Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Fermi Lab Compromised by Pirate 280

tttonyyy writes "The US Department of Energy sounded a full scale alert after machines were compromised at the Fermi National Accelerator Laboratory, according to this BBC article. It turns out that the hacker was a student using the machines to download and store music and movies."
This discussion has been archived. No new comments can be posted.

Fermi Lab Compromised by Pirate

Comments Filter:
  • by tr0llb4rt0 ( 742153 ) on Tuesday February 03, 2004 @10:01AM (#8168761) Homepage
    used to store MP3's and DIVX's.

    Shock Horror ...

    Now if he'd accessed the controls for particle accelerator and was able to spin it up then thats news. :-D
    • It does not even sound like he cracked into anything. He just downloaded some files where as normally he shouldn't be able too.

      In otherwords, he cracked out not in.

      And the lab being compromised??? Puhleeze. I guess they need more funding. (or in the spirit of "No Child Left Behind"...less)
    • by PYves ( 449297 ) on Tuesday February 03, 2004 @11:24AM (#8169822)
      In relation to the title of this article, it would also be news if an actual pirate (eyepatch and wooden leg included) had compromised the lab, since pirates are really cool. Yarrrrrr.
  • by AtariAmarok ( 451306 ) on Tuesday February 03, 2004 @10:03AM (#8168771)
    On the hacker's download list:

    The China Syndrome

    re*ac*tor by Neil Young

    Duke Nukem Platinum Edition

    Christmas at Ground Zero by Weird Al

    The Atomic Cafe

    Everyone's favorite video clip of Janet Jackson's right breast

  • Old news? (Score:5, Interesting)

    by iapetus ( 24050 ) on Tuesday February 03, 2004 @10:03AM (#8168773) Homepage
    Um. This happened in 2002 according to the article. I think we've missed the boat on this one... the actual new information is the sentence handed down to the culprit.
    • by fizbin ( 2046 ) <martin@snoFORTRA ... g minus language> on Tuesday February 03, 2004 @01:59PM (#8172054) Homepage
      Nothing.

      Nothing, aside from the notoriety of this trial, which may not even follow him that far - a google search on his name (Joseph McElroy) doesn't even turn up stuff referring to him in the first page. (That what he gets for sharing his name with a famous author)

      The judge decided against jail time because "he had not accessed classified material on the network and had not intended to cause harm". Also, the monetary claim for damages against him was waived on the grounds that he wouldn't be able to pay it.

      "not intended to cause harm"? "not intended to cause harm"? Tell me, can I bypass the metal detectors at Heathrow simply because I'm not carrying any weapons, and even if I were, intend to cause no harm with them? What if I just want to drive to the store and back, but would rather hotwire your car instead of walking?

      Sure, I understand that the US has some truly brutal criminal trespass laws that are probably way out of proportion to the act they supposedly punish, and that therefore a UK judge might be more lenient in this case than a US one would, but... nothing?
  • by Gyan ( 6853 ) on Tuesday February 03, 2004 @10:03AM (#8168774)
    The kid could have picked a less prominent host to save money on a hard drive.

    Given that he probably did it for the self-boast rather than space, he should be roasted.
    • Roasted?

      Oh, you're a judge then?
    • by leerpm ( 570963 ) on Tuesday February 03, 2004 @10:22AM (#8168988)
      More than likely, he probably did not even know that the computer was government owned, or that it was that important. He probably was just a script kiddie who was looking for a fast remote host, to share out movies.
    • by tunabomber ( 259585 ) on Tuesday February 03, 2004 @12:33PM (#8170797) Homepage
      Given that he probably did it for the self-boast rather than space, he should be roasted.

      Are you sure? My guess is that it was a trap so he could roast someone else...

      RIAA Goon: There! In the supercollider building- that's where the IP address of the machine with the illegal content is...

      The goons enter the compound and proceed down a corridor when they reach a thick door with a sign on it.

      MPAA Goon: It says "Entering Accelerator Core- Danger: High Velocity Neutrons and Gamma Rays".

