Cern's LHC hit with the same CERN technology by Greek hackers

15/09/2008 Written by SyS64738 (Roberto Preatoni)

The phan­tomatic Higgs boson still has no face, as the Cern’s LHC (Large Hadron Col­lider) didn’t pro­duce yet the planned pro­tons col­li­sions. Mean­while Cern’s web­site lost his own face, due to a Greek group of defac­ers called GST (Greek Secu­rity Team).

The defac­ers left a home­page mes­sage in Greek lan­guage. While when we learned about the CERN deface­ment every­body here was think­ing about a polit­i­cally, eth­i­cally or sci­en­tif­i­cally moti­vated attack, once trans­lated, the mes­sage left by the defac­ers embraces the usual top­ics so much loved by true script kid­dies: we are the best, you are the worst, we are leet, you are lame, we are 2600 (I won­der if these guys actu­ally know what 2600 means in the hacker world…), irc wars.… blah blah blah.

… continue

The deface­ment itself isn’t that inter­est­ing, they prob­a­bly com­pro­mised a CMS bug. What is inter­est­ing instead is how it hap­pened and what it involved at net­work level as UK’s Tele­graph reports:

“Sci­en­tists work­ing at Cern, the organ­i­sa­tion that runs the vast smasher, were wor­ried about what the hack­ers could do because they were “one step away” from the com­puter con­trol sys­tem of one of the huge detec­tors of the machine, a vast mag­net that weighs 12,500 tons, mea­sur­ing around 21 metres in length and 15 metres wide/​high.

If they had hacked into a sec­ond com­puter net­work, they could have turned off parts of the vast detec­tor and, said the insider, “it is hard enough to make these things work if no one is mess­ing with it.”

For­tu­nately, only one file was dam­aged but one of the sci­en­tists fir­ing off emails as the CMS team fought off the hack­ers said it was a “scary expe­ri­ence”.

We guess the dam­aged file being the index.html of the Cern home­page, no big deal but the “insider“‘s big mouth gives us a snip­pet of the large drama Cern’s sci­en­tists had lived once they got to know that the hack­ers were really close to crit­i­cal LHC net­work components.

We really hope that the Tele­graph informer was just high on the hype when released such state­ment, as we REFUSE to believe that the Cern’s guys weren’t wise enough to sep­a­rate the web­server from those net­work seg­ments man­ag­ing crit­i­cal infra­struc­tures such the LHC. If they didn’t sep­a­rate them, then the human race really deserves to dis­ap­pear swal­lowed by a self pro­duced black hole.

One col­or­ful note: Cern was attacked through the www, the same tech­nol­ogy they invented a few decades ago…
What a won­der­ful tool for asym­met­ric war­fare the Inter­net is…

PS: shouldn’t the CERN’s CMS devel­oper wiki be CLOSED to pub­lic access? Sure we all love shar­ing infor­ma­tion, but isn’t THAT a lit­tle bit too much of infor­ma­tion disclosure?

The defaced Cern web-​page