CERN Website Hacked

Click for larger view

During the brief respite between speeches from the CEO of Bank of America and George W Bush (still to come in 5 minutes) and watching the economy plummet into an ever deeper pit of despair, I managed to notice a little blurb about the CERN website being cracked.  Apparently a Greek team referenced 2600 in their responsibility claim.  Why?  Who knows.  At least it wasn’t worse.

Scientists working at Cern, the organisation that runs the vast smasher, were worried about what the hackers could do because they were “one step away” from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 metres in length and 15 metres wide/high.

If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, “it is hard enough to make these things work if no one is messing with it.”

via Telegraph

Dave Lewis over at the Liquidmatrix Security Digest notes:

Um, whut?

Why isn’t this 3 billion € machine segregated? This seems to be akin to attaching a SCADA network to the internet. Not this wisest idea. So what was this website running on before it got taken down? Well, as of Sept 10th it was reporting “Apache/2.2.4 (Unix) DAV/2 proxy_html/2.5 mod_jk/1.2.20 mod_ssl/2.2.4 OpenSSL/0.9.8d ” on Netcraft. Well, running a pwnable version of Apache is a good indication of how they got access.

I don’t really have anything to add to that. Back to watching the Street hide under its collective desk, waiting for the fallout.