      RIAA Goon: Who the hell does this kid think he is? He can't fool us! We'll stuff so many lawsuits down his pants that his piss won't hit the floor when he wets his titey-whiteys!

      |-|a> sees the goons on the security camera display on his screen, then opens up a terminal and types:

      root@fermi1.fnal.gov:~ #cat /dev/urandom > /dev/particleaccelerator


      MPAA Goon: It's got to be around here somewhere...

      low rumble, which increases in pitch...

      RIAA Goon: What's that sound?
  • Not put in jail?! (Score:3, Interesting)

    by seidleroniman ( 740696 ) on Tuesday February 03, 2004 @10:04AM (#8168791)
    "Judge Andrew Goymer decided against sending McElroy behind bars as he had not accessed classified material on the network and had not intended to cause harm." This is quoted from the article, but in my opinion, I dont care what your intentions are, you hack into a place like that you should be thrown in jail even if its just to show everyone else how serious you are.
    • Absolutely. Its not about the intentions but the fact that what he did was not right. We even punish juveniles with the idea of making them realize the difference between right/wrong and this guy is 19.

      Not that I support RIAA but the idea of them going after people sharing/downloading copyrighted material is the right thing. Their tactics might be questionable but that is a different point.

    • by MoogMan ( 442253 )
      Hehe, kinda like the defense "Yeah, I broke into the house but hey, I didnt steal anything so I dont deserve to be classed as a 'proper criminal'". Bollocks, you're a criminal.
      • If we are willing to create laws which award damages for financial harm done then I think it is reasonable to consider whether such harm has been done. People aren't supposed to break into your house, that's a threat of sorts and it erodes your sense of security. But by the same token, if they break in, have a change of heart, and leave (hahaha - though it can be a highly-motivated change of heart) then they simply haven't harmed you as much as someone who has stolen your stereo (or god forbid your computer
      • by the_mad_poster ( 640772 ) <shattoc@adelphia.com> on Tuesday February 03, 2004 @11:23AM (#8169809) Homepage Journal

        Yea, because as we all know there are no colors but black and white.

        That said, you're obviously not very intelligent, so you must be a total idiot.

        Oh, what's that? I don't know anything about you other than that post? It doesn't matter, that post was stupid, and therefore you deserve to be classified as stupid, right? There's only black or white, so you must either be smart or stupid, and I think the post was pretty dumb, so you must be pretty dumb, correct?

        Or, to put a more "on topic" spin on it, obviously, if you swerve to avoid a chipmunk and run over a child on a tricycle coming out of a blind driveway, it's clear that you are a horrendous murderer and therefore must be given the death penalty immediately. After all, there is no excuse for swerving onto the sidewalk whether you meant to or not, so you must be punished appropriately. You should be held just as responsible for your heinous crime as Ted Bundy was for his, becase you are obviously a "proper criminal" just like him.

        The idea that you should be sentenced based on some rigid defintion of a crime rather than on your actual impact and your intended impact is so abysmally stupid that I have to call into question the intelligence of anyone who would try to support such a ridiculous idea. If he didn't do any damage and nobody can prove he intended to, he should be sentenced as a minor vandal and a moron. He should in no way, shape, or form be sentenced as if he had stolen sensitive information, damaged any of the equipment, etc. The idea of turning people into "examples" like that serves no purpose other than to deteriorate respect in the legal system. People need to be sentenced accordingly. He was an idiot, and he needs to be sentenced as one. He was not some undercover spy stealing sensitive information, so he shouldn't be sentenced as one. He wasn't even a hacker of any note and it doesn't appear that he was trying to be one, so, again, he shouldn't be sentenced as one.

    • Re:Not put in jail?! (Score:5, Informative)

      by pacman on prozac ( 448607 ) on Tuesday February 03, 2004 @10:23AM (#8168998)
      Instead he ends up doing community service. Exeter is about half an hour from here. The community service in this part of the UK is an incredibly harsh and difficult punishment. I'll describe it for those who have not come across its horrors before.

      Its likely that he will end up being forced to sit in a sunny field in the middle of the Devon countryside smoking joints and drinking cans of extra strong lager with all the other community service peeps, while they supposedly dig some ditch that doesn't need to be dug so nobody will ever care about it actually being done or not.

