home before I go to bed..."?

      I know you were trying to joke... but the answer is probably "yes."

      I've never worked at CERN, but it may be similar to large-scale science user facilities (e.g. x-ray synchrotrons) that I have worked at. Specifically, you want to be able to control the instruments remotely for a variety of reasons. Part of it is safety (in order to minimize time spent near radiation sources and industrial equipment). Part of it is convenience (to check on the status before driving all the way to the actual facility). Part of it is for collaboration (allowing an instrument scientist to log into the machine and change a setting for you, show you how to do something, etc.).

      At many facilities, you can change samples, alter instrument settings, re-align, etc.; all without actually going to the facility. Scientists doing those kinds of experiments do indeed appreciate the ability to log into the machine at 1am and check on the status.

      There are of course safeguards in place (e.g. hardware safety triggers that cannot be remotely over-ridden)... but it is sometimes possible to break something with remote commands. Now, most of the facilities that work like this are running samples, and need remote manipulation to switch samples and re-align and so forth. LHC doesn't have the same set of requirements... but there are indeed a variety of legitimate reasons why a scientist might need to remotely log into the system and change some settings.

      Large facilities are designed to "do science" 24/7. Remote control is one thing that helps scientists maximize the usefulness of equipment. (Such as waking up at 1 am, checking on an experiment you started before leaving work, realizing the data is no good, fixing a few parameters, and running a new more useful experiment.)

    • by profplump (309017) <zach-slashjunk@kotlarek.com> on Friday September 12, 2008 @05:13PM (#24984495)

      You could make the same argument about most computers in an office -- why are they even on the Internet? It's just unnecessary risk. Why do you have someone move an external hard drive from the public mail server to the internal mail server and visa versa every hour? The few people that actually need live Internet access can use one of the dedicated systems on another physical network.

      And even the totally impractical air gap doesn't really provide the protection you think it does -- it prevents interactive attacks, but it doesn't actually stop the flow of information to the Internet and back, it just make it asynchronous.

      But hey, why let facts and pragmatism get in the way of your system design bashing.

  • This is such a shame that people are so scared of this thing that they'll go this far. Maybe the reason it's so easy to convince people to be afraid of this thing is because it's so damn big, and I suspect that it being in a foreign country(ies) has a sour effect on some people. However, some people I've spoken with about it aren't even aware it's on the other side of the planet, one person thought it was in California.

    This tool may solve some of the most incredible mysteries of our universe (and bring up m

  • by rickb928 (945187) on Friday September 12, 2008 @04:48PM (#24984115) Homepage Journal

    Wondering why the LHC is connected to the Internet 'at all'...

    Why was the Web even developed? Why was HTTP even thought of? Why was a graphical browser of any interest?

    CERN. Ask Mr. Berners-Lee. And then contemplate the irony of wondering this at all.

    Sadly, it looks like CERN needs to work on the security more, but hey, that's in the spirit of the World-Wide Wild Web, eh?

  • Please, can we stop the fucking hysteria over the LHC?
    My girlfriend called me wednesday in hysterics because some ignorant bastard told her the world was ending. I explained to her that it's fine, and she's fine now, but for christ's sake, can these idiots perpetuating this fud just either a) shut the fuck or b) learn the facts?

    I'm so sick of this...

    • by Aphoxema (1088507) *

      I've already had to calm down 4 people myself, apparently mainstream media doesn't give you the crucial details of the argument to avoid sensationalism. It's really strange, someone needs to come up with a place where people can speak freely to those who are interested without relying on broadcasting or what other people decided is good for them.

      Too bad, I don't think we'll ever have anything like that.

      A shame, really.

      Be nice if it could be accessible at any time in the privacy of your own home, too, but I'

  • You want to make a black hole to suck up the earth? How about a nice game of chess instead?

  • by unassimilatible (225662) on Friday September 12, 2008 @04:50PM (#24984139) Journal
    Ross Denton: Hello, hello, I'm Ross Denton, head of public relations for the Two Mile nuclear facility. First, I'd like to welcome all members off the press to Two Mile Island. I hope you enjoy your stay here and that you'll come back again real soon. Now, there will be box lunches at air cooling tower #1 after the briefing, and later the buses will take you back to the motel for a special screening of the Jane Fonda film, "Barbarella".

    Male Reporter #1: What about the accident here at the plant?

    Ross Denton: That what? Oh yes, yes, the accident. Uh, let me give you a little uh, technical, uh, background here. [ shows a diagram of a nuclear reactor pointing to nuclear energy, pointing to a toaster. ] This is a nuclear reactor. Now, the nuclear fuel here is used to generate energy here, which is sent to your homes to make toast.

    Male Reporter #2: But what about the accident?

    Ross Denton: I was getting to that. Sometime yesterday afternoon we experienced what we like to call a surprise. And, well, we had to release some radioactive steam.

    Female Reporter #1: Well, how much radiation are we being exposed to right now?

    Ross Denton: Well, I'm sure all of us here have been to the doctor and had our chest x-ray, haven't we? Well, it's just like that, only it's as if the doctor had to give you the chest x-ray over, and over, and over again. Or, it's like falling asleep under a sun lamp for a week or two! Or, it's like drying your hair in a microwave oven! And to give you some idea of how little danger there actually is, President Carter will be here tomorrow. Now, gentlemen, I'm sorry, I'm sorry. Yes, I'm sorry I have to cut this press conference short, but now I'd like to hand the stage over to the Two Mile players! They're a pro-nuclear mime troope, and they're going to perform a little skit for you, kids!

