Sunday, September 14, 2008

LHC security breached


To the hackers: GET A LIFE!

"Hackers Infiltrate Large Hadron Collider"

by

Brandon Keim

September 14th, 2008

Wired

The Large Hadron Collider has been hacked.

"We're pulling your pants down because we don't want to see you running around naked looking to hide yourselves when the panic comes," wrote the intruders in a note left on the Collider's website.

Identifying themselves as Group 2600 of the Greek Security Team, the hackers accessed computers connected to the Compact Muon Solenoid detector, one of four key subsystems responsible for monitoring the collisions of protons speeding around the 18-mile track near Geneva, Switzerland.

The Telegraph reported that the attack began on Wednesday, shortly after physicists activated the Collider. A few scientists had worried that the experiment could inadvertently create a planet-destroying black hole.

Physicists called this impossible, or at least extraordinarily unlikely. But the hack raises a different sort of worst-case scenario: the largest and most complicated science experiment in history, intended to reveal basic information about the composition of matter, derailed by malevolent intruders.

"The LHC experiments have very complex computer systems for data recording and analysis and even more sensitive systems for experiment control, trigger and data acquisition," said MIT physicist and Collider collaborator Frank Taylor. "You could imagine that penetrating the 'real time domain' could have catastrophic consequences."

The hackers were stopped before they could access the Collider's central computer system, but were described by the Telegraph as being "one step away" from full control of the CMS. They deleted one as-yet publicly unidentified file -- the hacker equivalent, perhaps, of counting coup.

"There seems to be no harm done. From what [the computer security team] can tell, it was someone making the point that CMS was hackable," said James Gillies, spokesman for Cern, to the Telegraph.

Computer security at the Collider has received less attention than other aspects of the historic experiment, but insiders have previously expressed concern.

In November, an article in the computer affairs newsletter of CERN -- the European Organization for Nuclear Research, home to the Collider -- warned of potential security breaches.

"Vulnerability scans at CERN using standard IT tools have shown that commercial automation systems often lack even fundamental security precautions: some systems crashed during the scan, while others could easily be stopped or have their process data altered," wrote CERN computer security officer Stefan Luders.

The consequences of a breach, wrote Luders, "are inherent to the design of CERN's accelerators and the affiliated experiments. All run a variety of control systems: some of them are complex, some of them deal with personnel safety, and some of them control or protect expensive or irreplaceable equipment. Thus, CERN's assets and their proper operation are at stake."

"Hacking is a bad thing," said Lee Smolin, a professor at the Perimeter Institute for Theoretical Physics who is not involved with the Collider. "It can damage the work of thousands of people who have been working for decades to advance science."

No comments: