Hackers Attack The LHC
By Dan Morrill
Article Date: 2008-09-15
The shiny new Large Hadron Collider has been hacked, with hackers taking over the Compact Muon Solenoid detector. The hacker group 2600 of the Greek Security Team has claimed responsibility.
While this is interesting, it shows some inherent flaws in some of the systems that run on commercial automation systems have been reviewed lately, and with the latest metasploit attack method for CitectSCADA systems the time to take a look at your commercial automation systems is now. While these might not be the glamorous systems, the idea of taking over something that has been built on commercial automation is something that should be part of any company's security plan. With the metasploit available, and with the proven hack at CERN for the LHC (Large Hadron Collider), the security issues in commercial automation software are something to take a look at.
The consequences of a breach, wrote Luders, "are inherent to the design of CERN's accelerators and the affiliated experiments. All run a variety of control systems: some of them are complex, some of them deal with personnel safety, and some of them control or protect expensive or irreplaceable equipment. Thus, CERN's assets and their proper operation are at stake." Source: ABCNews
For many companies this is just going to be the tip of the ice berg, what is interesting is that it was not the Linux system that it runs on that was hacked. Rather the hackers went after a softer target going right into the control system. What makes this more interesting is that there is already enough worry that the system will build a miniature black hole that will consume the earth.
This kind of hack is not going to instill confidence that the folks at CERN are being as responsible as they should be when controlling such a large system with the hazard potential that the system has. This also has implications though for ITER the large fusion reactor that is being built in France as well because they are going to be using similar automation systems, and having a fusion reactor do things that are unexpected because of hackers is also not something that people are going to want.
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.