      That'll learn 'im.
    • How do you even know the hacker knew it was DoE property? My bet is he probably was port-scanning various subnets, came along and hacked into an unsecured host, and got lucky that it could support so much bandwidth.
    • This could spawn a whole thread on rehabilitation, but I'm actually glad the judge didn't send him to prison. This bucks the trend in the states where any computer crime is practically considered terrorism.

      It was a non-violent crime and I don't think society would be one bit safer with him behind bars.
    • Intend to cause harm or not, he did break security. And this wasn't SCO's website, it was a fucking lab! I cannot realy understand the decision taken in this case.

      They could at the very least fine him for downloading and/or sharing copyrighted material. Not that I am pro-RIAA (far from it!), it's just that we've seen people fined for less than that in the US. Now that judge just looks dumb.

      On the other hand, I always find it stupid when someone hacks into a computer, tells the company there's a securi
    • "In your own opinion"

      Well, that's why you are not a judge, and I pray not, cuz judge's shouldn't be playing with "in their own opinion", they should follow the law.
    • by goldcd ( 587052 ) * on Tuesday February 03, 2004 @10:35AM (#8169106) Homepage
      the people in charge of the security at the lab?
      Which do you consider more dangerous:
      #1 Script Kiddie being hacking server to store films on.
      #2 Running a nuclear lab with so little security a script kiddie can break in.
    • by Vellmont ( 569020 )
      Please. He's a dumb script kid. His crime is more analogous to breaking into a building and having a party in it. Jail time is hardly appropriate, and is more likely to turn him into a hardcore criminal.

      The sentence does seem a bit light though. I think he should probbably have been forced to pay the 21K pounds restitution over a period of years (it's not _that_ much money).
    • People talk about FNAL as a "nuclear" lab, as if they do bombs or have something to do with "national security." They are just a physics lab, one step above your typical university physics department. The main difference is that Uncle Sam runs it as a "national facility", and Unk is kind of twitchy just now.

      Personally, I really like the "what me worry?" photo of our friendly hacker [bbc.co.uk]. 73 - Martin

    • Re:Not put in jail?! (Score:5, Interesting)

      by j-turkey ( 187775 ) on Tuesday February 03, 2004 @11:48AM (#8170164) Homepage
      I dont care what your intentions are, you hack into a place like that you should be thrown in jail even if its just to show everyone else how serious you are.

      I completely disagree. Furthermore, I think that yours may be the same kind of thinking that US legislators have when creating laws to cover new technology. Such black-and-white thinking seems pretty irresponsible to me. It does not allow for judges to use discretion, as this one has.

      Let's take a look at it from a harm perspective. How much trouble did this really cause? Some kid cracking files to steal someone else's bandwidth -- this is akin to petty larceny -- maybe breaking and entry at worst. I can understand a judge opting for leniency in this case, the same way they may be inclined to opt for leniency for a breaking and entry case. Just because very few people understand the crime, doesn't necessarily mean that it should carry a requisite absolute punishment. That's just an overreaction -- no different from mandatory minimum sentencing for drug offenders. All that will do is overcrowd prisons and turn part-time petty criminals into full-time criminals. I don't know about English prisons, but I've seen US prisons -- from what I read in the article, this kid doesn't belong there.

      Now, if McElroy had caused any real damage (like viewing classified material, etc) -- then an appropriate penalty shuold have been levied. However, unless our DoE computer centers are run by complete morons, there's probably a really good chance that classified materials were not available to McElroy. If this was apparent, it adds far more credibility to the argument that a 17-year-old kid (this was 2 years ago) was just screwing around.

      On another note:

      Fearing a terrorist attack, the computer was closed down for three days
      If there actually was classified material at stake, it begs the question: What asshole puts a network like this on the public Internet? Isn't that asking for a terrorist attack? It brings to mind another law: In some US states, it's illegal to leave your car idling with the key in it. It's ticketable and adds points to your license. Sure, if some asshole steals the car, it's far more illegal -- but it shares some of the responsibility wity the operator. Shouldn't someone at Fermi lab be held responsible for this as well? This is a DoE computer that my tax dollars paid for. I say that we should forget about creating more anti-terrorism laws. If someone makes the collosal fuck-up of making a classified system accessible on the public Internet, in any way, they should be penalized for negligently putting millions of lives at risk (allowing for flexible sentencing as the judge sees fit, of course).
  • twit (Score:5, Insightful)

    by ed.han ( 444783 ) on Tuesday February 03, 2004 @10:04AM (#8168792) Journal
    what kind of twit takes the space at a sensitive research facility for MP3s and divx stuff? he should also count himself lucky he wasn't in the US: he'd be halfway to [remote prison facility] within hours.

