Hackers hit LHC computer system, deemed "scary experience"
By Donald Melanson 
posted September 12th 2008 4:43PM
posted September 12th 2008 4:43PM
Those already fearful of the Large Hadron Collider's potential Earth-ending capabilities may want to turn away for this one, as it looks like the situation has managed to get a bit more perilous, with a team of hackers apparently successful in mounting an attack on a system that is "one step away" from the computer system that controls of one of the LHC's massive detectors. According to The Telegraph newspaper, the group, calling itself the "Greek Security Team," left behind a half a dozen files on the system and damaged one CERN file, in addition to displaying the page above on the cmsmon.cern.ch website, which still remained inaccessible as of Friday. Somewhat disconcertingly, one of the scientists working at CERN simply described the incident as a "scary experience," with a CERN spokesperson further adding that they thought it was just someone "making the point that [the system] was hackable." Um, okaaaay.
[Via CNET News]
[Via CNET News]
Hello,
I live in Geneva and my dad works at CERN. Let me give some explainations about why it is accessible form internet:
1. The CERN owns two complete range of external IPs, hence every computer (execpt the ones that runs on seperate networks) in CERN has its own unique IP directly accessible from the internet (like a server).
2. The CERN, being an internationnal research facility has the obligation to share experience results, technologies and other informations with all the participating countries.
3. The computer that was hack only gives information. It does not give any control to anything.
4. The article talks about being one step away from controling one of the detectors: the detectors are not the one which are going to run the particles, they are only here to trace the bits coming out from an explosion of particules (when a colision is made). The magnet system to control the acceleration of the particules is obviously way more secured and cannot be accessed from internet.
5. In any case, the LHC cannot be *turned on* by someone just like this: firstly: it takes many days to get to full power, secondly it needs about 3 or 4 power plants for itself to be able to get to its full power, hence if those power plants are not activated (which are not controlled directly by CERN, but by the local power distributor) the LHC simply cannot get to full power.
Also, for those people who are scared:
In the past, just before LHC, there was the LEP, which was running throught the exact same tunnel as the LHC now. The LEP was one of the biggest scientific experience in the past and was using extremly high energies (according to the past). And all the experience with the LEP went really well and never made an accident (and this over more than 50 years). So do not be scared, the people at CERN are extremely qualified, and the LHC project has been planned and thought over for more than 10 years.
If your dad really works at CERN then pass along the message that some of us actually think the LHC is damn awesome.
Thats what Doctor Octavius said...
that is so scary! they could of went all the way and caused a black hole.... but that would make a intresting movie..... but it still scares me to death!!! i hope they fix the firewall! and soup up the security!
so obviously everyone in the world saw the davinci code, but never bothered to read it, is that it?
if anyone read it, they would have noticed the section on dan browns other book, angels and demons...
ill skip the lecture and just say that anyone who values our planet should read the book. its about the cern supercollider and this very situation...
thats what happens when people dont learn to read, those of us tha can take control of the world...
"angels and deamons" ? that's a "fictional" book. if you read more than next-to-be-a-movie book, you'd know that, producing that much of antimatter is impossible at the moment, or in the far future. a few million years of work, yeah than you can have a few grams of antimatter.
lhc is not about antimatter however. it's proton-proton collisions.
if you are thinking that this is the end of the world, you are only reading media (who loves end of the world stories) or hearing it from a friend. nature already making lhc experiments on high altitudes for billions of years, and we are still here.
we are fotgetting that collision experiments gave us lots of new technologies in lots of areas. it was once believed that, rockets might burn the atmosphere. don't get caught by media and so called semi-scientists, or those who just like to file lawsuits just to take out some money. search and learn.
and for those hackers... i thought that learning was a great part of being a hacker...
Huh?
Actually, everyone should play Half-Life, because it is about the LHC and this very situation. :P
Sounds like CERN should've used better encryption on their router
"But mostly its (the internet) just for porn." - Ben Affleck
Yeah, I agree with Forrest and Brian... Fear mongering for page views, and/or pointing out the vulnerability before anybody else... But then what kind of hacker would you be if you didn't at least try to hack into the LHC control board??? I bet Dr. Evil wishes he'd thought of this first. MWAHAHAHA. Can't wait to see the movie about this.
(Anybody remember reading about CERN in Angels and Demons? That was my first impression when I read this article. Hoping to see an Illuminati anagram!)
Sorry, didnt read the two comments before mine before posting just now... Antimatter was the result of the LHC experiments in Dan Browns book, but he was just theorizing what could be discovered. Obviously the book came out many years before the LHC would have been first powered up.
Scary thing about this is that Nuclear Fusion (power of the sun) is yet to be discovered, but this is a great first step! Fission will be obsolete before we know it.
The LHC will produce data at a rate of 300GB a second, it's connected to the internet (and private high speed fibre networks) to shift all that data out to various universities for analysis.
Might pay for them to hire a couple of security auditors before summer 2009 :S
I am looking forward to our Greek friends creating a mini black hole. I would like to get a hideous, snarling inter-dimensional beast for my vary own. I would hug it, let it eat the neighbor's cat, and read to it.
