ARCHER, one of the UK’s most powerful research supercomputers, has been knocked offline indefinitely due to a “security exploitation” of its login nodes, in an attack which also affected the wider academic community in the UK and Europe. As a result, all of ARCHER’s existing passwords and SSH keys are being rewritten, and a strong warning has been issued against users logging in with existing credentials.
A spokesperson for Edinburgh University, where ARCHER is based, said the institute was “currently investigating” the issue. “On the 11th May 2020 our technology partners were notified of a potential issue that indicated some user accounts may have been misused to gain unauthorised access to the service,” they said. “Investigations by our technical teams confirmed that a small number of user accounts had been affected so the decision was taken to disable access to allow further work to confirm the extent of the issue.”
The university is working with the National Cyber Security Centre (NCSC) and its technology partners to forge a path to recovery and determine when systems can be brought back online. It said that there is nothing to suggest any research, client or personal data was impacted by the attack. A status update on Thursday said that it’s hoped ARCHER will return to service early next week but that this will be conditional upon the results of diagnostic scans taking place and consultation with NCSC.
Attacks on supercomputers have been rare up until now, but that doesn’t mean they are less susceptible than other computers. “A supercomputer is not as exotic as it sounds,” says Antonios Michalas, assistant professor in the Department of Computing Sciences at Tampere University. “Currently, most of the existing supercomputers rely on traditional hardware, with the exception that they have many many resources.”
Because supercomputers aren’t attached to a terminal, there’s surrounding infrastructure that allows people to log in remotely. It appears that the attack wasn’t levelled directly at ARCHER, but its perimeter. “The fact that they are having to change all the passwords and all the SSH keys suggest that somebody somehow managed to get a Secure Shell – maybe through somebody having inadvertently given away the keys or the password,” says Alan Woodward, a cyber security expert at the University of Surrey. Woodward says if the SSH key was generated by a password, the password could potentially have been obtained in a phishing attack or through a hacked device. “Most of these situations are not some terribly clever technical thing, but actually the weak human is the link,” he says.
ARCHER is on a range of research projects, such as modelling weather patterns and biomedical data, simulating the Earth’s climate and designing new materials. But its role in supporting a number of different COVID-19 research projects might have proven a particular draw to hackers.
“I am not sure if anyone can say for sure whether this is a targeted attack to either exfiltrate data relating to Covid-19 research or it was an attack to slow the progress of research into Covid-19 by state actors – or whether it was simply a ‘indiscriminate scan attack’ which happened upon the supercomputer,” says Kevin Curran, professor of cybersecurity at Ulster University.
Curran believes we can expect more attacks on supercomputers carrying out biological modelling in future. “Organised cybercrime and nation-states are able to install malware (often through infected USB & other hardware interfaces) which can reside on ‘air-gapped’ machines and also use internal communication chips (in the device) to send the data out to the spies receiver outside,” he said in an email. “Israeli researchers demonstrated how to steal data that bypasses all of these protections — using the GSM network, electromagnetic waves and a basic low-end mobile phone. So it is very difficult to protect a targeted asset such as ARCHER.”
Shadow digital, science and technology minister Chi Onwurah said: “Our research sector is vital to tackling the pandemic, and the ability to run calculations on the UK HPC System of models and forecasts is crucial to leading us all safely out of lockdown. We need urgent clarity on the causes of this breach and what impact it might have on ongoing research into the coronavirus and potential therapies”.
She added: “Even short delays to modelling can have a large effect down the line, as this can hold up laboratory work, where delays can get compounded due to the strict scheduling required to due to social distancing.”
Archer has resided at Edinburgh University since 2013, but is due to be replaced this year with the more powerful Archer2.