Attackers infiltrating supercomputer networks

Unknown attackers have compromised a large number of Linux and Solaris machines in high-speed computing networks at Stanford University and other academic research facilities, according to an advisory.

The attacks, which apparently compromised servers as recently as April 3, are currently being investigated, according to an advisory posted April 6 by the Information Technology Systems and Services (ITSS) group at Stanford.

"Stanford, along with a large number of research institutions and high-performance computing centers, has become a target for some sophisticated Linux and Solaris attacks," ITSS said in its Web advisory. "The attacker appears to be deliberately targeting machines in academic and high-performance computing environments, rather than attacking systems indiscriminately."

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Members of Stanford's security team declined to comment, and the university's chief information security officer could not immediately be reached.

It is unclear when the attacks first occurred. The advisory listed one breach as occurring April 3. The unknown attackers use common password-cracking tools to gain access to any account on a server and then gain further access by using security flaws in the software.

"The perpetrators regularly gain access to an unprivileged local user account, presumably by sniffing passwords, cracking passwords from other compromised systems, or by triggering vulnerabilities in remotely accessible services," the advisory states.

Such local vulnerabilities, as they are called, have led to several compromises on the servers used to host Linux development and distribution in recent months.