A number of supercomputers across Europe, including the University of Edinburgh's ARCHER supercomputer, were reportedly hacked and used by cyber criminals for cryptocurrency mining last week.
The hacking of multiple supercomputers across Europe was first reported on Monday, 11th May by the University of Edinburgh, which runs the ARCHER supercomputer. As a result of a cyber attack, the ARCHER system had to be shut down and the university was forced to reset SSH passwords to prevent further intrusions.
“Due to a security exploitation on the ARCHER login nodes, the decision has been taken to disable access to ARCHER while further investigations take place. The EPCC Systems team is working with Cray to investigate this issue and we will provide further updates tomorrow afternoon,” the University announced via its website.
The university issued another statement on 12th May, stating that “ARCHER will be unavailable today, 12/05/20, as we continue to investigate the security incident that was discovered yesterday.” It, however, confirmed that “jobs that are currently running or queued will continue to run, but you will be unable to log in or to submit new jobs.”
The firm issued another statement on Wednesday, 13th May, stating that the cyber attack was a major security incident and that the ARCHER Service won’t be available until Friday, 15th May. The university confirmed that it was working with the National Cyber Security Centre (NCSC) and Cray/HPE to investigate the security breach and plan effective remedies.
The latest statement published by the university on May 15 confirmed that ARCHER was still investigating the hack and it will reset existing ARCHER passwords and SSH keys. “When ARCHER returns to service all users will be required to use two credentials to access the service: an SSH key with a passphrase and their ARCHER password,” it added.
Cryptocurrency miners targeted supercomputers in Germany, Switzerland and Spain as well
This was not the only security incident that involved a supercomputer. Similar incidents were reported from Germany, where five of the country's supercomputer clusters had to be shut down.
Security researcher Robert Helling published a blog post on May 16, stating that “in the last few days, there was news that several big academic high-performance computing centres had been hacked. Here in Munich, LRZ, the Leibniz Rechenzentrum was affected but apparently also computers at the LMU faculty of physics.”
Other countries like Spain and Switzerland also reported similar security incidents taking down multiple supercomputers in their countries.
The Swiss Centre of Scientific Computations (CSCS) in Zurich, Switzerland published a statement on its website stating that “CSCS detected malicious activity in relation to these attacks. Due to this situation, the external access to the centre has been closed until having restored a safe environment.”
Commenting on the hacking of multiple supercomputers across Europe, Dr. Anton Grashion, VP EMEA at Corelight told TEISS that "protecting supercomputers and data centres is no trivial task, especially when they are used for mathematical modelling and scientific work, which require a great deal of collaboration and, consequently, data flow.
"The scale of this mission requires leading-edge performance in computing, storage, and networking. This is true for supercomputing services such as the UK’s ARCHER, but also for all national labs and large research universities around the world. Conventional network protections is difficult in such environments, and endpoints management is equally challenging when the devices that require network access are so diverse - not just laptops and phones.
"The only way such complex environments can be protected is by increasing the visibility over the network traffic, and turn to a data-driven security model that transforms such traffic into comprehensive, real-time logs. Open source tools like Zeek provide security teams with the sort of actionable data they need to monitor the security posture of institutions such as the ones breached in this attack, where the management of risk is vital to allow scientific progress," he added.
Jamie Akhtar, CEO and co-founder at CyberSmart, also told TEISS that “these incidents raise the very serious concern of cybersecurity in institutes of higher education where a lot of this cutting-edge research is taking place. Universities are home to some of the most advanced research projects in the world across many disciplines- including computer science- but they are also notoriously vulnerable to attack if they are connected to the wider university network.
"Last year, the Higher Education Policy Institute commissioned a study to test the reliability of UK university security systems. Of 50 institutions, they had a 100% success rate in breaking into their systems within two hours to access student and employee information, institutional records, and research data," he added.