    serves as proof that hackers aren't necessarily smart.

    ed
    • Re:twit (Score:5, Interesting)

      by gl4ss ( 559668 ) on Tuesday February 03, 2004 @10:13AM (#8168877) Homepage Journal
      well I wouldn't be surprised if he didn't even know it was the fermi labs.

      these type of guys scan just vast numbers of servers for flaws(open your apache log and you'll see a few) then open up some space on ftp and fxp some stuff to it from another(sometimes) similar ftp and then go post the thing on some list for fame(or tell it to some group of theirs). most companies never bother to raise hell over this, and most of the time it would be very difficult too as the ftp might have been used by hundreds of people all over from the globe.

    • Re:twit (Score:4, Insightful)

      by ThomK ( 194273 ) on Tuesday February 03, 2004 @10:15AM (#8168903) Homepage Journal
      serves as proof that hackers aren't necessarily smart.
      Then they shouldn't be called a hacker [wikipedia.org]
    • what kind of twit takes the space at a sensitive research facility for MP3s and divx stuff?

      I think the word you're looking for is "script kiddie". "Flaw in the authentication method" probbably means one of the multiple holes in ssh.

      I seriously doubt anyone but a script kid would be stupid enough to use a compromised server for anything as easily discoverable, and stupid as DLing mp3s and divx movies.
    • Maybe someone should invite him to come to a security convention in the US and give a presentation on how he did it.

      That'd fix him.

  • by Anonymous Coward on Tuesday February 03, 2004 @10:04AM (#8168793)
    This hacker could have inadvertaintly invented cold fusion just before Morgan Freeman destoyed chicago in an attempt to keep him from hooking up with Kate Winslet on his super-sonic 50cc Kawasaki.

    I know for a fact this could have been worse. I saw it at the theater. Full price.
  • by sonarniche ( 514350 ) on Tuesday February 03, 2004 @10:05AM (#8168802)
    he gets 200 hours for hacking into a national laboratory, but will probably have to pay every last penny he owns to the RIAA and MPAA for having illegal copies of music. hrmm....
  • Damnit... (Score:4, Funny)

    by JoeLinux ( 20366 ) <joelinux@ g m a i l . c om> on Tuesday February 03, 2004 @10:06AM (#8168812)
    I wanted to see someone write "1 4m 1337" using an electron accelerator.
  • Pirates? (Score:4, Funny)

    by Bob Loblaw ( 545027 ) on Tuesday February 03, 2004 @10:07AM (#8168820)
    Arrr ... matey ... I reckon 'tis gold in dem particle collectors!
    • I don't know which I'm more ashamed of... that my first reaction to this headline was "HARRRRRR!" or that I'm disappointed it took 10 comments for someone else to post a pirate reference...

      *sigh

      Oh, offtopic.
  • by Anonymous Coward
    Seems pretty obvious that senstive computers should be physically separated from any connection to the internet?


    "Computers are an important feature of life in the 21st century," said Judge Goymer.

    "Government, industry and commerce, as well as a whole variety of other institutions, depend upon the integrity and reliability of their computers in order that their proper and legitimate activities can be carried on."


    And that's the problem, in a nutshell. Dependency on technology that's flawed. But the jud
    • by n0mad6 ( 668307 ) on Tuesday February 03, 2004 @10:22AM (#8168986)
      Speaking as someone who works at Fermilab...

      There are thousands of computers at Fermilab, the vast majority which are desktop workstations running linux (logins are through Kerberos). Being your typical office computers sitting on a desk, they are connected to the internet via fairly high bandwidth. As we know, the WWW was invented in order for high-energy physicists to share data throughout the world, so not only does it not make sense for these machines to be cut off from the internet, it is an essential part of scientific research. Any machine that actually controls an aspect of an experiment (connected to any sort of particle accelerator or detector) is not likely to be connected to the internet.

