Connect with us

Science

Researchers peek at proprietary data of US particle physics lab Fermilab

Published

on

Multiple unsecured entry points allowed researchers to access data belonging to Fermilab, a national particle physics and accelerator lab supported by the Department of Energy.

This week, security researchers Robert Willis, John Jackson, and Jackson Henry of the Sakura Samurai ethical hacking group have shared details on how they were able to get their hands on sensitive systems and data hosted at Fermilab.

After enumerating and peeking inside the fnal.gov subdomains using commonly available tools like amass, dirsearch, and nmap, the researchers discovered open directories, open ports, and unsecured services that attackers could have used to extract proprietary data.

A naked FTP server

Among the exposed assets was Fermilab’s FTP server, ftp.fnal.gov, containing heaps of data that allowed “anonymous” login without a password.
Enlarge / Among the exposed assets was Fermilab’s FTP server, ftp.fnal.gov, containing heaps of data that allowed “anonymous” login without a password.

Sakura Samurai

The server exposed configuration data for one of the Fermilab’s experiments called “NoVa,” which concerns studying the purpose of neutrinos in the evolution of cosmos.

The researchers discovered that one of the tar.gz archives hosted on the FTP server contained Apache Tomcat server credentials in plaintext:

Sakura Samurai

The researchers verified that the credentials were valid at the time of their discovery but ceased experimenting further so as to keep their research efforts ethical.

Thousands of documents and project tickets exposed

Likewise, in another set of unrestricted subdomains, the researchers found over 4,500 tickets used for tracking Fermilab’s internal projects. Many of these contained sensitive attachments and private communications.

Sakura Samurai

And yet another server ran a web application that listed the full names of users registered under different workgroups, along with their email addresses, user IDs, and other department-specific information.

A fourth server identified by the researchers exposed 5,795 documents and 53,685 file entries without requiring any authentication.

“I was surprised that a government entity, which has over a half a billion-dollar budget, could have so many security holes,” Willis, the Sakura Samurai researcher, told Ars in an interview. “I don’t believe they have even basic computer security after this engagement, which is enough to keep you up at night. I wouldn’t want a malicious actor to steal important data, which has cost the US hundreds of millions to produce, while also leaving the potential to manipulate equipment that could have a severe impact.”

Serious flaws resolved swiftly

The research activities performed by Willis, Jackson, and Henry were consistent with Ferminab’s vulnerability disclosure policy. Fermilab was quick to respond to the researchers’ initial report and squashed the bugs swiftly.

“Fermilab managed the interactions regarding the findings in a quick and positive way. They didn’t question the authenticity of our vulnerabilities and immediately dug in and patched—acknowledging the sense of urgency,” Jackson said. “The first thought that we had was about the possibility of a nation-state threat actor acquiring this data, especially because it’s no surprise that Fermilab works on groundbreaking scientific research.”

“We knew we had to act quickly and inform Fermilab. Nonetheless, still crazy to see the ease in which we acquired sensitive data, which included credentials to scientific equipment and servers,” he added.

This discovery of a US government-funded national lab having serious security flaws that are trivial to exploit comes as multiple US federal agencies continue to be targets of cyberattacks.

Just last week, Ars reported that threat actors had potentially hacked at least five US government agencies via Pulse Connect Secure VPN vulnerabilities. Separately, the FBI is investigating an extortion attempt by ransomware operators against the Metropolitan Police Department in Washington, DC.

Fermilab declined to comment.

The researchers’ detailed findings related to the research are provided in their blog post.

Ax Sharma is a security researcher, engineer, and reporter who publishes in leading publications. His expertise lies in malware research, reverse engineering, and application security. He’s an active community member of the OWASP Foundation and the British Association of Journalists.

Continue Reading

Science

SpaceX to break the final frontier in reuse with national defense launch

Published

on

Enlarge / The GPS III SV-05 vehicle is encapsulated in the Falcon 9 rocket’s payload fairing.

Lockheed Martin

A few years ago one of SpaceX’s earliest employees, Hans Koenigsmann, told me one of the company’s goals was to take the “magic” out of rocket launches. It’s just physics, he explained.

As its Falcon 9 rocket has become more reliable and flown more frequently—18 launches so far this year, and counting—it seems that SpaceX has succeeded in taking the magic out of launches. And while reliability should definitely be the goal, such regularity does distract from the spectacle of watching a rocket launch.

But there are still some special Falcon 9 missions, and that’s certainly the case with a launch expected to occur at 12:09 pm ET (16:09 UTC) on Thursday from Cape Canaveral Space Force Station in Florida. With the launch of a next-generation GPS III spacecraft, SpaceX will fly a national security mission for the first time on a reused booster.

Last year the Space Force and SpaceX agreed to contract modifications allowing for the launch of this GPS III mission (Space Vehicle-05) and another one (SV-06) on reused Falcon 9 first-stage rockets. The Space Force agreed to allow the GPS III satellites to be launched into a different orbital perigee, enabling a drone ship recovery attempt. The first stage set to launch Thursday previously flew the GPS III SV-04 last November. In return for this accommodation, SpaceX agreed to some additional spacecraft requirements for future missions and saved the US government $52 million.

This represents an important signal from the military that it is ready to embrace reused rockets for its most important missions and is something of a final frontier for SpaceX as it seeks to push forward the reuse of Falcon 9 first stages. NASA has already launched its highest-value missions, astronauts, on a reused first stage with the Crew-2 flight in April.

Thursday’s GPS mission is a high priority for the Space Force, too, as it seeks to modernize its navigation constellation. This new generation of global positioning satellites, built by Lockheed Martin, have three times greater accuracy and an anti-jamming capability that is eight times higher than earlier versions. The next five GPS satellites, vehicles 06 to 10, are in various states of readiness for launch. And Lockheed Martin has been contracted to build up to 22 additional vehicles.

Weather for Thursday’s 15-minute launch window looks reasonable, with only a 30 percent chance of unfavorable conditions. Upper-level winds may be a concern, however. The SpaceX webcast embedded below should begin about 15 minutes before the launch window opens.

Launch of GPS III SV-05 mission.

Continue Reading

Science

After ruining 75M J&J doses, Emergent gets FDA clearance for 25M doses

Published

on

Enlarge / The Emergent BioSolutions plant, a manufacturing partner for Johnson & Johnson’s COVID-19 vaccine, in Baltimore, Maryland, on April 9, 2021.

The US Food and Drug Administration is making progress in its efforts to sort out the fiasco at Emergent BioSolutions’ Baltimore facility, which, at this point, has ruined more than 75 million doses of COVID-19 vaccines stemming from what the regulator identified as significant quality control failures.

In March, news leaked that Emergent ruined 15 million doses of Johnson & Johnson’s vaccine as well as millions more doses of AstraZeneca’s vaccine. The spoilage happened when Emergent cross-contaminated batches of the two vaccines with ingredients from the other.

Last week, the FDA told Emergent to trash about 60 million more doses of Johnson & Johnson’s vaccine due to similar contamination concerns, The New York Times reported.

But at the same time, the agency cleared 10 million doses of Johnson & Johnson’s vaccine for use—with the catch that the doses must carry a warning saying that the FDA cannot guarantee Emergent followed good manufacturing practices while making them. And on Tuesday, the FDA cleared an additional 15 million doses of Johnson & Johnson’s vaccine, bringing the total number of acceptable doses to just 25 million, according to The Wall Street Journal.

Still, more than 100 million finished doses of Johnson & Johnson’s and AstaZeneca’s vaccines are still in limbo at the facility, awaiting FDA review. All of the doses at the facility were made prior to April 16, when the FDA shut down production after an investigation found sweeping and significant quality control failures and manufacturing violations.

Some lawmakers say the issues were clear before the investigation; Emergent has a long track record of such problems, as well as trouble fulfilling contracts.

Troubled past

Still, the manufacturer was contracted during the pandemic to produce both the Johnson & Johnson’s one-dose vaccine and AstraZeneca’s vaccine, which use similar adenovirus-based vaccine platforms. Emergent had also been awarded millions of dollars in federal grants to help respond to the pandemic swiftly, including $27-million monthly “reservation” payments to keep its facility at the ready to produce large amounts of vaccine under proper manufacturing standards and practices.

But the FDA’s nine-day inspection of the Baltimore facility, which began April 12, revealed that Emergent wasn’t putting that money to good use. FDA inspectors logged a long list of problems, including unsanitary conditions, paint peeling off of the walls and floors, black and brown residue on surfaces, improperly trained staff, and numerous opportunities for vaccine products to be contaminated. For instance, inspectors witnessed Emergent employees dragging unsealed, non-decontaminated bags of medical waste across different areas of the facility. In some cases, employees tossed unsealed bags of medical waste in an elevator.

