If you’re one of those people of the belief that the much-publicized Large Hadron Collider buried under the border between France and Switzerland could potentially put an end to the world as we know it by mistakenly creating an Earth-consuming black hole, you might not want to read the rest of this post.
Because, European news sources reported today that the massive atom smasher’s network was indeed infiltrated by a crew of hackers; now, that is some scary business.
And apparently the involved hackers didn’t just break into some minor portion of the network operated by CERN, or the European Organization for Nuclear Research, the group of scientists who have built the massive machine.
Of course, CERN is also the birthplace of the very World Wide Web itself.
News organizations including the Telegraph UK are saying that the intruders might have had the ability, or close to it, to take control of some part of the atom smasher itself.
That is a serious security breach! Forget about TJX Companies and millions of customers’ credit card numbers, this could have been a really significant disaster, even if all the outsiders had done was damaged the device, which cost billions of dollars to design and build.
And the successful attack was carried out just as the atom smasher began to go live, when the involved network was clearly being closely monitored.
The group responsible for the attack, or at least the outfit that the involved hackers identified themselves as representing, was GST, the Greek Security Team.
Scientists working with CERN are trying to find a half dozen files that they believe that the group uploaded onto the network, and we can only hope that the Greeks didn’t leave behind a Trojan.
The GST also defaced one of CERN’s Web sites.
According to the Telegraph, GST was “one step away” from gaining access to the computer control system of one of the huge detectors used to track activity ongoing inside the vast machine, a piece of the system that is built from a magnet that weighs 12,500 tons.
Reportedly, if the hackers had been able to break in one step further, they could have potentially turned the device off entirely.
Scientists working with the project blamed the compromise on a colleague with the rival Fermilab Tevatron project in the U.S. having had their network credentials stolen.
Now that sure seems like a convenient excuse!
There’s been a lot written and said in recent months regarding the security of SCADA industrial monitoring and control systems, and the need for operators of such networks to make sure that they cannot be hacked.
You have to think that CERN had given some attention to security, so, sit back and chew on this one for a while.
This should come as a wakeup call to any SCADA network operators who don’t think that the systems, which are typically used to run sensitive facilities including nuclear power plants, refineries and manufacturing plants, can be hacked.
And just hope that no one is sitting in front of a computer screen somewhere right now working on an attack that could successfully create a black hole that swallows the entire planet.
Because that’d be pretty darn bad.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.