Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security Announcements

South Pole Research Station Hacked Twice 292

Marda writes "It's been known for a while that Romainian cyber extortionists cracked the computer network at the Amundsen-Scott South Pole Station last year. Now SecurityFocus is reporting that another computer intruder penetrated the station just two months before, and cracked the data acquisition system for the Degree Angular Scale Interferometer (DASI), a radiotelescope that measures properties of the cosmic microwave background. It turns out the station was insecure 'purposely, to allow for our scientists at this remotest of locations to exchange data under difficult circumstances,' according to internal reports."
This discussion has been archived. No new comments can be posted.

South Pole Research Station Hacked Twice

Comments Filter:
  • by Anonymous Coward on Friday August 20, 2004 @12:47AM (#10019821)
    Why can't they just leave our unsecured network alone? Next we'll have to secure that WiFi network so the Australians stop leeching.
  • ??????WTF?????? (Score:3, Insightful)

    by Anubis350 ( 772791 ) on Friday August 20, 2004 @12:49AM (#10019829)
    insecure purposely? what about SSH? what about VPN? jesus, arent these scientist smart? cant they use some tools for that matter, cant someone creat a gui so the dont have to?
    this is the most riddiculous thing I've ever heard.
    • Re:??????WTF?????? (Score:5, Insightful)

      by urlgrey ( 798089 ) on Friday August 20, 2004 @12:55AM (#10019859) Homepage
      This has got to be among the all-time lamest excuses I've ever heard uttered.

      For Pete's sake HIRE A CONSULTANT or better yet ASK FOR VOLUNTEERS. I'm sure there are plenty of folks out there who'd LOVE to have something like this on their resume.

      C'mon. How about: we were cracked because we were lazy. Now that I'll buy--the first time.

      • Re:??????WTF?????? (Score:5, Insightful)

        by fireman sam ( 662213 ) on Friday August 20, 2004 @01:47AM (#10020077) Homepage Journal
        Why is this a troll?

        It is a valid point. If you do not have the skills to do something, pay someone to do it. If you don't have the funds, ask for a volunteer.

        These people have screwed around with their system until the data transfer did what they wanted. What they didn't realize (I hope) is that they have opened up their system to these sorts of attacks.

        If business did this sort of thing, imagine what the web would be like now...

        • Re:??????WTF?????? (Score:4, Insightful)

          by bbuR_bbuB ( 804723 ) on Friday August 20, 2004 @06:50AM (#10021006)
          There are a limited amount of people who may occupy the South Pole at any one time due to humans' impact on the environment down there. Why waste a bed on a sysadmin when you could have more important people doing more important work?
          • Re:??????WTF?????? (Score:4, Interesting)

            by rikkards ( 98006 ) on Friday August 20, 2004 @07:29AM (#10021103) Journal
            They have a sysadmin there. His main priority is ensuring the email is up that's it.
            • by Fred_A ( 10934 ) <fred@freds h o m e.org> on Friday August 20, 2004 @08:59AM (#10021610) Homepage
              Great job...

              Mission : go to Antartica, maintain email services. Duration 6 months.

              Week 1 : upgrade and patch all machines.
              Week 2 : make snowman, look at machines, plat solitaire.
              Week 3 : blizzard, look at machines
              Week 4 : play solitaire, start drinking beer
              week 5 : remember about the pinball game, install pinball game play pinball
              week 6 : Got lost for 3 days in the blizzard when making a snowman
              week 7 : can't play pinball because of bitefrost bandages, drinking bourbon, watching blinkenlights on hub
              week 8 : poured bourbon in file server so I had something to fix, got scolded by director of base who saw me
              week 9 : tried drinking kerosene
              week 12 : woke up in infirmary when doctor was about to start autopsy
              It seems doctor had been smoking joints, asked him if he had any left
              week 13 : shagged a penguin. Finished last of bourbon
              week 14 : damn pengion follows me everywhere 11 more weeks to go. Found an AOL cd in the mailbox yesterday, no idea how it got there. ...

