That at least a dozen supercomputers in Europe at the same time because of “security problems” Taking it off the grid is more than unusual. However, this has been the case for a few days now, the exact backgrounds are only gradually becoming apparent.
–
What is now known about the apparently related incidents? Answers to the most important questions:
What happened?
Several high-performance data centers in Europe have been attacked by hackers and are currently offline. The unknown perpetrators, at least in some cases, hijacked user accounts to gain access to the data center supercomputers.
Which supercomputers and clusters are affected?
As of Friday lunch:
In Germany:
In Switzerland EPFL clusters were blocked for remote access.
–
In Edinburgh, Scotland is the ARCHER National Supercomputing Service offline since Monday.
What did the attacks look like?
As a rule, researchers do not connect their own computers directly and directly to a supercomputer, but instead use secure online access – if only because the systems should not only be available to members of the respective research institution. For NEMO, for example, you need a user account with a user name and password and a so-called SSH key.
The public part of such a key pair is usually on the server of the supercomputer, the private part on the user’s computer. In order to establish a connection to the supercomputer from outside, you need this private key. However, private SSH keys were also on at least some of the affected systems.
–
In the case of NEMO, the attackers gained access via a hijacked user access and expanded their usage rights on the system in an unknown way until they had “root privileges” and were able to switch and manage at will. Then they started to intercept other users’ credentials over the outgoing SSH connections.
What is known so far about the incidents at the other facilities sounds very similar to what happened in the case of NEMO. However, the KIT reports on request that “there are currently no concrete indications that passwords or other data had been stolen from the HPC systems at KIT”.
–
What were the consequences of the attacks?
It is too early to finally answer this question. The NEMO operators still assume that nothing else has happened except for the access data. However, they cannot rule it out because of the far-reaching rights of use that the perpetrators had acquired. The ARCHER operators and the TU Dresden do not yet believe that research data has been stolen.
What could have been the motivation of the perpetrators?
This is completely unclear at this point. The FBI and DHS officially accused China this week of hacking institutions and researchers working on and fighting the Sars-Cov-2 coronavirus. But that the attacks on the supercomputers are related to this seems rather unlikely.
First The attacks on NEMO, for example, started in early January.
Secondly it is not recognizable from the outside whether someone is doing such research on the supercomputers – and in many cases this should not be the case at all. For example, NEMO is primarily used for research in the fields of materials science, neuroscience and elementary particle physics. Hacking the systems on suspicion and then – as a researcher at EPFL described to SPIEGEL – looking for poorly organized and poorly documented data and codes for material that could somehow be used by experts would at least not be efficient.
Third So far, none of the institutions affected has been able to determine a corresponding data outflow. One institution said that it is currently assumed that the attacks were discovered at an early stage, which is why the motive of the perpetrators was not yet recognizable.
–