      So, yes, physicists and other scientists do depend on flawed technology, mostly because its the easiest way to be able to keep connected when you're dealing with large collaborations stretched across the world. The downside may be the occasional kid (wrongfully) taking advantage of a desktop machine attached to a T1 line. Where security is more vital, it is present. But its simply impossible to insure that everyone's desktop machine is secure or not.

  • by Yoda2 ( 522522 ) on Tuesday February 03, 2004 @10:08AM (#8168830)
    Well since we're reading this it would seem that the l33t script kiddie didn't inadvertently use the collider to create a black hole and/or destroy the universe while "gettin his tunes" so I guess community service is about right.

    Shame on the facility for having such weak security.

  • Now if we need a definition of what it means to be 31337, this is certainly it.

    Though perhaps it wouldn't been 313373|2 to have never been caught... and use the compromised host as a public filesharing server. ;)
  • by shoppa ( 464619 ) on Tuesday February 03, 2004 @10:09AM (#8168845)
    Realistically, many of the machines at Fermilab are admin'ed by physics postdocs and grad students. Their first priority is science, of course, and few have had any "official" training in setting up secure machines.

    The national labs have done a good job at firewalling off the non-professionaly administered machines where feasible, but the academics really don't like anything that slows down collaboration. Thus there are lots of open machines, ftp and telnet still abound and give lots of opportunities to swipe usernames/passwords in the clear even though ssh and scp are available, etc.

    Most (but not all) machines running the accelerator and the detectors are on their own mostly-private subnets.

    • > many of the machines at Fermilab are admin'ed by physics postdocs and grad students.

      Yes but you forget to mention the rabid (to their credit) security team the lab has. The sniffers they have set up are effective.

      It usually takes them less than 24 hours to identify a machine that has traffic patterns beyond the norm, often within one or two hours they can blackhole a port if warranted and hunt down the owner of the machine.

      Previously I would have called it suicide to operate a largely unfirewalled n
  • by E-Tigger ( 601072 ) on Tuesday February 03, 2004 @10:09AM (#8168846)
    In a surprise announcement from Fermi Labs, it would seem that the basic building blocks of matter, created from our accelerator tests is in fact, pr0n.

    In fact there seemed to be quite a lot of it in our reports, as well as some indication that the sound of the big bang was in fact a Britney Spears mp3...
  • by Damion ( 13279 )
    My first thought on reading the headline was that someone dressed in a pirate suit had managed to get inside and was forcing researchers to walk the plank.

    "Arr, I'll supercollide ye!"
  • Silly (Score:4, Informative)

    by Anonymous Coward on Tuesday February 03, 2004 @10:10AM (#8168861)
    I've worked at Fermi National Accelerator Lab (fnal.gov) for 4 years, so perhaps I could troll a bit: since they have so many Linux machines (nearly all on Internet accessable IP) and no firewall (recently there are some firewalled ports) this is not a unique occurance, this happens *all* the time.

    On the other hand, FermiLab does no defense/weapon work or any kind or any classified work as far as I know, a lot of people confuse it with Argonne National Lab (and be really glad Argonne wasn't named an Accelerator Lab, otherwise we'd have anal.gov)

    -frin
  • Probably the stupidest thing to hack is a government computer. Probably the dumbest thing to put on stolen drivespace is pirated movies. Add the two and you're asking to get slapped with terrorism accusations for something stupid like a pirated copy of "Finding Nemo."
  • by Anonymous Coward on Tuesday February 03, 2004 @10:11AM (#8168866)

    Here's what really happened. Users in one of the labs are all given web space on a web server. Now, the IT staff is low on manpower, with government funding behind diverted to the war in Iraq. So, security (among other things) is kind of lax.

    Basically, McElroy ran Jack the Ripper on the password file. We're using an SGI 1400L from 1997. He got the root password, and removed the limits of his disk quota. Then, he stored a bunch of ripped DVD's and MP3's in his webspace.

