Hackers Strike Advanced Computing Networks
By Brian Krebs, washingtonpost.com Staff Writer
Hackers infiltrated powerful
supercomputers at colleges, universities and research institutions in
recent weeks, disrupting one of the nation's largest online research
networks for several days and raising concerns among computer security
experts that the compromised machines could be used to attack specific
Web sites or parts of the Internet.
As many as 20 institutions were targeted,
according to two sources who work at facilities affected by the
attacks. Both asked that their names be withheld because they are
aiding the ongoing investigation and fear that officials at other
institutions may refuse to cooperate if they believe they could become
the subject of media coverage.
One powerful research computing project
affected by the attack was TeraGrid, a network of computers funded by
the National Science Foundation (news - web sites) and used to conduct intensive data-crunching projects such as weather forecasting and genome sequencing.
The attacks prevented some researchers
from using the grid for up to five days last week as investigators
assessed the damage, said Pete Beckman, director of engineering at
Argonne National Laboratory, a U.S. Department of Energy (news - web sites)
lab operated by the University of Chicago. Beckman said several systems
were hit at the lab, which maintains sites in suburban Chicago and
Hackers also broke into TeraGrid systems
at the National Center for Supercomputing Applications (NCSA) at the
University of Illinois at Urbana-Champaign and the San Diego
Supercomputer Center (SDSC) at the University of San Diego, California.
The hackers' identities remain unknown.
None of the systems were permanently damaged, but the hackers gained
the ability to control the various networks for at least short periods
With that much computing power at their
disposal, the hackers could have launched an assault capable of
disabling large portions of the Internet, said Russ Cooper, a chief
scientist with Herndon, Va.-based TruSecure Corp.
Even harnessing the power of one
high-performance computer on a high-speed research network could give
intruders the attack resources equal to hundreds -- if not thousands --
of desktop computers, Cooper said.
"This could be a wake-up call to what
should be very, very secure computing environments, because these
machines should never have been compromised."
The FBI (news - web sites)
contacted officials at the schools, according to Beckman and Tina Bird,
a computer security officer at Stanford University. FBI spokesman Paul
Bresson declined to comment on whether an investigation is underway.
The Department of Homeland Security,
which is responsible helping guard the nation's critical information
and communications systems, also declined to comment.
The incident underscores years of
warnings from cybersecurity experts in the government and private
sector that the United States could suffer a major electronic attack at
the hands of ever more sophisticated online criminals. In June 2002,
The Washington Post reported that U.S. intelligence agencies had
monitored al Qaeda operatives probing computer systems at dams, power
plants and other critical infrastructure facilities.
Bird said the attackers appear to have sought out machines in academic and high-performance computing environments.
Technicians at Stanford, which is not
part of the TeraGrid network, quarantined at least 30 computers after
the attack. It targeted computers running versions of the Linux (news - web sites) and Solaris operating systems that were vulnerable to several recently discovered software flaws.
After posting her findings on Stanford's
Web site last week, Bird said, systems administrators at other academic
institutions contacted her to report similar intrusions. She would not
say how many notices she received or what schools reported attacks.
"This incident is definitely giving us an opportunity to reevaluate the maintenance and protection we provide to our Unix (news - web sites)
systems," Bird said. "When you're completely focused on widespread
attacks on [Microsoft] Windows systems, it's certainly startling."
The National Center for Atmospheric
Research in Boulder, Colo., took several of its systems offline after
they were compromised by the hackers. Al Kellie, the center's
scientific computing director, said that the problem "is apparently
occurring at many institutions around the country."
Kellie said the center suspended access
to its supercomputer network after the attack. It is not scheduled to
go back online until next week.
Karen Green, spokeswoman for the NCSA at the University of Illinois, said she observed no adverse results from the attacks.
"There wasn't any classified data involved, and I haven't heard of anyone's scientific data being compromised," she said.
The intruders gained access to a number of
the San Diego center's systems over a four-day period this month, said
SDSC spokeswoman Ashley Wood. In each case, Wood said, the systems were
inspected by SDSC officials and patched so that the hackers could not
gain access again.
Security breaches on TeraGrid and other
supercomputers could result in losing valuable research time and data,
as well as hackers getting hold of confidential data, said Scott
Fendley, a security analyst for the University of Arkansas in
Fayetteville. The university was not affected by the attacks.
Fendley said attackers also could use the
machines to knock other networks offline with large data blasts. It
would be similar to a February 2000 case where a Canadian juvenile
commandeered high-speed computers at University of California, Santa
Barbara to knock Amazon, eBay, CNN.com and other Web sites off-line for
"I'm sure there are bigger targets, but I
hope that someone is really keeping an eye on those," he said. "Once
you get past [San Diego] supercomputer complex, the next large clusters
I'm aware of are government or military owned."
Beckman, however, said it seems like the attackers tried to do little more than see how much access they could get.
"This is more like what happens at an
airport when a small security infraction closes down an entire
terminal," he said. "It's annoying and frustrating, but little real or
lasting damage was done here."