As the Large Hadron Collider (LHC) circulated its first beam of particles last Wednesday, there was an electronic battle being waged inside the computer systems of the Compact Muon Solenoid Experiment (CMS), one of the four LHC detectors. The detector’s monitoring systems (CMSMON) were compromised and Greek hackers were able to upload half a dozen files during September 9th and 10th forcing CMS software engineers to scour all the systems for any more hidden files as the historic LHC “switch on” happened around them. The detector’s website displayed the Greek Security Team‘s (GST) replacement, mocking the poor security of the international particle accelerator facility, CERN.
This chain of events will of course raise a few eyebrows as to how this could possibly have happened at the multi-billion pound experiment (after all, CERN was the birthplace of the World Wide Web back in 1991), but the LHC is a huge target for hackers, if there’s a flaw, someone will eventually exploit it. CERN officials have pointed out that the security breach did not affect any experiment-critical systems, but there was bound to be some worried faces at CMS last week…
As soon as the dust settled after the big LHC event last week, news appeared that Greek hackers had found CERN’s electronic Achilles Heal: CMSMON. With thanks to David Gamey for drawing my attention to this, according to reports on Friday (that I’ve only just had time to read… as I was getting married at the time!), the hackers – calling themselves the “Greek Security Team” – slipped past non-critical systems, calling CERN’s software engineers, “a bunch of schoolkids.” They had uploaded six files and caused minimal damage to the LHC systems. In a long bragging note on the CMS website (www.cmsmon.cern.ch – currently offline), the faceless members of the GST pointed out they were “…pulling your pants down because we don’t want to see you running around naked looking to hide yourselves when the panic comes.” By the looks of things, the GST had a lot of other things to say, but I neither have the time or the Greek-reading ability to find out what they did say.
Although the team neglected to specify where the security flaws were, they did say in one of the documents they uploaded, “Recent events show that computer security issues are becoming a serious problem also at Cern.”
While I’m mildly impressed by the GST’s attack on the LHC, I’m also a little disappointed they haven’t made their intent very clear. Like many hacking escapades, these are intelligent individuals with too much time on their hands showing off their security-evading techniques. Often, like this self-professed web security team, they claim their existence is required to seek out flaws in systems protecting valuable data in the hope of the owner upgrading their firewalls. When I first read about this, I was perversely hoping for a little more. Perhaps Walter Wagner had found a way to stop the “doomsday machine” himself? Or the People for the Ethical Treatment of Hadrons (PETH) were trying to electronically mount a quark prison break? But no, just a few guys showing off, proving to the world they are geeky Greeks on a mission to rid the world of faulty firewalls…
Where have all the activists gone? Judging by the furore churned up in the run-up to September 10th, I thought the doomsayers were actually going to do something rather than lodging piecemeal lawsuits that were never going to succeed.
Alas, even if Otto Rossler and the GST teamed up, they wouldn’t get far. Although this event will have frustrated CERN technicians, it is unlikely that they would have gotten any further than crashing a website. CERN practices a defence-in-depth strategy, where control network layers are firewalled and password protected. Generally this system is safe from attacks on the outside, but should malicious software find its way into CERN via an unwitting employee (perhaps through a USB device or laptop – much like the Space Station worm in August), the first line of defence could be compromised. CERN believes the security details of a US worker at Fermilab’s Tevatron may have been stolen, allowing the hackers access to the LHC.
It would appear it is business as usual at CERN and the LHC commissioning is accelerating nicely before the first particle collisions in October, so I’ll leave you with an inspiring image from the CMS as a beam of protons entered the detector on Wednesday, hitting the collimator blocks. You can see the debris from the low energy collisions making an impressive pattern, imagine what the scene will look like during a 14 TeV collision!