Could almost be the french version: grand collisionneur de hadrons, so GCH
First of all, I'm not sure I believe it. I've been visiting many of the CERN sites and related pages regularly for the past few months and have seen nothing about this screen (nor the screen itself, of course.) As per someone HACKING the LHC, doubt it. Seriously fucking doubt-it .. aside from the fact that there are hundreds or even thousands of programs making sure the beam is directed properly (improper aim could destroy SERIOUS parts of the LHC, mostly the magnets), just the prospect of a 15 year old (or even 30 year old) with enough technical prowess to actually re-align the beam, the magnets, or even the time/date of the computers (run by genius particle physicists) is so less than likely it's almost impossible. Yeah, you might make it through the firewall. But unless you've taken ten years after graduate school to understand both quantum particle chemistry/mechanics AND the ten years of programming necessary to break into such a project, all you've done is piss them off and likely extradited yourself to France (as Switzerland it neutral.)
I guess this is just pandering to the troll, but I'm not the sort to just 'let go' of ridiculous responses, especially when several people seem to back them up. (through assuming the article speaks the truth.)
ASIDE FROM THE TRUTH THAT:
People with as much talent as is represented here ('hackers') in this article are better suited to start a securities company (a REAL one, effectively ending the governmentally corrupt security softwares to date.) Or even start a vote-gathering corporation that DOESN'T have admitted discrepancies including 'randomly' lost votes. You all complain about how horrible the country is, but then you either *pretend* or you work your *magic* on things like the CERN LHC (to end the world?!) instead of making yourselves useful. You hate republicans, you hate today's society. Well, stop feeding it and start fighting it. Oh, that's right. You don't ACTUALLY EXIST.
- ME.
(Benjamin A. Akre, Brightwood, Oregon, 97011)
If that's not enough to find me then you're even more ridiculous than I truly thought.
HAha, you are so naive, you must get cuddled a lot.
I, for one, welcome our new greek overlords.
Oh and about the skill of the hacers:
""We think that someone from Fermilab's Tevatron (the competing atom smasher in America) had their access details compromised," said one of the scientists working on the machine. "What happened wasn't a big deal, just goes to show people are out there always on the prowl."
I sent a tip to engadget two days ago that cmsmon had been hacked, it was in the log books that are accessible online. And they give CNet the credit for this!?!?!?!
Virtual Path Network?
Encryption?
Anyone?
Places where nuclear fusion has been "discovered":
1. The Sun
2. The inside of a fusion bomb
3. At any one of the 42 experiments listed here: http://en.wikipedia.org/wiki/List_of_fusion_experiments
it seems that there is a community of hackers in Greece which is divided. and this attack (as it states) was carried out from the hardcore members of this community to awaken the members which spend their time and few skills they have (which they learned from books like 'hacking for dummies') into chatting on the irc and gloating about those few skills on their blogs. it was a statement to THEM, not to the world. and at the end they say "..oh, and take care of your network".
why did they even connect it to the internet? O_o
Dude, read the damn posts and use a bit of common sense before posting.
Do you even know how CERN is financed and what its purpose is? It's an international project, data from the experiment needs to be sent to scientists around the world for study and analysis, for storage aswell.
I didn't get my confirmation email so sending again..
If they know the risks, (they made the internet) why the hell don't they send it via satellite? It's harder to hack because it isn't on the internet.
But they used a leaked password it seems, so they show little or no skill just editing index.htm.
Freakin comment system failures, sigh
Well this gives me a chance to also apologize for the many missing letters in my posts lately, seems my keyboard needs some cleaning or something, sorry
Ζήτω η Ελλάς!
As someone who studies physics, I find it all rather ridiculous this hype about the "end of the world". It's just a beat up by journalists who know better. Any physicist they ask will laugh at the idea that this could cause the end of the world for one good reason - there's collisions occurring between particles at the edge of our atmosphere MUCH more powerful than anything the LHC can produce - LHC is just a controlled environment so that the collisions can actually be studied. Nature is creating much higher energy collisions on our doorstep and we're all still here.
If you really were a scientist you'd be able to realise many of such counter-arguments are rather nonsensical too and are using sophistry to convince.
Here's one for the global warming argument: CO2 is heavier than air so if there really was too much in the atmosphere is would all be near the ground not in the upper atmosphere.
Sounds correct doesn't it, and it's scientific, are you no longer worried about pollution now?
It is utterly ignorant to suggest the LHC is going to end the world. Read a book and stop trying to hype this whole thing out of proportion.
http://askanexpert.web.cern.ch/AskAnExpert/en/Accelerators/LHCblackholes-en.html
Read that and stfu.
There's more being made of this than is warranted. "One step away" is a dramatic way of saying that the hacked system wasn't connected to the LHC itself. Saying that the hacked computer wasn't connected to LHC doesn't sell advertising.
The media thrive on drama.
