Subscription Center
Sep 12, 2008 03:32 PM | 13
As the first particles began circulating in the Large Hadron Collider (LHC) this week, a group of hackers calling themselves the "Greek Security Team" penetrated computer systems inside CERN's Geneva, Switzerland, facility, where the world's biggest particle accelerator is housed, the Telegraph.co.uk reported today.
The hackers were reportedly targeting the Compact Muon Solenoid Experiment (CMS), a device in Cessy, France, built to monitor a wide range of particles and phenomena produced in high-energy collisions in the LHC. The 12,500-ton detector's different layers (weighing, according to CERN, as much as 30 jumbo jets or 2,500 African elephants) stop and measure the different particles, and use this data to form a picture of events at the heart of the collision. Scientists plan to use the info to help answer questions about what the universe is really made of and what forces act within it.
On Wednesday, as the LHC was revving up, CMS engineers searched computers for half a dozen files uploaded by the hackers. The interlopers accessed the computer that monitors the CMS software system as the CMS collects data during particle collisions.
CERN scientists says no harm was done but that the break-in raises security concerns, given that intruders were able to penetrate so close to the CMS's computer control system, according to the Telegraph.co.uk. In other words, the hackers came this close to being able to switch off some CMS controls.
"We are 2600 - dont mess with us. (sic)," the group warned in a message to CERN engineers. The "2600" refers to a U.S. magazine published quarterly that appeals to the hackers worldwide by publishing technical information about telephone switching systems, the Internet and other technology, as well as computer-related news. The mindset behind the sharing of this information is to find vulnerabilities in the computer systems used by government and industry and force them to improve their security by exploiting their flaws. In fact, 2600 has become a brand in the hacker world: in addition to 2600: The Hacker Quarterly; an organization known as 2600 hosts hacker conferences and there's even a film company of that name that's made a documentary on legendary hacker Kevin Mitnick.
Given the huge interest not to mention the enormity of the LHC's task, it's "highly disturbing" that hackers were able to compromise and change data on its Web site, Graham Cluley, security researcher with Sophos Plc (a security services firm based in both the UK and Burlington, Mass.) wrote in his blog today. "Theoretically," he noted, "hackers could have planted malicious code which could have stolen identities or installed malware onto the computers of millions of web visitors."
Image courtesy of CERN
Tags:
security,
LHC,
Computers
More News Blog:
Next: Moo: Country-of-Origin labels for U.S. foods
Previous: Meteorologists to Texans: Get out of town before Hurricane Ike hits
See what we're tweeting about
dbiello moore tornado questions and answers with @NOAA severe storm lab's harold brooks http://t.co/jSXqFvHRRb
Myrmecos Recipe for a Photograph #2: Bee in Flight http://t.co/s5JuowiF5H
BoraZ RT @jayrosen_nyu: "Karl wanted to go beyond exclusive. He wanted a scoop and a nailed lie too. But he mis-nailed it." http://t.co/br6RgZ5ygK
Deadline: Jul 15 2013
Reward: $5,000 USD
SciBX: Science-Business eXchange, a joint publication from the makers
Deadline: Jul 25 2013
Reward: Varies
This challenge provides an opportunity for Solvers to build a web-based or mobile “app” to explore data relationships in scholarly conte
Powered By: 
YES! Send me a free issue of Scientific American with no obligation to continue the subscription. If I like it, I will be billed for the one-year subscription.
13 Comments
Add Comment"what the university is made of"? Maybe you mean the universe?
Reply | Report Abuse | Link to thisNot cool.
Reply | Report Abuse | Link to thisBuncha idiots hack the LHC, why? To illustrate that computers aren't secure? There's a newsflash. Everyone knows that. Screwing with superscience isn't altruistic. Screw with politicians websites if you want some attention.
Here's a question. Why is equipment in the LHC even physically connected to a network with an outside connection? Bad.
Interesting...
Reply | Report Abuse | Link to thisHave you seen the video of British comedians discussing the wisdom of creating black holes on Earth. Funny, Funny, Funny!
http://www.videosift.com/video/The-british-joke-about-the-Black-hole-machine
Similar at: http://www.lhcfacts.org/?cat=29
we have people being seriously worried about black holes and antimatter (seriously, we don't have to be) on one end, and people fooling around with the machine that COULD do it on the other. that's like having a group of idiots sneaking into a nuclear reactor to fool around with the controls to TELL the owners that their security is not good enough. they may be the masters of computers, but they have no idea what the heck they're playing around with in there.
Reply | Report Abuse | Link to thisAt least they haven't planted any virus, which is nice...given the scope of LHC project and importance.
Reply | Report Abuse | Link to thisThe indifference of groups and people like that is why the penalties for hacking have to be significantly increased. No more slaps on the wrist of confiscation, fines and trips to minimum security facilities. Even conspiratorial planning of hacking should be felonies with hard jail time. It has nothing to do with "demanding they improve security." It's all about ego and self-centered gratification.
Reply | Report Abuse | Link to thisAs I understand it, the data from the system (a collossal amount!) needs to be available to scientists world-wide, which requires that the system not be 100% closed. Of course, as soon as you open it up, some fool will convince himself it is his 'job' to hack it to 'prove' it isn't secure.
