DeepSec 2013 Talk: Hack The Gibson – Exploiting Supercomputers
Compromising and controlling a large number of computers is a big advantage for attackers. The best example are the botnets consisting of hundreds, thousands or millions of systems infected by malicious software. These herds of compromised nodes receive commands from Command & Control (C&C) servers. In a sense this is massive parallel computing, but unfortunately it isn’t used for scientific purposes. Instead these nodes send unsolicited e-mails (a.k.a. spam), perform Distributed Denial of Service (DDoS) attacks, or do other tasks for their masters. The infection process is highly automated. Scripts looks for promising targets, attack them, install the botnet software, and add them to the herd’s network. Great. But what about infecting whole networks of nodes instead of nodes one by one?
Modern supercomputers are based on a multi-node architecture. Individual nodes are part of the whole and are linked by a logic that distributes tasks. Parallelisation is the key, not building a single powerful machine. Systems with the same configuration and connected to the network are tempting targets. John Fitzpatrick and Luke Jennings will talk about the security of supercomputers at DeepSec 2013. Their presentation is titled Hack The Gibson – Exploiting Supercomputers. They will show you exploit techniques and previously undocumented attack techniques. 0wning 20,000 nodes at once can be a short-cut for building your personal botnet.
The content of their talk is valid for the majority of the top 500 supercomputers around the world. The methods can also be applied to large scale installations or any other computing grid where the nodes communicate via the network. You should definitely attend this talk if you maintain computing grids, deploy them, run a supercomputer connected to the Internet, or are interested in attacking thousands of nodes at once.