    Now you ask, why isn't the government making a big deal about this? They know their security policy is weak, and they just ramped it up. The 'alert' is really just a few days for them to get things back they way they should be. If they said "well, we won't prosecute him because if people really know what happened, it'd make us look bad", what would the American public (and rest of the world) think?!
  • by AtariAmarok ( 451306 ) on Tuesday February 03, 2004 @10:12AM (#8168872)
    It could have been worse. He could have been caught smuggling atoms out of the place in his pockets.

    "See? He's got atoms in his pockets! Call the local constabulary, Smithers!"
  • "It turns out that the hacker was a student using the machines to download and store music and movie."

    I'm not gonna put it past anyone, because you never know... but one must wonder why anyone with the knowledge necessary to do such a thing would waste it on downloading crap when they could just go to a WiFi hotspot, or hack into any random user's account. It seems a lot more likely that it would provide an innocuous cover for whatever it was they were really doing, and account for large volumes of bandwi
  • There's a Register [theregister.co.uk] article too.

    Let's hear it for hackers from Woodford Green (come on, there must be more than just me and this guy).
  • by freeze128 ( 544774 ) on Tuesday February 03, 2004 @10:15AM (#8168913)
    It sounds like he was just a student who had access to those machines. Does knowing the root password make you a hacker?

    How about a new headline: Student abuses Lab's computers.
  • Pirate?? (Score:2, Redundant)

    by Lumpy ( 12016 )
    Arr! There they be mayties! pillage the lot and rape the cattle! The rest of you grab the booty! Arr!

    Oh yeah, I'm sure it was a pirate...

    ya gotta love the stupidity that is the press these days.
  • by AlistairGroves ( 546420 ) on Tuesday February 03, 2004 @10:19AM (#8168955)
    This happened last year, he's only just been sentenced (by the british, not the americans). And this had nothing to do with the Patriot act. The reason he chose Fermi Labs is that he mistakenly thought it was a academic facility and so would not pay bandwidth fees (unis etc in England don't pay for bandwidth)

    I'm not condoning his actions, just trying to clear up some of the FUD
  • (AP) "Area police have warned residents in the Fermi area to be in the lookout for rampaging mutant MP3 files and DIVX rips. These were said to be innocent p2p files until they were stored in servers deep inside Fermilab. They were inadvertantly released when someone opened the server with a hacked open Grokster client.

    Anyone who sights one of these monsters on their property is urged to contact either the RIAA or the Nuclear Regulatory Commission immediately. If you hear a wailing 'Ooops. I did it agaAAAI
  • ...but if I had a say as the lawyer for the U.S., I would have demanded a harsher sentence. Whether or not this guy intended any harm, he still broke the law (as far as I know, blah blah blah), and should be punished.

    The judge seemed to let him off the hook because he was unable to pay, and indeed, he'll be unable to pay for another three years or more. However, the judge could have sentenced him to work co-op terms (for the U.S. Government, reparing their security), or even deferred the payment plan
  • Now even slashdot is falling into line with this stuff.

    The Slashdot *I* know would have a headline of "So-Called Hacker at Fermilab is Just a Student Warez Pirate".

    Hmmmph.
  • by John Seminal ( 698722 ) on Tuesday February 03, 2004 @10:29AM (#8169042) Journal
    A UK teenager who hacked into a US Government laboratory's computer network has been ordered to serve 200 hours community service. Joseph McElroy used the lab's computers for films and music taken from the net.

    Southwark Crown Court waived a demand for 21,000 in damages as it ruled that McElroy could not pay the fine.

    That is the fine by britian. I wonder what british law he broke??

    But he obviously broke USA law. I wonder if the FBI can arrest him and force his export.

    I do not understand the culture of people thinking that they own everything. What gave this guy the right to steal bandwith from someone else? What gave him the right to steal the storage space? What gave him the right to break into someone elses pc?

    The anwser is tougher laws and more extradition treaties. And by comparison, what ever happened to that phillapino kid who was caught writing viruses? I thought they threw the book at him. Why will the british kid get an easier sentance?

    • But he obviously broke USA law. I wonder if the FBI can arrest him and force his export.