"The LHC Computing Grid is needed to manage the data deluge from CERN's Large Hadron Collider (LHC). When it starts in 2007 [whoops] the LHC will probe the physics of the Universe at the earliest moments after the Big Bang - and in the process produce 15 million Gigabytes of data a year that need to be shared, stored and analysed around the world."
http://www.physorg.com/news10895.html
This thing has to be connected to networks. As someone pointed out, it was someone at CERN that came up with the World Wide Web years ago. Well, this time around, they've developed something called the Grid. The detectors generate data faster than it can be written in any one place! I think it's literally > GB/sec. So they need the Grid.
And as someone said, I can't believe the detectors would have any control over the beams. I strongly suspect those would have only on-site, manual control.
the illuminati strike again!
Has anyone remarked on the web page posted on CERN by this "Greek Security Team" (photo at head of article)? I find it interesting that they chose to post the date 10/09/08 instead of the current date. Any ideas on the meaning behind this? As per resources such as http://www.creteonthe.net/greek-namedays.htm there's a real possibility that this odd date essentially amounts to a signature, that is, corresponds uniquely with the name Jacob. I'd be interested to hear additional speculation on this.
Tom Raywood
You do know that in Europe the date is written in that format?
WTF? Have these idiots never heard of C3 security?
I wouldn't call them idiots, I don't think you'd be able to build an LHC? What does that make you then?
@Nicolas
Unless contending with an arthritic condition (or some similar impedement) which greatly minimizes how much work you can do at a single sitting, please substantiate your seeming point with more than a single sentence. The Gregorian calendar presents as a universal standard, just as does the English language. (Note that the allegedly Greek culprits opted to Anglicize the crux of the web page at issue).
If you're referring to the Gallic use of the French Republican Calendar, (again, you really don't say), the 9th day of their 10th month would present as the 279th day of the year [per their set, 30-day months]. On the Gregorian calendar the 279th day corresponds with October 5th or 6th [depending on whether a leap year]. So obviously that's not a fit.
I don't mean to assume your response is lacking the merit of substance. But even beyond its inordinate brevity it does, you must admit, come off as condescending. After all, it is more than immediately obvious that if I "knew" what you're suggesting I wouldn't have written what I wrote or asked what I asked. You do get that don't you? LOL
What do you mean by your response? In what otherwise truncated way are you saying that the date 10/9/08 corresponds with a day that has already passed? Which day would that be and why?
Tom Raywood
No, he's saying that in Europe they put the day before the month. Therefore whereas 10/09/08 would be October 9, 2008 over here, over there it's September 10, 2008. And they do indeed do that over there.
Apparently Greek hackers also attacked Engadget's comments system, marking all comments "highest ranked".
Those hackers must be disgruntled Illuminati.
Well done telegraph. I get the distinct feeling that no one actually read the hacked page huh?
Long story short: one Greek hack team hacks a CERN web page (no controller, no detector, nothing. Just a public web page) just to rub it in the face of another Greek hack team. That's also why the uploaded page was in Greek...
one guy got it right so far:
http://grayhatforensics.secbible.org/index.php/2008/09/13/greek-hackers-deface-cerns-lhc-related-website/
Well done telegraph. I get the distinct feeling that no one actually read the hacked page huh?
Long story short: one Greek hack team hacks a CERN web page (no controller, no detector, nothing. Just a public web page) just to rub it in the face of another Greek hack team. That's also why the uploaded page was in Greek...
one guy got it right so far:
http://grayhatforensics.secbible.org/index.php/2008/09/13/greek-hackers-deface-cerns-lhc-related-website/
Why are folks swearing, mocking, and fouling each other?
So some hackers partially broke into LHC? I'm amazed that some commentors dispute that fact. Why should this, and other news sites lie? More importantantly, what does the weakness of the security systems surrounding LHC actually mean? What else did the designers get wrong? We all know that LHC went online over a year and a half late because of design and engineering flaws. What else did the builders of this machine get wrong?
Of course, it looks Greek to most of you, but as I am Greek I can tell you that the screenshot has a distinctive spelling error. If someone who can't even write correctly, can hack CERN, I think the best they will make is a grey hole. ;-)
Wow folks--to think that this "debate" was allowed to go on here while LHC was completely shut down. Wow!!! To think that CERN would release and talk about this diversionary story while the really big story was being hushed up!
LHC was BROKEN the whole time folks were discussing this stupid hacker thing!!!!!!!!
How could CERN officials give straight-faced comments about computer problems when the whole machine was down because of massive and major design and construction flaws?? How honest, transparent, or scientific is this type of attitude?
Wow folks--to think that this "debate" was allowed to go on here while LHC was completely shut down. Wow!!! To think that CERN would release and talk about this diversionary story while the really big story was being hushed up!
LHC was BROKEN the whole time you folks were discussing this stupid hacker thing!!!!!!!!
How could CERN officials give straight-faced comments about computer problems when the whole machine was down because of massive and major design and construction flaws?? How honest, transparent, or scientific is this type of attitude?