              Great job indeed. :)
      • Re:??????WTF?????? (Score:4, Interesting)

        by dargaud ( 518470 ) <slashdot2@gdargaud.MOSCOWnet minus city> on Friday August 20, 2004 @03:28AM (#10020358) Homepage
        I'm sure there are plenty of folks out there who'd LOVE to have something like this on their resume.
        I have this on my resume [gdargaud.net] [sysadmin and scientific software in Antarctica [gdargaud.net], along with much more]. But it apparently it doesn't impress employers, I spent 6 months looking for a job before opening my own small sofware business [gdargaud.net] couple months ago. Yes, this is a shameless plug and should be moderated as so !
    • by Short Circuit ( 52384 ) * <mikemol@gmail.com> on Friday August 20, 2004 @01:02AM (#10019904) Homepage Journal
      Scientists are generally knowledgable, but only in their field of specialization. You don't expect a particle physicist to know about macro biology, and you don't expect an ornithologist to know about particle physics.

      Computer security is another one of those fields that requires its own study time to be competent in, and most people aren't interested or don't want to spend the time.
    • Re:??????WTF?????? (Score:5, Interesting)

      by Hartree ( 191324 ) on Friday August 20, 2004 @01:20AM (#10019978)
      Sadly, this happens fairly often in research groups, and it's often hard to convince them to tighten things up. On the one hand, they say there's nothing commercially valuable on the machine, and that tightening security would lower productivity (usually false). On the other, they are often hard to convince that since much of the work and data is on the computers, they should have a good and tested backup system.

      Sooooo... They get cracked, and when they do, it causes major data loss and takes a long time to return the machines to full service as there are no recent backups. And somehow, it's the fault of the security type whose advice they ignored/derided.

      Been there, done that, wanted to strangle several research group leaders/members with the t-shirt.
    • by riptide_dot ( 759229 ) * on Friday August 20, 2004 @01:44AM (#10020063)
      FTA:

      "Given the fact that no financial records or systems were compromised, no safety or loss of life was threatened, and no critical system corrupted, we need to balance legitimate security needs with the legitimate needs of our scientists at the Pole," the memo reads.

      ...Other documents show that less than two months earlier the NSF's security team was plunged into a similar fire drill when a computer intruder named "PoizonB0x" penetrated the primary and backup data acquisition servers for a radio telescope at the station called the Degree Angular Scale Interferometer (DASI), which measures properties of the cosmic microwave background radiation -- the afterglow of the Big Bang. The intruder, rated a prolific website defacer by tracking site Zone-H, used his moment of cosmic access to erect a webpage on the servers proclaiming, "I love my angel Laura."


      Now, I'm not one for people snooping around in my stuff when they're not invited or anything, but consider this: The first hack modified a web page on a system that collects monitoring data (but most likely does not contain other meaningful data, like formulas), and the second intruder accessed no financial data, did not threaten safety, and did not corrupt any critical systems.

      Isn't it possible that the systems that were compromised were actually left insecure, not necessarily "on purpose", but because they felt that there wasn't much of a need to secure them in the first place? They probably calculated the possible risks and decided that, if both systems did in fact only contain informational webpages or data collected from their equipment, that there wasn't much point in worrying a lot about securing them (after all, who would really care about the data besides them?).
      • Ah! So maybe they are South Pole honeypots then. Put up some non-secure machines with interesting data, and let the script kiddies think they've hacked the south pole, when in reality the real machines are nice and safe.
      • "Given the fact that no financial records or systems were compromised, no safety or loss of life was threatened, and no critical system corrupted, we need to balance legitimate security needs with the legitimate needs of our scientists at the Pole,"

        We need to take three big steps back and look at the forrest as a whole. Systems are frequently compromised for indirect gains. Ie. A compromised system can be used as a "diving board" - to access other systems that the attacker may not otherwise have access
    • Re:??????WTF?????? (Score:5, Informative)

      by arivanov ( 12034 ) on Friday August 20, 2004 @01:58AM (#10020115) Homepage
      You have not dealt with academentia from a system managements perspective I guess. If you had you would have heard the phrase: "I am a professor and you are not even a PhD, you will not tell me what to do".

