Followers

Tuesday, September 16, 2008

Large Hadron Collider's Hacker Infiltration Highlights Vulnerabilities

By Brandon Keim

Though the Large Hadron Collider's infiltration by hackers did not disrupt the historic project, experts warn that its computer systems are vulnerable -- though at least their exploitation won't destroy Earth.

Shortly after physicists activated the Collider on Wednesday, hackers identifying themselves as Group 2600 of the Greek Security Team accessed computers connected to the Compact Muon Solenoid detector, one of four key subsystems responsible for monitoring the collisions of protons speeding around the 18-mile track near Geneva, Switzerland.

A few scientists had worried that the experiment could inadvertently create a planet-swallowing black hole. Physicists called this impossible, or at least extraordinarily unlikely. But the hack raises a different sort of worst-case scenario: the largest and most complicated science experiment in history, intended to reveal basic information about the composition of matter, derailed by malevolent intruders.

"The LHC experiments have very complex computer systems for data recording and analysis and even more sensitive systems for experiment control, trigger and data acquisition," said MIT physicist and Collider collaborator Frank Taylor. "You could imagine that penetrating the 'real time domain' could have catastrophic consequences."

The hackers were stopped before they could access the Collider's central computer system, but were described by the Telegraph as being "one step away" from full control of the CMS. They deleted one as-yet publicly unidentified file -- the hacker equivalent, perhaps, of counting coup.

"We're pulling your pants down because we don't want to see you running around naked looking to hide yourselves when the panic comes," wrote the intruders in a note left on the Collider's website.

"There seems to be no harm done. From what [the computer security team] can tell, it was someone making the point that CMS was hackable," said James Gillies, spokesman for Cern, to the Telegraph.

Computer security at the Collider has received less attention than other aspects of the historic experiment, but insiders have previously expressed concern.

In November, an article in the computer affairs newsletter of CERN -- the European Organization for Nuclear Research, home to the Collider -- warned of potential security breaches.

"Vulnerability scans at CERN using standard IT tools have shown that commercial automation systems often lack even fundamental security precautions: some systems crashed during the scan, while others could easily be stopped or have their process data altered," wrote CERN computer security officer Stefan Luders.

The consequences of a breach, wrote Luders, "are inherent to the design of CERN's accelerators and the affiliated experiments. All run a variety of control systems: some of them are complex, some of them deal with personnel safety, and some of them control or protect expensive or irreplaceable equipment. Thus, CERN's assets and their proper operation are at stake."

But those worried by hacker-unleashed black holes and Big Bang energies can rest easy. "The LHC is just a bunch of magnets that steer the proton beams plus radio frequency cavities to accelerate them," said Northeastern University physicist Stephen Reucroft. "The amount of energy involved is miniscule. Similarly, the CMS is a magnet with a lot of sensors operating under a variety of voltages. Not much damage could be done there by diddling with the computer."

Of course, damage is relative when discussing the controls of a six billion dollar experiment.

"Hacking is a bad thing," said Lee Smolin, a professor at the Perimeter Institute for Theoretical Physics who is not involved with the Collider. "It can damage the work of thousands of people who have been working for decades to advance science."

Images: The endcap of the Compact Muon Solenoid Detector, from WikiMedia Commons; a screenshot of the CMS website (now unavailable) after the hack; and researchers standing inside the CMS, courtesy of the Insitute for Research on the Fundamentals of the Universe.

Original here

No comments: