Hackers have broken into some of the world’s most powerful computer clusters in recent weeks in an apparently coordinated cyber attack targetting research and academic institutions.
Although officials sought on Wednesday to play down the seriousness of the threats, some security experts warned that such a break-in could potentially enable a serious attack on the internet.
Stanford University, the San Diego Supercomputer Centre and the University of Illinois’ National Centre for Supercomputing Applications were among the systems hit.
Also affected was TeraGrid, a government-funded effort to link together several supercomputers, including those at San Diego and NCSA, so scientists can better crunch data for weather forecasting, astronomy and medicine.
”There’s been some unauthorised access, but it’s not that anything has been damaged or taken over,” said Catherine Foster of Argonne National Laboratory, home to TeraGrid’s coordinator. ”This seems to be part of an effort (by hackers) to gain merit badges.”
Foster said some TeraGrid computers had to be taken offline while security upgrades were made, disrupting research. She said the attacks begin in March and that all systems should be restored by week’s end.
Mike Levine, scientific director at TeraGrid member Pittsburgh Supercomputing Centre, said the TeraGrid sites performed no classified work so there are ”no implications for national security.” He would not say whether Pittsburgh itself was hit.
But Peter Allor, director of intelligence with the Internet Security Systems’ X-Force research unit, said universities and research institutions are prime targets for hacking because they have very powerful computers with plenty of internet bandwidth.
Those resources, he said, could be tapped to launch so-called denial-of-service attacks that can disrupt major websites and e-mail systems around the world, potentially bringing down the net.
Frank Dwyer, associate director for information technology at San Diego, acknowledged that research networks pose special challenges because they are far more open than corporate networks.
But he said institutions like San Diego have safeguards to protect the most critical systems.
Investigations were continuing, and law enforcement authorities have been contacted. No one could specify how many institutions have been compromised, though officials described the number as large.
At San Diego, hackers managed to penetrate computers at the perimeter, but network managers stopped them before they reached core systems, Dwyer said. He described the effect on users as minimal.
The NCSA urged all users to change passwords, while Stanford issued a security bulletin last week reminding network administrators to upgrade their systems with the latest security patches.
At Stanford, which is not part of TeraGrid, computers hit were running Solaris and Linux operating systems. Hackers took advantage of known vulnerabilities for which patches were available but not installed.
Hackers used insecure machines to gain root privileges, which let them make the kinds of changes normally reserved for authorised administrators. But even computers with the latest patches were used to run password-decoding software after hackers logged on using a compromised account, according to the Stanford bulletin. – Sapa-AP