      In btw, I am speaking out of experience here.
    • Well, how much typing can you do in artic tempetures. Your typing can only be so good with Gortex gloves rated for the artic...
    • arent these scientist smart?

      not if they are having 'brain freeze'

  • by bakeacake ( 697316 ) on Friday August 20, 2004 @12:49AM (#10019831)
    all your base belong to us!
  • by Anonymous Coward on Friday August 20, 2004 @12:50AM (#10019835)
    Must be the penguins out tehre.
  • by Anonymous Coward on Friday August 20, 2004 @12:50AM (#10019840)
    That's cold, man... that's cold!
  • by Anonymous Coward on Friday August 20, 2004 @12:51AM (#10019844)
    I almost had FP, but the latency out here on the south pole is horrible.
  • Bah! (Score:4, Funny)

    by B3ryllium ( 571199 ) on Friday August 20, 2004 @12:53AM (#10019851) Homepage
    Purposefully insecure? That's the silliest thing I've ever heard. And I've heard it often. :)

    There must be SOME technology (VPNs, as previously mentioned, perhaps) that can make it both easy and secure?

    Heck, if they'll buy me the books and fly me down there, I'll fix it myself.
    • Re:Bah! (Score:3, Insightful)

      by spudgun ( 39016 )
      has anyone here on /. considered that it might be a link which goes up and down alot ?

      have you seen what happens when your encrypted link keeps dropping ....

    • Reminds me of a robot contest I judged once. The kid's had all sorts of justifications (at least in their mind) about how the lego-bot didn't really "need" any sensors to work. They had designed the algorythems to not require them.

      Better known as they programmed the thing to hit hard-coded start and stop sequences based on the internal clock, and were shocked and amazed when it didn't work.

      While I feel for them that this was a unique bit of equipment under some oddbals circumstances, you don't leave any

    • Didn't you read the blurb? The network is purposefully insecure to allow for communications under "difficult circumstances". I don't know what "difficult circumstances" are exactly, but if I had to guess I'd say that the wind and cold kept putting their firewalls out.
  • by AKAImBatman ( 238306 ) <akaimbatman@ g m ail.com> on Friday August 20, 2004 @12:54AM (#10019855) Homepage Journal
    Some people are just plain jerks. Sure, I want to know if my financial information is safe. But why should hackers take the time to bother scientific equipment?

    I can just see it now. A buoy in the ocean with millions of dollars in scientific instruments and sensors, collecting data for good of all mankind. Then some hacker finds his way in through the radio connection and manages to burn out or blow up the equipment by playing with the settings. His excuse? "See! It should have been secure! Next time you'll know better!" Way to miss the point, jack.
    • by DramaGeek ( 806258 ) on Friday August 20, 2004 @12:59AM (#10019885)
      They'll do it because it's a fairly good target. It's one-of-a kind, and hacking it got them at least an article at Securityfocus and a mention here. Sure, they don't really gain anything from it, but since when has that been a requirement of hacking?
      • by AKAImBatman ( 238306 ) <akaimbatman@ g m ail.com> on Friday August 20, 2004 @01:09AM (#10019943) Homepage Journal
        And I hope the law throws the *#@$ing book at them! It's all very funny until someone is seriously hurt by this type of hacking. "Oh, hah, hah! I broke their toy! They've got lots of money! No biggie!" That sort of thinking is absolute bull. Scientists have to work VERY hard to secure funds for their endevours. It can take literally YEARS to secure the funding for a SINGLE project! If they've built something that costs 1 million, you can bet that they only had money enough to build ONE.

        The worst part is that the scientist is doing it so that that jack*$$ who broke his system has new technologies and knowledge available to him! Yet this punk goes around trashing other people's stuff because it makes him "hip and cool", and he's "doing the scientists a favor by testing their systems". He has NO F###ING CLUE what kind of conditions this equipment has to operate under!

        Take the South Pole station in the article. They only get unreliable and intermittent Internet access from retired satellites that have had their orbits moved to support the South Pole! Only a FEW HOURS A DAY! And some hacker kid vandalizes them for trying to get work done.
        • It's all very funny until someone is seriously hurt by this type of hacking.

          A very real threat. In the 80s, Cliff Stoll watched a guy relay from his system into a machine called PETVAX. At the time, that machine controlled the output of a radioactive particle emitter. Specifically, it controlled whether it was routed to a medical patient or a science experiment.

          Read Cuckoo's Egg [amazon.com].
        • Scientists have to work VERY hard to secure funds for their endevours. It can take literally YEARS to secure the funding for a SINGLE project! If they've built something that costs 1 million, you can bet that they only had money enough to build ONE.

          I hate to say it, but then the scientists need to find someone WITH A COMPUTER SECURITY CLUE!

          I don't expect physicists to know how to secure a network. But I would expect that, if they are dealing with precious data and networks, that they would hire or find
    • Hackers are harmless dorks. Crackers are the evil ones. Learn the difference

      http://catb.org/~esr/jargon/
    • I totally agree. It disgusts me immensely.
    • But why should hackers take the time to bother scientific equipment?

      Because they can. What you are saying can be compared to ask robbers why they rob convinience stores and not banks. The chance of getting caught will be lower (or so they asume) and the positive result will be higher.

      The idea to defend your house against robbers is not to make it impossible to break in to. It means make it less attractive then your neighbours house. So from the point of the burglar, they will take the one with the highes
  • by strredwolf ( 532 ) on Friday August 20, 2004 @12:57AM (#10019868) Homepage Journal
    that pure blocks of ice a firewall does not make.

    Come on, physical location means nothing now!!!
  • This is obviously going to be blamed on Tux.
  • Back In The Day... (Score:5, Interesting)

    by cjsnell ( 5825 ) on Friday August 20, 2004 @01:01AM (#10019896) Journal
    There used to be a machine at McMurdo Station [nsf.gov] called mcmvax.mcmurdo.gov. I remember back in, oh, 1994 or so, sending finger requests to their machine and using the VMS equivalent of talk(1) (can't remember what it was called...) to send text messages to the folks logged on. I don't remember ever getting a response, though. It was also kind of fun to do traceroutes and pings to the machine. The network path was insane...apparently it went over satellite and the latency was usually at least 800ms+. Ah, memories...I miss the days when almost everyone ran open finger and talk/ntalk daemons.
    • by eamonman ( 567383 )
      When I was a frosh in college in 1995, I would ytalk/talk with my friends at other colleges all the time. MIT, Caltech, Northwestern, UC schools; all were open. I even had a login script to let me know who of my friends were on. I guess it was evanecent in some way. It was also really cool to get talk requests from people all around the world, wondering how you are, how things are in your bit of the world.

      Within four years, those ports were all shut down. Of course, we all had ICQ and AIM by then,
    • by Jah-Wren Ryel ( 80510 ) on Friday August 20, 2004 @03:14AM (#10020329)
      back in, oh, 1994 or so, sending finger requests to their machine and using the VMS equivalent of talk(1) (can't remember what it was called...) to send text messages to the folks logged on. I don't remember ever getting a response, though. It was also kind of fun to do traceroutes and pings to the machine. The network path was insane...apparently it went over satellite

      So, you were one of those guys? Where you the one who told all his friends about us? Back then we only had a 64bps (yes, that's right 64bps not 64kbps) link and it was always getting clogged up with tourists trying to check out our machine and see who was on. Lots of kids sending us silly "phone" requests, for a couple of months there nobody could get any work done at all. Thanks a lot dude!
  • How difficult are we actually talking about here? As far as I know, an international battle frontline can be the most difficult circumstance for system administrators to work in. But again, the military networks are the most secure. Needles to say, the hackers should know that destroying computer networks in an isolated place such as the Antartica could even go to the extent of costing lives, and it is high time the Amunden-Scot admins secured their networks.
  • by Q-Hack! ( 37846 ) * on Friday August 20, 2004 @01:11AM (#10019951)
    The main reason for running unsecure, is that the data pipe running to the South Pole is only open for just a few seconds at a time. You have to be able to transfer your data packet in little bitty windows of opportunity. If you have your data packaged in nice large security packets it will take forever to transfer your files, if at all. As soon as they come up with a better way to communicate with those stations I think they will be the first to secure there data.
    • So only accept traffic from one address on the other end of the data pipe. Then require a secure link to that.
    • Well couldn't you package the data in small security packets :) I don't think security would add THAT much overhead.