Reply | Report Abuse | Link to thisHeck, let's shoot a few people to prove walking down the sidewalk isn't secure #just shoot them in the arm, you know, to make the point 'harmlessly'#..... so that people will learn to either never leave their homes, or to only go out in full body armor #but if you do go out, we'll keep shooting you so we can find any weakness in that armor!#
By "testing" for security flaws, you can basically find a problem that wouldn't have been a real problem (only one of a billion unlikely possibilities) that costs humanity a ton of time and money to "solve", which only gets done because you 'tested' for the problem in the first place, since most likely, no one but the 'testers' would bother to mess with that 'vulnerability' in the first place. And it is an endless problem, because frankly, no matter how much you force people to beef up security, unless you totally close networks there is always a way in, so you create a viscious cycle of wasted resources.
I bet these hackers are smart enough to contribute something that actually would be good for humanity if they weren't wasting their time trying to be righteous rebels.
Of course that's just my opinion, and I admit that I'm no expert in this area that there could be a lot of information I'm just not privy to that could somehow justify their actions, but from what experience I do have, it really sounds like the hackers are barking up the wrong tree.
"The hackers were reportedly targeting the Compact Muon Solenoid Experiment (CMS), a device in Cessy, France"
Reply | Report Abuse | Link to thisPlease refrain from using term Hacker (uses his/her knowledge for improving technology), these guys are Crackers unethical use of their knowledge.
:44 pm #102 (permalink) (top)
Reply | Report Abuse | Link to thisRobert Marsh II
THE FIFTH KNIGHT
LHC Update: Hackers Mounted An Attack Upon The LHC: ------A group of hackers identified as the Greek Security Team inserted their logo, and warned the CERN LHC not to mess with them. They conveyed the idea, that they did not wish to disrupt the 'warm-up' exercises, but wanted to prove LHC security is seriously lacking during a cyberattack! Meetings are now in progress to guard against further outside security intrusions in the future. One problem initially sighted LHC's wide-open public profile, and their connections to all major communication systems worldwide: An Achilles Heel!
Imagine the LHC running wide-open at full-blast in 2009, with preparations to execute possibly dangerous heavy Lead (Pb) ion collisions, and a sweeping DNS cyberattack knocks-out all Internet and telephone services. Now the LHC controls are in the hands of some unknown cyber-warriors, and in the midst of this complete brain-numbing chaos, miraculously, a single telephone begins to ring! The receiver is picked-up in the LHC control-room, and someone on the other end, in some unfamiliar foreign tongue (Islamic radical), is rattling off a set of time-limits for their 'list of demands'. What are they going to do??? They better have strong underwear made of that NASA Tempur-Pedic Foam material, and fashioned into emergency diapers!
But most seriously, the LHC is not even warmed up yet, and scientists are designing the next larger facility: The International Linear Collider (ILC). 31 miles long, comprising of two giant linear 'guns' accelerating electrons and antimatter at near light-speed, and smashing them together. Yet another 8-10+ billion dollar investment.
Eeryone is invited to join a personal ongoing CERN LHC/ALICE/ATLAS Public Debate Forum Invitational in progress, through the following link:
http://thefifthknight.blogspot.com/
none of you get what this is about.
Reply | Report Abuse | Link to thisif the GST can get in and do no harm, then chances are a criminal organization, terrorist group, or hostile government can also get in do real harm. chances are, someone hostile has gotten in and has done some real harm. the GST did it for the lulz and got everyone's attention. now the vulnerabilities will get patched and the system will be that much more inaccessible to real criminals. some admins will probably lose their jobs, but obviously they weren't that good at their jobs to begin with.
when someone compromises a system, but does no harm other than drawing attention to the fact, they may not be doing you a favor, but they aren't doing you much harm either. it is always better to be had by a prankster than by a real criminal. real criminals don't disclose anything and don't let you know what the problem is.
real crime is compromising a system without disclosure. disclosure is how you push organizations to improve things, especially vendors, governments, and universities. keeping your vulnerabilities a secret empowers those vulnerabilities and turns them into weapons for real criminals to use against you. being made aware of your vulnerabilities forces you to improve your security.
as for making the penalties more severe for hacking, most of the time there aren't even laws in existence to cover most hacks. in the US, you have to demonstrate a significant threat or financial loss before the FBI gets involved, and lulz are neither a threat or pose financial loss. real crimes do though, and law enforcement needs to focus on real crime and not on pranks.
getting hacked is embarrassing. it makes you feel stupid and vulnerable and may even cost you your job, but if the only harm done is bruising your ego, consider yourself lucky. the real bad guys don't leave a calling card.
I agree with Chrizzle there..but what I'd like to know is why the heck was this particle accelerator that can potentially create Antimatter even connected with online controls? What gives a bunch of scientific voyears the right to jeopardize life as we know it on earth with their self aggrandizing irresponsibility? And who exactly takes the tab here wrt accountability?
Reply | Report Abuse | Link to thisYou have to wonder why the telecom / IT engineers even felt the need to wire the system to the 'net.
Reply | Report Abuse | Link to thisFirst of all, those of us up here in the physical world couldn't care less about the distinction between hackers, crackers, or those with chronic hacks from smoking crack.
Reply | Report Abuse | Link to thisSecondly, why don't these HACKers spend their time and effort doing something to benefit society, instead of doing something to disrupt a scientific experiment that might benefit society? Terrorists phoning in threats? Yeah, I can see it now: "Convert to Islam, or we'll totally screw up your particle accelerator! Hah! Try accelerating a particle NOW, infidel! HAHAHAHAHAAAA!"
Get real, nerds.