Computer Security: CERN under friendly poking

At the beginning of September, CERN’s computing systems came under attack. Adversaries tried to find their way into CERN’s Windows infrastructure with the aim of taking over the essential central Domain Controllers. And the experts from the University of Toronto did a great job!

Reviewing CERN’s computer security defences is part of our catalogue of best practices, as it is naturally better to identify suboptimal configurations under friendly fire than to succumb to evil BlackHats exploiting them for their malicious deeds. Therefore, CERN’s Computer Security Team repeatedly reviews and audits the various computing services, control systems, web applications, and software implemented and deployed at CERN.

But having an independent review can shed light from a different angle and highlight weaknesses and vulnerabilities missed by our audits. Enter the University of Toronto, where Allan Stojanovic and his team of professional hackers took up the challenge of trying to break into CERN, namely its Windows computing infrastructure.

During the first weekend of September 2017, Allan and his colleagues scanned CERN’s computing infrastructure as it is visible from the Internet – the “reconnaissance” phase. Having identified potential areas of interest, they then tried to take over servers and websites belonging to the Windows computing infrastructure – i.e. they tried to penetrate computing facilities that are usually protected behind CERN’s outer perimeter firewall.

Once inside, their mandate would have allowed them to continue as far as they could to show that they could have taken over administrator rights on the so-called central Domain Controllers, the core systems of the Windows infrastructure. Becoming administrators of those servers would have provided them with full access to any other centrally managed Windows system at CERN. In order to avoid any accidental damage, every step taken by them was coordinated and authorised by CERN’s Computing Security Officer. After three days of heavy poking, some frustration, and lots of pizza and coffee, the exercise ended and Allan provided CERN with a detailed report of significant, less significant and collateral areas for improvement. Thank you very much, Allan and colleagues!!! All of those weaknesses have now been addressed.

And we have not finished yet. The IT department and the Computer Security team are considering teaming up with other professional companies and teams to further poke around for areas for improvement under the umbrella of CERN’s WhiteHat Challenge. Given the complexity and vastness of CERN’s computing facilities, there must be more weaknesses!

And you can join in: if you also want to become a penetration tester and learn how to detect vulnerabilities, poke for weaknesses and identify potential areas for improving CERN’s computer security in general – or the security of your computing service, control system, web application or software in particular – sign up to the WhiteHat Challenge. Roughly 140 people plus six universities have done so far, constantly improving CERN’s computer security defences!


Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, visit our website or contact us at Computer.Security@cern.ch.