      Having been in an academic environment around people who have worked in Antarctica leads me to believe the reason they didn't want the system secure is well, they didn't want the system secure. Because they are in charge, they tend to get what they want (well, at least until there is a really big problem that requires external help). They wanted free and open exchange of information. Secur
  • by p0 ( 740290 ) on Friday August 20, 2004 @01:13AM (#10019958)
    CowboyNeal! You have just slashdotted an insecure server running the lifeline of dedicated scientists, far far away in Antartica! You insensitive clod!
  • by penguinoid ( 724646 ) on Friday August 20, 2004 @01:26AM (#10020003) Homepage Journal
    Would some Slashdotter with some spare time please hack their network and install SSH and a firewall? Thanks!
  • That would have solved two problems:

    1. They wouldn't have been 0wn3d so easily
    2. It would keep them toasty warm! [slashdot.org]

  • by syousef ( 465911 ) on Friday August 20, 2004 @02:02AM (#10020126) Journal
    ...and expect to get net burgaled. Really is that simple. Regardless of the technical or budgetary constraints that's the way it is. The internet is a nice borderless place and even if everyone at your base station is nice and honest, that doesn't mean there aren't criminals within reach of your data.

    The correct way to deal with this is to have a DMZ - a nice public facing internet machine that isn't as security critical as your primary experiment instrument. This may mean a compromise in terms of budget and/or data availability.
  • You gotta wonder... (Score:5, Interesting)

    by grcumb ( 781340 ) on Friday August 20, 2004 @02:03AM (#10020135) Homepage Journal
    As someone who's set up Internet servers in the high Arctic and who quite recently found himself posting 'I'm still alive' updates to my blog as the remote South Pacific island I was on was being battered by a hurricane, I STILL made sure to use ssh/ssl to connect to remote servers.

    I was dialed in over a microwave link running at about 10Kbps. Even pathetic bandwidth is no excuse not to use simple security measures.

    P.S. I'm posting from yet another Pacific Island, where I regularly use an ssh tunnel to connect to my home IMAP server, over a modem line that I share with 12 other computers on our local network.
    • by dave420 ( 699308 ) on Friday August 20, 2004 @04:23AM (#10020480)
      Low bandwidth is no excuse, but intermittent bandwidth is. If the link is only open for a very brief period of time, you could very well waste all that time establishing an SSH connection or VPN. By the time you came to securely download your data, the link is already closed and won't be back up for ages.

      It's unsecured through necessity, not through choice.

      • by saiha ( 665337 )
        If the transmission time is what is vital, then have it go through a proxy system which is only unsecured on the one end. Then locally it goes through sanity checks and any unsafe or strange actions are flagged. If no computer speciallists are availible then a scientist can go through a predefined process to resolve the difficulty.

        I know the scientists would rather work on their research but they are living in the 21st century just like the rest of us and security is a concern. If the hacking was important
  • by Raetsel ( 34442 ) on Friday August 20, 2004 @02:15AM (#10020174)

    I just found Big Dead Place [bigdeadplace.com] a couple days ago, and read their account of one of these 'hacker attacks' and Raytheon Polar Services' (RPSC) reaction to it.

    Short version: Everyone at the pole was pissed. Denver (RPSC headquarters) took away their porn^H^H^H^Hnet access, and thus made a bunch of already deprived individuals even more deprived.

    There's a ~500 K newsletter-spoof PDF [bigdeadplace.com] on the site that expresses some of their feelings.

    • "Kudos to the Denver IT staff for quickly responding to a hacker attack on South Pole Station. The attack occurred Friday night Denver time and our crack professional team denied the attacker access by immediately pulling the plug on Pole. They got back to dealing with the aftermath of this knee jerk response sometime Wednesday shortly after the last chocolate sprinkle donut had been eaten but shortly before nap time."
    There's also: Top Ten Reasons South Pole Can't Access the Internet [bigdeadplace.com]

    Some other interesting things on the site:

    • Raytheon says Antarctica is a 'foreign nation' for purposes of the Fair Labor Standards Act (overtime) and OSHA (asbestos exposure, etc.)

    • However... the IRS considers wages earned while working there the same as if they'd been earned inside the US.

    • Some people working there question whether or not the US Constitution applies (specifically the First Ammendment)

    • The whole bit about the Symmes Antarctic Intelligencer [bigdeadplace.com]

    • Frontierwatch [bigdeadplace.com] is a terrifically Dilbert-esque look into the day-to-day goings-on at the Pole.
  • by maxpublic ( 450413 ) on Friday August 20, 2004 @02:24AM (#10020204) Homepage
    The Amundsen-Scott station is very expensive to maintain. During the winter the entire base population can be as low as 17 individuals; this can increase significantly during a few months out of the summer, but with cuts in funding the total personnel at the station remains low.