Though Emergent had already scrapped the initial 15 million contaminated vaccine doses at the time, FDA inspectors concluded that “there is no assurance that other batches have not been subject to cross contamination,” the inspectors wrote.

The FDA shut down production April 16 and has been sorting through the premade doses ever since. For the most part, Emergent’s failures have not had a significant impact on vaccination efforts in the US. All of the doses of Johnson & Johnson vaccine administered in the US were made in the Netherlands. And demand for the one-shot vaccine has slipped amid slowed vaccination rates and concern over an extremely rare but life-threatening blood-clotting condition. In fact, US regulators recently extended the expiration data on millions of doses that have gone unused. AstraZeneca’s vaccine, meanwhile, is not yet authorized for use in the US.

However, Emergent’s failures have global effects—many of the doses have been earmarked to be donated to other countries in need of vaccine supplies. The contamination problem has held up the export of potentially usable doses.

In a statement Tuesday after the FDA cleared the additional 15 million doses, Emergent said:

We welcome the approval of an additional batch of J&J vaccine made at Emergent. We remain committed to addressing the FDA’s observations in order to resume production as soon as possible and look forward to continuing our work to end this pandemic.

Federal officials stripped Emergent of its control of the Baltimore facility back in April, putting Johnson & Johnson in charge and telling AstraZeneca to find another manufacturer. Federal lawmakers, meanwhile, opened a multipronged investigation into whether Emergent used ties to the Trump administration to improperly obtain lucrative government contracts.

Continue Reading

Science

Cold-War-era missile launches three modern-day spy satellites

Published

on

Enlarge / A Minotaur rocket launches the NROL-111 mission on Tuesday.

Trevor Mahlmann

For the first time in nearly eight years, a Minotaur 1 rocket launched into space Tuesday from NASA’s Wallops Flight Facility in Virginia. The rocket, which is derived from Cold-War-era surplus missiles, carried three classified satellites into orbit for the US National Reconnaissance Office.

This was the first launch of the four-stage Minotaur 1 rocket since a demonstration mission for the Air Force in 2013, which also orbited 23 CubeSats. Although the current mission was delayed for more than two hours by poor weather on Tuesday morning, it successfully launched at 9:35 am ET (13:35 UTC).

The Minotaur 1, which has the capacity to launch a little more than 500 kg into low Earth orbit, is a mix of decades-old technology and modern avionics. The vehicle’s first and second stages are taken from a repurposed Minuteman I missile, the first generation of land-based, solid-fuel intercontinental ballistic missiles. These missiles were in service from 1962 to 1965 before they were phased out in favor of the Minuteman II and Minuteman III missiles. The latter ICBMs are still in silos today.

To configure the Minotaur 1 rocket for satellite launches, engineers added two additional stages based on Orion solid rocket motors. These orbital rockets are now built and launched by Northrop Grumman. In addition to the Minotaur 1 vehicle, the company also supports the larger Minotaur C and Minotaur IV launch vehicles based on Peacekeeper missiles.

The small rockets are not cheap. This Minotaur I launch cost the Air Force $29.2 million when it procured the rocket for the National Reconnaissance Office in 2016. By contrast, Relativity Space, Firefly, and ABL Space are all developing rockets more capable than the Minotaur 1, with about 1 metric ton of lift capacity, at a fraction of its cost.

However, the Minotaur line of vehicles has a perfect record across 28 missions, having launched from Alaska, California, Florida, and Virginia with 100 percent success. The US military values this kind of reliability and the operational readiness of a solid-motor rocket.

Lt. Col. Ryan Rose, chief of the Space and Missile Systems Center Launch Enterprise’s Small Launch and Targets Division, said in a statement that she is looking forward to future launches from Northrop Grumman: “This success continues to reinforce that the Launch Enterprise has multiple paths to rapidly acquire agile launch services for small satellites and will continue to take advantage of the latest in small launch technologies.”

As for the top-secret payloads launched Tuesday, it’s a good bet they are spy satellites of some sort. The National Reconnaissance Office is charged with a “mission of providing critical information to every member of the Intelligence Community, two dozen domestic agencies, our nation’s military, lawmakers, and decision makers.” So they’re probably reading this article—from space.

Continue Reading

Trending