      I do not understand the culture of people thinking that they own everything. What gave this guy the right to steal bandwith from someone else? What gave him the right to steal the storage space? What gave him the right to break into someone elses pc?

      He's a script kiddie who stored some mp3s and movies on a poorly-secured machine in an unclassified lab.

      He used some bandwidth and storage space for his personal conve

  • Only 200 hours? (Score:2, Insightful)

    by SharkPork ( 572539 )
    Is "community service" really really punishing or something? They were going to fine him 21,000 dollars, but instead chose to give him 200 hours of community service... That's $105 an hour.. can I find some community service like that? Please?
  • Particle Colliders (Score:3, Interesting)

    by solarlux ( 610904 ) <noplasmaNO@SPAMyahoo.com> on Tuesday February 03, 2004 @10:32AM (#8169075)
    While we're on the topic of particle accelerators, mark your calendars for 2007 -- that's when the Large Hadron Collider will be completed in Switzerland, marking a significant step forward in particle physics.

    Here's a brief description from the CERN [web.cern.ch] website:

    What is LHC? The Large Hadron Collider (LHC) is a particle accelerator which will probe deeper into matter than ever before. Due to switch on in 2007, it will ultimately collide beams of protons at an energy of 14 TeV . Beams of lead nuclei will be also accelerated, smashing together with a collision energy of 1150 TeV.

    A TeV is a unit of energy used in particle physics. 1 TeV is about the energy of motion of a flying mosquito. What makes the LHC so extraordinary is that it squeezes energy into a space about a million million times smaller than a mosquito.

    The LHC is the next step in a voyage of discovery which began a century ago. Back then, scientists had just discovered all kinds of mysterious rays, X-rays, cathode rays, alpha and beta rays. Where did they come from? Were they all made of the same thing, and if so what? These questions have now been answered, giving us a much greater understanding of the Universe. Along the way, the answers have changed our daily lives, giving us televisions, transistors, medical imaging devices and computers. On the threshold of the 21st century, we face new questions which the LHC is designed to address. Who can tell what new developments the answers may bring?
  • How does storing media on a foreign server make someone a "pirate"? Has this term been abused to also include stealing disk space?

    Or...does he look like this [nypl.org]?
  • by widderslainte ( 121941 ) on Tuesday February 03, 2004 @10:36AM (#8169111)
    As a Pirate-American, I take offense at the use of the term "pirate" for a simple hacker or cracker. Where are his sea legs, his parrot/monkey, his eye patch or pegleg?
  • by Angstroem ( 692547 ) on Tuesday February 03, 2004 @10:36AM (#8169112)
    ...for the sysop who let open an obviously well-known security hole?

    I'm not defending that little hacker guy (erm, what kind of hacker is he anyway exploiting a known weakness to gain bandwidth and storage for MP3 and DivX files... I'd rather make him manually punch one of these files into punch tape instead of those 200 hours civil service which he might find even interesting), but if you run a high-security network infrastructure, then you better be up-to-date with the latest patches and countermeasures. It's not done with applying the latest IE "security update" every Tuesday...

    Now calling for a more drastic punishment and considering the current (IMO fair) one as a green light, just shows what's wrong with some people: If hijacking company computers and networks for bandwidth and storage abuse becomes an increasingly common practice in the online world than those "security experts" should probably do their homework and fix the systems instead of calling the cops.

    If you leave your car open and someone steals your car hifi, it's entirely your fault. (Go ask your insurance...) Whose car it is shouldn't play a role when sentencing the thief.

  • Ahoy! (Score:3, Funny)

    by Henry V .009 ( 518000 ) on Tuesday February 03, 2004 @10:37AM (#8169124) Journal
    Fermi Lab Compromised by Pirate

    Damn it. I was expecting a bit of coastal raiding action from this story. Maybe black flags with the skull and crossbones. A little rapine and pillaging of the Fermi Lab.

    Damn corruption of the English language.
  • by Physics Nobody ( 688399 ) on Tuesday February 03, 2004 @10:46AM (#8169288)

    Why does everybody seem to think that Fermilab is some kind of sensitive facility? News flash: Fermilab is a basic research facility, not a top secret weapons lab. Their security is lax because they really don't have anything to hide. All their results are available to the public anyway. After all, that is sort of the whole point of basic research. And it's not like the compromised computer was part of the control system or anything. Fermilab has a lot of computers. The place is huge.