    *** Ross Denton: Good afternoon, good afternoon, ladies and gentleman of the press. First, as to the president's condition, let me say that the president is feeling certainly "stronger" than he's ever felt. And he would like to be with us right here, in this room if he could. I think now I'll just open the door to questions-

    Female Reporter #1: Yes, is it true that the president is 100 feet tall?

    Ross Denton: Nooooo! Absolutely not!

    Male reporter #3: Is the president 90 feet tall?

    Ross Denton: No comment.
  • I am surprised such systems are directly connected to the Internet at all. Why does a particle collider need internet access?

    With it seems every computer system on the planet hackable, one wonders how we got to this situation. Perhaps it is due to the overuse of C rather than better protected languages like Perl or Ruby for instance, and thus buffer overruns

  • im liberal and geeky and whatnot, however i cant tolerate any piece of shit messing with the most important experiment that is ever conceived.

    i do not see those fucktards as members of internet community, or any hat color hacker community.

    lets get to their personal data and make their lives a mess.
  • Tons of people have already pointed out the silliness of having the control system on a publicly accessible computer. With some decent counterarguments, I can still clearly state that they're doing it wrong!" [xkcd.com]

  • Dr Evil [today.com] is at work with the Russian Dark Security Market to hold the world to ransom for One Hundred Beelion Dollars!

    (Or it's just a large hardon [today.com] again.)

  • by jd (1658) <imipak@yaCOLAhoo.com minus caffeine> on Friday September 12, 2008 @05:22PM (#24984597) Homepage Journal

    If you think there's bugs in the security, you are able to fix it. That's the brilliant thing about Open Source. We don't have to just complain, we can actually send them the necessary patches. Now, the lack of publicity regarding the source is a concern. If Arthur Dent found getting the demolition plans for his house was bad, the notices regarding what software is available and where from are even worse.

    They've had TWENTY YEARS to circulate the designs, prototypes and implementations. Yes, there are fewer software engineers interested in high-energy physics than there are software engineers into bomb-proofing OpenBSD, but if you don't tell any of them what's out there, it wouldn't matter if it was one coder or a million. You can't fix what you don't know exists to fix.

    These control systems are mission-critical. The particle stream can't do "extensive" damage, but it can write-off the magnets, and those are multi-million-dollar toys. It could also shut down the accelerator for years, if a hacker goes drilling holes in the mountainside. (The hole would be small, but politicians aren't interested in paying for high-energy landscaping, and CERN isn't infinitely rich.)

    Ignoring for a moment that the front-line defenses should have kept intruders out (though I'll bet that they're not using IPSec VPNs, they've got firewall holes for rsh and rlogin, and use .hosts files everywhere), the bulk of grid-enabled software these days can use Kerberos V or SAML 2.0 for security. They're probably not doing anything remotely that's time-critical so an in-line active intrusion detection and countermeasures system (there's plenty of them) could have been installed. Those cost a damn sight less than the detector array.

    Since they were worried about someone getting onto an internal network, they must also believe that shell access was possible, so this isn't simply a matter of someone being able to ping a machine or SNMP query a server. This was a case of CERN violating some very serious standard protocols for ensuring code safety and system safety.

    The "open secret" mentality, though, is probably the most dangerous part, though. By making the source available but not telling anyone, it is most available to those of malicious intent. Obscurity is not security, guys! That includes obscuring your announcements, it's not confined to merely obscuring the code itself. If you're going to release source (which is a Good Thing), you want to broadcast that fact to as WIDE an audience as possible. (In fact, if it's network-related, WIDE would be a good place to start announcing.) Get ALL the eyes you possibly can onto that code, for a comprehensive, rigorous audit. And if you're worried you can't get enough eyes, use static code checkers and test harnesses. Bet you anything none of the coders for the LHC have been using such resources beyond a superficial level, if at all.

    All in all, I am impressed by the fact that the code is out there, and can be fixed, but I am NOT impressed with the secrecy mentality that created this utterly unnecessary security fiasco. If I'd wanted my tax money to go into security holes, I'd have paid Group Four to build the LHC. I want INTELLIGENT people to be doing the work.

  • CMS != LHC (Score:3, Informative)

    by cuantar (897695) on Friday September 12, 2008 @08:08PM (#24985785) Homepage
    I don't know if anyone has pointed this out yet, but if so, it bears saying again: the control system in question belongs to the CMS detector, not to the LHC. These are two entirely different beasts.
  • Misleading Telegraph (Score:5, Interesting)

    by hairykrishna (740240) on Friday September 12, 2008 @10:04PM (#24986495)
    The two key sentances of the article are:

    "If they had hacked into a second computer network, they could have turned off parts of the vast detector "

    "We have several levels of network, a general access network and a much tighter network for sensitive things that operate the LHC," said Gillies.

    Basically they defaced a web page which is hosted on a server which is nothing to do with the LHC control network. Haven't we had enough ridiculous LHC scare stories yet?

(1) Never draw what you can copy. (2) Never copy what you can trace. (3) Never trace what you can cut out and paste down.

Working...