ShareThis Page

Hackers teach schools a lesson

| Wednesday, April 21, 2004

Hackers have attacked the nation's most powerful academic computers, including a center in Pittsburgh run by Carnegie Mellon University and the University of Pittsburgh.

"They're not releasing too much information about the details to ensure their investigation proceeds as best it can," said David Hart, a spokesman for the National Science Foundation in Arlington, Va. "The only thing I can say is no data were damaged and there was no long-term damage."

The attack isn't believed to be terrorism-related.

The National Science Foundation has financed the TeraGrid, a $98 million project that links computers at five sites, including Pittsburgh. The purpose is to build the world's largest infrastructure for scientific research -- capable of performing 20 trillion calculations a second -- on problems as complicated as astrophysics and the Human Genome Project.

The sites whose computers were invaded earlier this month include the Pittsburgh Supercomputing Center operated by CMU and Pitt, as well as the California Institute of Technology, Colorado State University, the National Center for Atmospheric Research in Boulder, Colo., and the affiliated University Corporation for Atmospheric Research, according to The Chronicle of Higher Education, an independent weekly.

Also hit were Stanford University, the San Diego and Davis campuses of the University of California, the University of Colorado, the University of Nebraska, the University of Washington and the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign.

"We don't ever make comments on security," said Michael Levine, co-director of the Pittsburgh Supercomputing Center. "It's a matter of general policy."

The Chronicle, however, said the Pittsburgh center blocked remote access to its machines until April 8 and ordered users to change their passwords.

"They were instructed not to use a password that they had used before or a word that could be found in any dictionary in any language," the newspaper said.

Karen Green, a spokeswoman for the center in Illinois, confirmed the assault on its computers.

"We took the computers offline as a precaution," she said. "There were no data compromised. We expect things to be back to normal pretty soon."

A notice on the TeraGrid's Web site states: "We are currently investigating a security incident involving unauthorized access to systems. It affects a variety of Internet sites, including some TeraGrid sites.

"To ensure the security of TeraGrid resources, we have taken several TeraGrid resources offline to conduct a thorough examination. We expect this examination to conclude within a few days.

"As a precaution, new passwords will be issued for all users. Details on how these passwords will be distributed are being sent on a per-site basis as systems come back online."

The Chronicle reported that the hackers used stolen passwords to enter a supercomputer, explore its vulnerabilities and later attack its weaknesses.

"It was not a terrorist attack as far as anyone knows," Green said.

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.

click me