Britain’s Archer Supercomputer hacked; unknown hackers exploited vulnerability in login nodes
Seems like the United Kingdom is in security headlines again. Earlier its ANPR network leaked information of nearly 8.6 million car rides and now it has had to take its top Archer Supercomputer offline due to a hacking attempt.
Archer Supercomputer, often called United Kingdom’s most powerful supercomputer was hacked on 11th May 2020 at 16.30 hrs British time. The Archer supercomputer status page says that security exploitation on the ARCHER login nodes, the sysadmin has taken a decision to disable access to ARCHER while further investigations take place.
The status page states that hackers exploited some unknown vulnerability in its login nodes, forcing Archer to rewrite of all user passwords and SSH keys. The incident left many Archer supercomputer users without any access. The sysadmins warned them to change their passwords and SSH keys immediately.
Since Archer supercomputer hacking is a big incident it will be investigated by Britain’s top agencies. However, the sysadmin feel that the Archer supercomputer hack may be a part of much bigger hacking attack on academic computers all across Europe and the U.K.
We would like to provide an update on the ARCHER Security Incident.
We now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere in Europe. We have been working with the National Cyber Security Centre (NCSC) and Cray/HPE in order to better understand the position and plan effective remedies.
Unfortunately, due to the severity of the situation, the ARCHER Service will not be returned before Friday 15th May. We will review the situation with UKRI and NCSC on Friday and will then provide a further update to you.
The RDF will not be available initially when the ARCHER Service is returned. This includes the Data Transfer Nodes (DTNs), the Data Analytic Cluster (DAC) and the RDF filesystems, /epsrc and /general.
All of the existing ARCHER passwords and SSH keys will be rewritten and will no longer be valid on ARCHER.
When the ARCHER Service is returned, there will be a requirement to connect to ARCHER using a SSH key and a password. It is imperative that you do not reuse an old password or ssh key. Further details will be provided on how to do this.
Sysadmin took Archer supercomputer out of circulation immediately after the hack attack was discovered. It is not known which vulnerability the hackers exploited or what they were after on the Archer supercomputer. Prima Facie it looks like they only overwrote the passwords and SSH keys. But in all likelihood, there is more to the hacking incident than what the Archer admins are stating.
This is a developing story and we will keep you updated.