    The station is designed for one thing: scientific research. With that in mind, the people you send to the station are those capable of doing the research, or those that are capable of maintaining the station so that others can do their research. Most of the folks there are conversant in a half-dozen jobs - *because they have to be*. There isn't enough funding for critical positions, much less a position like 'computer network administrator' which is nothing more than dead weight 99% of the time. A person who, if they can't also fix tractor engines, maintain the fuel-based heating system, and help calibrate various pieces of astronomical equipment, is nothing more than a waste of space, food, and energy.

    No doubt the Amundsen-Scott folks decided to do business 'as usual', e.g., in a not very secure manner, because a) who the hell would want to hack the system when there's nothing to gain?, and b) there isn't anyone there who's life work is system security.

    (In fact, I'm willing to bet they *could* secure the system in a decent manner, but never saw the point of it since they couldn't conceive of why anyone would want to mess with it in the first place. Frankly, I can't either; it takes a real jack-off to do something like this.)

    All those clueless gits out there who scream "they should have a network administrator!" might want to keep in mind that a network administrator isn't worth his weight in fuel to ship out there, much less keep around during the eight months of the year they're pretty much cut off from the outside world. And yes, that means *you*; if all you know is network administration/security then you're useless waste of good oxygen at Amundsen-Scott, and the people there neither want or need you cluttering up the cramped base, eating their food and using their heat.

    Max

    • All those clueless gits out there who scream "they should have a network administrator!" might want to keep in mind that a network administrator isn't worth his weight in fuel to ship out there, much less keep around during the eight months of the year they're pretty much cut off from the outside world.


      I administer numerous servers hundreds or thousands of miles away from me. No kidding. Who says I would have to be shipped down there to install things like patches, updates, firewalls, and the like?

      I'm t
    • All those clueless gits out there who scream "they should have a network administrator!"

      A network admin does not have to be on the spot - they can build a simple box required for the other end (plus a spare) and ship it down there with very clear concise setup instructions and a fat manual covering every aspect of the system. Having an identical box back home you can send simple messages down when things go seriously wrong, like "turn to page 32". You can probably get a simple embedded system off the shel

  • The real link... (Score:4, Informative)

    by Unnngh! ( 731758 ) on Friday August 20, 2004 @02:29AM (#10020212)
    ...is, of course, here [bigdeadplace.com].
  • by Reservoir Penguin ( 611789 ) on Friday August 20, 2004 @02:47AM (#10020272)

    Remember, RMS was against introducing passwords into the MIT AI lab, and when they eventually did it he sabotaged the system buy coercing users to choose a blank password. He even brags about it in the Revolution OS documentary.
    • Hmm, I haven't seen this documentary but there is a difference between sharing scientific knowledge (read access) and modifying that information with disreguard to authority (read/write access).

      I don't think a researcher would appreciate it if another, even a scientist, updated the research without the approval of the researcher. Reading that same information and giving feedback however, is different.
  • by losttoy ( 558557 ) on Friday August 20, 2004 @02:53AM (#10020287)
    Ease of use does not mean it has to be insecure!! Strong passwords and patched applications do not make usage difficult!!

    • Ease of use does not mean it has to be insecure!! Strong passwords and patched applications do not make usage difficult!!

      Complex things require complex computer systems. Complex computer systems are complex to keep secure, more so when you need to maintain some kind of level of usability.
  • by fejes ( 799784 ) on Friday August 20, 2004 @03:18AM (#10020336)
    Seriously, if you're setting up a network for a long term project, you set it up once, and move it all over there with everythig ready to go... (which means the Amundsun base might have been permanently been stuck with a network of 386's, had things worked that way.) Of course, my guess is that the computers wandered over there one at a time, with no coordinated plan - and no through beyond "we need a few computers, which people in the states need access too, located at the south pole!)

    The key issue is that if an academic is given a computer, they're not going to have the faintest idea of what's required security wise. [In fact, I've seen academics go out and buy really big (30") screens and fancy macintoshs just to run email and a browser, if that gives you an idea of the mindset of many in the scientific community.] - and other than the penguins (who only work for herrings and probably don't want to pay tax), there aren't any "neighborhood geeks" nearby to help them with their machines.

