Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fermi Lab Compromised by Pirate

Posted by CmdrTaco on from the avast-me-hardy dept.

tttonyyy writes "The US Department of Energy sounded a full scale alert after machines were compromised at the Fermi National Accelerator Laboratory, according to this BBC article. It turns out that the hacker was a student using the machines to download and store music and movies."

8 of 280 comments (clear)

  1. Re:This is dangerous. by Anonymous Coward · · Score: 5, Informative

    Not True. I work at IT another accelerator lab in the US, and the control network is on an entirely different network firewalled off, MAC restricted, etc. Even the software engineers responsible for the control system have to be wired behind the firewall.

    On a not unrelated note, we have been hacked several times by people uploading movies, MP3s, etc. The system was never rebuilt and the files were simply deleted. In general accelerator labs are not staffed for the super-anal security that you would expect (to say nothing of the number of MP3s, etc. that legitimate users have on the server)...

  2. Silly by Anonymous Coward · · Score: 4, Informative

    I've worked at Fermi National Accelerator Lab (fnal.gov) for 4 years, so perhaps I could troll a bit: since they have so many Linux machines (nearly all on Internet accessable IP) and no firewall (recently there are some firewalled ports) this is not a unique occurance, this happens *all* the time.

    On the other hand, FermiLab does no defense/weapon work or any kind or any classified work as far as I know, a lot of people confuse it with Argonne National Lab (and be really glad Argonne wasn't named an Accelerator Lab, otherwise we'd have anal.gov)

    -frin

  3. As a fellow user in the same lab: by Anonymous Coward · · Score: 5, Informative


    Here's what really happened. Users in one of the labs are all given web space on a web server. Now, the IT staff is low on manpower, with government funding behind diverted to the war in Iraq. So, security (among other things) is kind of lax.

    Basically, McElroy ran Jack the Ripper on the password file. We're using an SGI 1400L from 1997. He got the root password, and removed the limits of his disk quota. Then, he stored a bunch of ripped DVD's and MP3's in his webspace.

    Now you ask, why isn't the government making a big deal about this? They know their security policy is weak, and they just ramped it up. The 'alert' is really just a few days for them to get things back they way they should be. If they said "well, we won't prosecute him because if people really know what happened, it'd make us look bad", what would the American public (and rest of the world) think?!

  4. Re:FULL TEXT by pacman+on+prozac · · Score: 4, Informative

    heh, do you really think you can /. the bbc?

    Have a look here to see their traffic. Totals are here. They can handle 2gb/sec. Thats some monster pipe, and it will take some severe slashdotting.

    On the count of three, hit refresh like a mofo. If all 600,000 of us do it we might just create a tiny lump on that graph.

  5. Re:This is dangerous. by shoppa · · Score: 4, Informative
    There is no classified information at Fermilab. Phsycial security has been stepped up since 9/11 but there's no bombs built there, just some mildly radioactive metal in the beamline and lots of little radioactive sources for testing/calibration.

    That's not to say that massive damage/downtime can't be done by breaking into the right machines.

  6. From someone at Exeter Uni by AlistairGroves · · Score: 4, Informative

    This happened last year, he's only just been sentenced (by the british, not the americans). And this had nothing to do with the Patriot act. The reason he chose Fermi Labs is that he mistakenly thought it was a academic facility and so would not pay bandwidth fees (unis etc in England don't pay for bandwidth)

    I'm not condoning his actions, just trying to clear up some of the FUD

  7. Re:Why is Fermi's network attached to the Internet by n0mad6 · · Score: 5, Informative
    Speaking as someone who works at Fermilab...

    There are thousands of computers at Fermilab, the vast majority which are desktop workstations running linux (logins are through Kerberos). Being your typical office computers sitting on a desk, they are connected to the internet via fairly high bandwidth. As we know, the WWW was invented in order for high-energy physicists to share data throughout the world, so not only does it not make sense for these machines to be cut off from the internet, it is an essential part of scientific research. Any machine that actually controls an aspect of an experiment (connected to any sort of particle accelerator or detector) is not likely to be connected to the internet.

    So, yes, physicists and other scientists do depend on flawed technology, mostly because its the easiest way to be able to keep connected when you're dealing with large collaborations stretched across the world. The downside may be the occasional kid (wrongfully) taking advantage of a desktop machine attached to a T1 line. Where security is more vital, it is present. But its simply impossible to insure that everyone's desktop machine is secure or not.

  8. Re:Not put in jail?! by pacman+on+prozac · · Score: 4, Informative

    Instead he ends up doing community service. Exeter is about half an hour from here. The community service in this part of the UK is an incredibly harsh and difficult punishment. I'll describe it for those who have not come across its horrors before.

    Its likely that he will end up being forced to sit in a sunny field in the middle of the Devon countryside smoking joints and drinking cans of extra strong lager with all the other community service peeps, while they supposedly dig some ditch that doesn't need to be dug so nobody will ever care about it actually being done or not.

    That'll learn 'im.