lswcap
A problem has been discovered in European countries where supercomputers are hacked by someone and used for cryptocurrency mining.
Hacking has already been confirmed in Britain, Germany, and Switzerland, and in Spain, it is said that the computer has to be shut down due to suspected intrusion. First of all, a sign of a security breach was found in the login node at ARCHER, a supercomputer developed by the University of Edinburgh in Scotland. At the university, system shutdown and SSH password reset processing were conducted to prevent recurrence and investigation.
In Germany, bwHPC, an organization that coordinates research projects with several supercomputers, has already established Hawk at the Stuttgart HPC Center, bwUniCluster 2.0 and ForHLR II at Karlsruhe Institute of Technology, and bw Focluster Justus at Ulm University. bwForCluster JUSTUS) and bw ForCluster BinAC at the University of Tübingen terminated, responded, and investigated the breach as security problems were discovered.
A security researcher (Felix von Leitner) said through his blog that a supercomputer in a research institute located in Barcelona, Spain was shut down due to a security problem, and a security breach was discovered in the Leibniz Supercomputing sensor under the Bavarian Academy of Sciences in Germany. There was a report that it was blocked. Another German research institute also shut down supercomputers such as JURECA, JUDAC, and JUWELS for security concerns.
In addition, the result of malware analysis found in a high-performance computing cluster at the Ludwig Maximilian University Munich, Germany, was published, and a cyber accident was discovered at the Swiss National Supercomputing Center in Zurich, and the infrastructure was shut down to restore a safe environment.
CSIRT, the European Grid Infrastructure (EGI) security incident response team, which coordinates the allocation of supercomputer research resources across Europe, collects malware samples and network failure information from supercomputers that have undergone a series of security breaches, and collects information from the US information security company Cado Security. ).
As an attack method, after accessing the supercomputer, it was promoted to administrator privileges to target the Linux kernel vulnerability indicated as CVE-2019-15666, and executed the cryptocurrency Monero mining program. Since each case has many things in common, there is a possibility of an act by the same individual or group.
Until now, there have been many cases where a side with access to a supercomputer intends to use its computing power to mine personal cryptocurrencies. However, this series of infringements may be the first examples of hackers or organizations executed. In Europe, not long ago, it has indicated a plan to first allocate supercomputer resources to new Corona 19 research. It is undeniable that the possibility that the foolish hacking practice carried out in the midst of this reduced the possibility of saving the world in the future. Related information can be found here .
Add comment