    I just spent two years in a science laboratory in North America at a VERY large institution. Of the two hundred or so scientists in that department alone, maybe ten or fifteen knew enough about computers to write HTML - and probably not a lot further. As the department evolved over time, computers were added in one at a time, by whom ever felt like putting in a computer. Thus, there wasn't a single coordinated plan , and some of the computers were left completely vulnerable intentionally! If there's no one in charge, no structure to coordinate the addition of computers, and no one able to make the decisions to put an infrastructure in place, there's no one to insist on security standards. Can you say welcome mat to hackers?

    I'd be willing to bet that that's exactly what happened at the South Pole. Someone decided they wanted to be able to share files with another scientist, and I'd doubt either had ever heard of SSH. Net result: they intentionally put a hole in the flimsy security they had to begin with. I can imagine the thought process: "I need to share a file with someone 30000km away.. lets just create an annonymous ftp to c:\, that way I won't have to worry about them not having access to anything they need!"

    Finally, the key point is that if you have computers at the south pole, it's going to cost an exorbitant amount to send someone out to mantain them, and the only alternative is to have the scientists call "tech support" back in the states (or is india closer?), which is probably like talking my father through a computer problem. It's bad enough when you're there, but 100x worse when you're at opposite ends of the country. Of course, if you leave a few "holes" open intentionally, someone back home can log in and maintain it for you. (-;

    Sorry for the overlong rant!
  • by GrahamCox ( 741991 ) on Friday August 20, 2004 @03:25AM (#10020353) Homepage
    What they need is more ICE!

  • Is "cracking" cold computers easier (like ice)?
  • by Anonymous Coward
    Can you really call it "cracking" if there was no security in the first place?

    It's like in Fahrenheit 9/11 where the cops "infiltrate" the peace group whose membership is, uh, open to the public.
  • by kirkjobsluder ( 520465 ) <kirk@@@jobsluder...net> on Friday August 20, 2004 @08:05AM (#10021215) Homepage
    Why link to a great article on the web if you are not going to provide an accurate summary?

    The point of the securityfocus.com article was not "South Pole Research Station Hacked Twice", but that the US DoJ has used this as a spin campaign to justify the cyberterrorism provisions of the patriot act.

    "The hacked computer ... controlled the life support systems for the South Pole Station that housed 50 scientists 'wintering over' during the South Pole's most dangerous season," reads the Justice Department report. "Due in part to the quick response allowed by [the USA Patriot Act], FBI agents were able to close the case quickly with the suspects' arrest before any harm was done to the South Pole Research Station."


    However, the FBI and DoJ's version of events is contradicted by the NSF internal assessment of the attack...

    And as described in the memo, released as a partially-redacted draft, the incident was something less than a cyber terror attack to begin with, and prompted a measured response from network administrators. "Given the fact that no financial records or systems were compromised, no safety or loss of life was threatened, and no critical system corrupted, we need to balance legitimate security needs with the legitimate needs of our scientists at the Pole," the memo reads.


    The previous security problems at the South Pole appears in the second to last paragraph as support for the claim that the attack was not threatening to life support at Amudsen-Scott.
  • by spineboy ( 22918 ) on Friday August 20, 2004 @08:05AM (#10021220) Journal
    ALL THESE WORLDS ARE YOURS EXCEPT EUROPA ^H^H^H^H^H the south pole
    ATTEMPT NO LANDINGS^H^H^H^H^H^H^H pwnings THERE

    -the black obelisk
  • by Gannoc ( 210256 ) on Friday August 20, 2004 @08:16AM (#10021290)
    Romainian cyber extortionists

    Look, here's some free advice. If you want to make people care about the problem, you need to call them "cyber-TERRORISTS".

    Many people don't know what extortion really means, but they know that terrorists can hurt their children.

    Geez, its a good thing you guys are mostly libertarian/democrat/green, because you'd make crappy republicans.

  • by GuyinVA ( 707456 ) on Friday August 20, 2004 @10:00AM (#10022362)
    ...Never mind
  • Hacked or Cracked? (Score:4, Informative)

    by runswithd6s ( 65165 ) on Friday August 20, 2004 @10:35AM (#10022838) Homepage
    You know. I'm disappointed that /. would get this wrong. Although the content of this topic has it right, why would you then title it with "hacked" [catb.org] instead of "cracked" [catb.org]? Of all places, /. should be setting the bar by using correct terminology.

Of course there's no reason for it, it's just our policy.

Working...