Slashdot Mirror

← Back to Stories (view on slashdot.org)

South Pole Research Station Hacked Twice

Posted by ryuzaki0 on from the doors-wide-open dept.

Marda writes "It's been known for a while that Romainian cyber extortionists cracked the computer network at the Amundsen-Scott South Pole Station last year. Now SecurityFocus is reporting that another computer intruder penetrated the station just two months before, and cracked the data acquisition system for the Degree Angular Scale Interferometer (DASI), a radiotelescope that measures properties of the cosmic microwave background. It turns out the station was insecure 'purposely, to allow for our scientists at this remotest of locations to exchange data under difficult circumstances,' according to internal reports."

6 of 292 comments (clear)

  1. Re:??????WTF?????? by urlgrey · · Score: 5, Insightful

    This has got to be among the all-time lamest excuses I've ever heard uttered.

    For Pete's sake HIRE A CONSULTANT or better yet ASK FOR VOLUNTEERS. I'm sure there are plenty of folks out there who'd LOVE to have something like this on their resume.

    C'mon. How about: we were cracked because we were lazy. Now that I'll buy--the first time.

    --
    Running 'Nix is like owning a Lightsaber. It's "a more elegant weapon for a more civilized time."
  2. Re:This is disgusting behavior by DramaGeek · · Score: 5, Insightful

    They'll do it because it's a fairly good target. It's one-of-a kind, and hacking it got them at least an article at Securityfocus and a mention here. Sure, they don't really gain anything from it, but since when has that been a requirement of hacking?

  3. It's a different field of knowledge. by Short+Circuit · · Score: 5, Insightful

    Scientists are generally knowledgable, but only in their field of specialization. You don't expect a particle physicist to know about macro biology, and you don't expect an ornithologist to know about particle physics.

    Computer security is another one of those fields that requires its own study time to be competent in, and most people aren't interested or don't want to spend the time.

    --
    tasks(723) drafts(105) languages(484) examples(29106)
  4. Put it in perspective... by riptide_dot · · Score: 5, Insightful

    FTA:

    "Given the fact that no financial records or systems were compromised, no safety or loss of life was threatened, and no critical system corrupted, we need to balance legitimate security needs with the legitimate needs of our scientists at the Pole," the memo reads.

    ...Other documents show that less than two months earlier the NSF's security team was plunged into a similar fire drill when a computer intruder named "PoizonB0x" penetrated the primary and backup data acquisition servers for a radio telescope at the station called the Degree Angular Scale Interferometer (DASI), which measures properties of the cosmic microwave background radiation -- the afterglow of the Big Bang. The intruder, rated a prolific website defacer by tracking site Zone-H, used his moment of cosmic access to erect a webpage on the servers proclaiming, "I love my angel Laura."

    Now, I'm not one for people snooping around in my stuff when they're not invited or anything, but consider this: The first hack modified a web page on a system that collects monitoring data (but most likely does not contain other meaningful data, like formulas), and the second intruder accessed no financial data, did not threaten safety, and did not corrupt any critical systems.

    Isn't it possible that the systems that were compromised were actually left insecure, not necessarily "on purpose", but because they felt that there wasn't much of a need to secure them in the first place? They probably calculated the possible risks and decided that, if both systems did in fact only contain informational webpages or data collected from their equipment, that there wasn't much point in worrying a lot about securing them (after all, who would really care about the data besides them?).

    --
    I was in the park the other day wondering why frisbees get bigger and bigger the closer they get - and then it hit me.
  5. Re:??????WTF?????? by zurab · · Score: 5, Insightful
    Those of us immersed in the information technology world often have little or no exposure to the disciples of pure science. And undergraduate physics students don't count. Traditional scientists don't think the way IT people or even computer scientists do. We see a system, and the goal is to optimize that system to perform correctly and efficiently. Traditional scientists have no interest in applied technology. Their goal is to gather knowledge, and to hell with everything that gets in the way. Typing in a tough password, applying patches, and following "best practices" gets in the way. ...
    But most slashdotters would have the same attitude towards other things they don't have experience with.

    I am not a car mechanic or an electrician, but if my car alarm and door locks stop working, I take it to a mechanic who can fix it. I don't park the car on public street at night where it may get stolen. The excuse that since they know and care little about security, they can skip it altogether, is - as others pointed out - lame. A computer network containing sensitive or important data connected to the Internet requires security, whether you are a 3-time Nobel prize laureate or a warehouse janitor.

    And as far as things that "get in the way" - security practices, or lack thereof - could easily get in the way of collecting and keeping valuable scientific data.
  6. Re:??????WTF?????? by gravytas · · Score: 5, Insightful
    I am not a car mechanic or an electrician, but if my car alarm and door locks stop working, I take it to a mechanic who can fix it.

    Clearly you're not a physicist. Most of the ones I've worked for, some of whom are also at the pole, are convinced that:
    since physics is one bad mamajama of a difficult subject, and as they've kicked that bad mamajama's ass, they are gods among men, seemingly privy to the unknown secrets of the universe.

    They hire IT people not because IT is too difficult for them to do on their own, but too mundane. Please don't make the mistake of telling them how things should be done.