Anybody have more details? Greg from http://www.washingtonpost.com/wp-dyn/articles/A8995-2004Apr13.html: Hackers Strike Advanced Computing Networks By Brian Krebs washingtonpost.com Staff Writer Tuesday, April 13, 2004; 5:40 PM Hackers infiltrated powerful supercomputers at colleges, universities and research institutions in recent weeks, disrupting one of the nation's largest online research networks for several days and raising concerns among computer security experts that the compromised machines could be used to attack specific Web sites or parts of the Internet. As many as 20 institutions were targeted, according to two sources who work at facilities affected by the attacks. Both asked that their names be withheld because they are aiding the ongoing investigation and fear that officials at other institutions may refuse to cooperate if they believe they could become the subject of media coverage. One powerful research computing project affected by the attack was TeraGrid, a network of computers funded by the National Science Foundation and used to conduct intensive data-crunching projects such as weather forecasting and genome sequencing. The attacks prevented some researchers from using the grid for up to five days last week as investigators assessed the damage, said Pete Beckman, director of engineering at Argonne National Laboratory, a U.S. Department of Energy lab operated by the University of Chicago. Beckman said several systems were hit at the lab, which maintains sites in suburban Chicago and Idaho. Hackers also broke into TeraGrid systems at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign and the San Diego Supercomputer Center (SDSC) at the University of San Diego, California. The hackers' identities remain unknown. None of the systems were permanently damaged, but the hackers gained the ability to control the various networks for at least short periods of time. With that much computing power at their disposal, the hackers could have launched an assault capable of disabling large portions of the Internet, said Russ Cooper, a chief scientist with Herndon, Va.-based TruSecure Corp. Even harnessing the power of one high-performance computer on a high-speed research network could give intruders the attack resources equal to hundreds -- if not thousands -- of desktop computers, Cooper said. "This could be a wake-up call to what should be very, very secure computing environments, because these machines should never have been compromised." The FBI contacted officials at the schools, according to Beckman and Tina Bird, a computer security officer at Stanford University. FBI spokesman Paul Bresson declined to comment on whether an investigation is underway. The Department of Homeland Security, which is responsible helping guard the nation's critical information and communications systems, also declined to comment. The incident underscores years of warnings from cybersecurity experts in the government and private sector that the United States could suffer a major electronic attack at the hands of ever more sophisticated online criminals. In June 2002, The Washington Post reported that U.S. intelligence agencies had monitored al Qaeda operatives probing computer systems at dams, power plants and other critical infrastructure facilities. Bird said the attackers appear to have sought out machines in academic and high-performance computing environments. Technicians at Stanford, which is not part of the TeraGrid network, quarantined at least 30 computers after the attack. It targeted computers running versions of the Linux and Solaris operating systems that were vulnerable to several recently discovered software flaws. After posting her findings on Stanford's Web site last week, Bird said, systems administrators at other academic institutions contacted her to report similar intrusions. She would not say how many notices she received or what schools reported attacks. "This incident is definitely giving us an opportunity to reevaluate the maintenance and protection we provide to our Unix systems," Bird said. "When you're completely focused on widespread attacks on [Microsoft] Windows systems, it's certainly startling." The National Center for Atmospheric Research in Boulder, Colo., took several of its systems offline after they were compromised by the hackers. Al Kellie, the center's scientific computing director, said that the problem "is apparently occurring at many institutions around the country." Kellie said the center suspended access to its supercomputer network after the attack. It is not scheduled to go back online until next week. Karen Green, spokeswoman for the NCSA at the University of Illinois, said she observed no adverse results from the attacks. "There wasn't any classified data involved, and I haven't heard of anyone's scientific data being compromised," she said. The intruders gained access to a number of the San Diego center's systems over a four-day period this month, said SDSC spokeswoman Ashley Wood. In each case, Wood said, the systems were inspected by SDSC officials and patched so that the hackers could not gain access again. Security breaches on TeraGrid and other supercomputers could result in losing valuable research time and data, as well as hackers getting hold of confidential data, said Scott Fendley, a security analyst for the University of Arkansas in Fayetteville. The university was not affected by the attacks. Fendley said attackers also could use the machines to knock other networks offline with large data blasts. It would be similar to a February 2000 case where a Canadian juvenile commandeered high-speed computers at University of California, Santa Barbara to knock Amazon, eBay, CNN.com and other Web sites off-line for hours. "I'm sure there are bigger targets, but I hope that someone is really keeping an eye on those," he said. "Once you get past [San Diego] supercomputer complex, the next large clusters I'm aware of are government or military owned." Beckman, however, said it seems like the attackers tried to do little more than see how much access they could get. "This is more like what happens at an airport when a small security infraction closes down an entire terminal," he said. "It's annoying and frustrating, but little real or lasting damage was done here."
This archive was generated by hypermail 2b30 : Wed Apr 14 2004 - 23:09:09 PDT