ECONOMICS

Unknown Malicious hackers have compromised a number of Linux and Solaris based networks at supercomputing facilities. One cluster was the TeraGrid computing cluster maintained by Stanford University. At least 30 systems were compromised completely and required quarantine. Also compromised was the National Center for Atmospheric Research (NCAR), where atmospheric simulations are carried out in attempts to model the Earth's climate. NCAR's computing director, Al Kellie, indicated the problem "is apparently occuring at many institutions around the country." "Stanford, along with a large number of research institutions and high-performance computing centers, has become a target for some sophisticated Linux and Solaris attacks," Stanford University's Information and Technology Systems and Services (ITSS) said in its Web advisory. "The attacker appears to be deliberately targeting machines in academic and high-performance computing environments, rather than attacking systems indiscriminately." The unknown attackers use common password-cracking tools to gain access to any account on a server and then gain further access by using security flaws in the software. "The perpetrators regularly gain access to an unprivileged local user account, presumably by sniffing passwords, cracking passwords from other compromised systems, or by triggering vulnerabilities in remotely accessible services," the advisory states. After laboriously ferreting out the source of the intrusion and expelling the attackers, affected institutions are just now announcing the incidents. The U.S. Department of Homeland Security has further announced that more universities have been compromised. A common theme among all clusters was the use of known Linux and Solaris vulnerabilites by the attackers. Tina Bird, a computer security officer at Stanford, admitted to being taken completely by surprise. "This incident is definitely giving us an opportunity to reevaluate the maintenance and protection we provide to our Unix systems," Bird stated. "When you're completely focused on widespread attacks on Windows systems, it's certainly startling." Bird insists research data was not touched, although the extended outage of the cluster has impacted numerous research projects. SDSC Statement on Recent Widespread Cyber Attacks The San Diego Supercomputer Center was recently targeted as part of a widespread cyber attack involving numerous sites across the country, including universities and other high performance computing centers. While our investigation is continuing, we believe the intruder gained access to a number of SDSC systems over a four day period. In each case, the intruder's activity was quickly detected, and his activity monitored. All of the affected systems have since been reinstalled to states that are no longer vulnerable to the exploits used to initially compromise them. User accounts that were compromised have been inspected and cleaned, and we have taken the additional precaution of scanning our entire user database, requiring users with weak passwords to change them. We continue to closely monitor our systems for any evidence of new attacks. SDSC's "Defense in Depth" approach to cyber security gave us the containment strategies necessary to protect critical resources. As a result, there were no major interruptions in service to our staff or customers.