Skip to main content
Projects and facilities

Projects and facilities

Ethical hacking group worms its way into Fermilab

18 May 2021
Fermilab
Access all areas: The Sakura Samurai group of ethical hackers infiltrated Fermilab’s data systems with the knowledge of the lab’s managers. (Courtesy: Fermilab/Reidar Hahn)

A group of “ethical hackers” has obtained access to sensitive sys­tems and proprietary online data hosted by the Fermi National Accel­erator Laboratory in the US after accessing multiple unsecured entry points in late April and early May. The group – Sakura Samuraidis­covered configuration data for the lab’s NoVa experiment and more than 4500 “tickets” for tracking internal projects.

The Sakura Samurai team has previous experience probing the vulnerabilities of scientific and edu­cational organizations, which hold critical information that if leaked could put those institutions at risk. “Fermilab was no different,” Sakura Samurai member Robert Willis told Physics World. “Oversharing can be very dangerous, especially when it’s sharing credentials that could enable a malicious actor to take over a server with the potential to move across their network to access items that the organization wouldn’t even think of being vulnerable.”

Providing the wrong sensitive information can put not just one asset, but everything, at risk

Robert Willis

The hacking team targeted Fer­milab because of its openness and the size of the lab. The hack was per­formed with Fermilab management’s knowledge so that they could “lock down” critical information before it was performed. “[Fermilab] seemed interesting as it has a vulnerability disclosure programme and is also a physics lab with lots of machinery and a half-billion-dollar grant,” adds Willis. “That would make it very attractive to a threat actor looking to ransomware their assets to hold them hostage.” Indeed, the hacking team found its effort time-consum­ing owing to Fermilab’s basic open­ness. “Some findings were without a doubt critical and didn’t need veri­fication from Fermilab. But other findings relied on communications with Fermilab to verify,” Willis says.

Nevertheless, the ethical hacking group found the hack to be relatively simple, with many of the findings emerging with manual methods and basic tools that allowed them to navigate the file structure to find open ports and services. “We may very well have saved Fermilab from a future ransomware attack, consid­ering a set of credentials would have given us the proper access to infect a server, and go from there,” says Wil­lis, who adds that once lab managers were informed of the security issues they responded quickly. “The lab handled the situation very well and fast,” says Willis. “From initial con­tact to their internal verification and remediations, the entire process was under two weeks.”

Culture of sharing

Fermilab spokesperson Tracy Marc notes that the lab “takes all reports of cybersecurity vulnerabili­ties seriously, and we are continuing to review the matter”. She denies any concern that experiments could be vulnerable to unethical hacking that could change results, because, she says, their data are “made available through controlled authorization and access methods”.

Willis claims that many of the hacks on large organizations happen because of a lack of understanding of what hackers can do. That can be problematic for managers of organi­zations like Fermilab that have a cul­ture of sharing. “Treat all publicly accessible information as if someone wants to do something malicious with it,” says Willis. “Providing the wrong sensitive information can put not just one asset, but everything, at risk.”

Copyright © 2024 by IOP Publishing Ltd and individual contributors