    Besides which, if you actually read about the case you'd realize that this guy had access to the computers anyway and all he did was crack the root password to increase his disk quota. Now, I'm not saying that's a good thing but it's more like abuse of a computer lab than anything.

  • by Cap'n Canuck ( 622106 ) on Tuesday February 03, 2004 @10:50AM (#8169348)
    This Just In...

    Fermi Labs announced the production of a new supersized sub-atomic particle, boxons. Boxons were created by smashing oxygen with bosons (another sub-atomic particle).

    Examined through the most powerful microscope in the world, the boxon appears to be a cardboard box, with the words "Shroedinger's Cat" written on the side. Sadly, the box is empty.
  • Fermi Lab: Not Fair!


    Student: Pirate
  • by cdn-programmer ( 468978 ) <terrNO@SPAMterralogic.net> on Tuesday February 03, 2004 @11:18AM (#8169712)
    I've posted this unpopular sentiment before and I guess I am still on the pedestal.

    Those machines, and many others are just as open to our enemies the likes of which include Osama Bin Laden, Saddam Hussein (before he was captured) and many others. Had they cracked in (which they may well have done and may well be doing), the machines will probably not be used as a receptical for kiddie porn.

    Were it not for kids that are just mucking about poking their collective digits where the authorities would rather not be poked - our authorities would remain FAT DUMB and HAPPY dreaming their collective bliss.

    We live in the real world where we have many real enemies. We need secure systems that we can count on. Each time some kid pokes his finger into a vulnerable spot it helps to educate the masses that they really do need to pay attention.

    Perhaps the judge in this case realises this. 200 hours is a suitable punishment, even if it is perhaps a little severe.

    One thing that I think needs to be recognised is that there are many would be very competant systems admins who frequent slash dot. Many of these people would relish a well paying job and could be gainfully employed closing these security holes. Perhaps our authorities and joe sixpack in general should open their eyes and smell the coffee here.

  • by ScienceMan ( 636648 ) on Tuesday February 03, 2004 @12:12PM (#8170492)
    First of all, it is not possible to log into any service at Fermilab without a Kerberos principal. ftp and telnet are not permitted, and there is an active security eam that scans ports on a continuous basis and will shut down any offending machine. There is no firewall because all traffic must be either outgoing web and data services or kerberized if incoming.

    I have personally seen Windows machines shut down within minutes and their wireless cards confiscated when brought onto the site if a virus is detected. These scans are not optional to the user and are automatically performed. The fact that this user was caught and security tightened to prevent recurrences is proof that there is good security there. The comments above are almost all completely uneducated.

    Finally, as noted above by some (few) intelligent readers, the story is old and is really about sentencing. there has been no recent compromise.

    Troll-prevention note and disclaimer: For those who think the above or the story itself is an invitation to hack, I can point out that several such attempts occur per day, keeping the security team busy and alert, but that essentially all of them fail and the rare successful ones earn the attention of the FBI.
  • by eagl ( 86459 ) on Tuesday February 03, 2004 @01:41PM (#8171771) Journal
    More interesting than the actual act of hacking into a US DoE network is the legal precedent set by the Judge in the UK. Although he found the kid guilty and sentenced him to 200 hours of community service, he failed to make him pay the roughly $38,000 in damages he cost the DoE as they took 17 computers down for 3 days to clean up the mess he made.

    According to CNN http://www.cnn.com/2004/TECH/internet/02/03/britai n.hacker.reut/index.html the justification for failing to make the kid pay the actual financial damages he caused was that no classified information was compromised. This sets a legal precedent that is simply outstanding for budding young international hackers both in the US and the UK, because it means that as long as they do not compromise classified information, they can cause as much financial loss as they want and not be held liable for it beyond public service outside of the country they caused the damage in. For US script kiddies, this should mean that if they're caught hacking into UK government systems, the UK government should not ask the US to recover any financial damages unless classified information was compromised.

    See, the US and UK really ARE allies in the war against... ummm... are we FOR or AGAINST script kiddies this week?

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...