From University of Toronto: “U of T staff (ethically) hack CERN, world’s largest particle physics lab”

U Toronto Bloc

University of Toronto

CERN, the international lab near Geneva, is home to the Large Hadron Collider, the world’s largest particle accelerator (photo by Claudia Marcelloni/CERN).
U of T staff (ethically) hack CERN, world’s largest particle physics lab.
In Geneva, where U of T scientists are on the frontier of physics with world’s largest particle accelerator.

It takes 22 member states, more than 10,000 scientists and state-of-the-art technology for CERN to investigate the mysteries of the universe. But no matter how cutting-edge a system is, it can have vulnerabilities – and last year University of Toronto employees helped CERN find theirs.

CERN, the European Organization for Nuclear Research, asked for help to hack its digital infrastructure last year, organizing the White Hat Challenge. Allan Stojanovic and David Auclair from U of T’s ITS Information Security Enterprise and Architecture department, along with a group of security professionals, were more than willing to answer the call.

Passionate advocates for information security, Stojanovic and Auclair say regular testing is essential for any organization.

“Vulnerabilities are not created, they are discovered,” says Stojanovic. “Just because something has been working, doesn’t mean there wasn’t a flaw in it all along.”

Their director, Mike Wiseman, supported their participation in the challenge. “This competition was an opportunity to bring experts together to exercise their skill as well as give CERN a valuable test of their infrastructure.”

Stojanovic first heard about the challenge during a presentation at a Black Hat digital security conference. He jumped at the opportunity, immediately approaching the presenter, Stefan Lüders, CERN’s security manager.

Stojanovic put together a group of eight industry professionals (pen testers, consultants, Computer Information Systems administrators and programmers), set goals for the test and created a ten-day timeline.

Any penetration test involves three main stages: scoping, reconnaissance and scanning. Before the scanning stage begins, testers are not allowed to interact with the system directly, but try to learn everything they can about it.

During the “scoping” stage, testers define what is “in scope” and specify what IP spaces and domains they can and cannot probe during the testing. The “recon” stage is exactly what it sounds like: reconnaissance. The testers try to find out everything they can about the domains that are in scope, helping guide them towards potential weaknesses.

With scoping and recon complete, the team was able to officially begin the scanning stage. Scanning is like a huge treasure hunt, beginning with a broad search and gradually narrowing it down, burrowing deeper and deeper into the most interesting areas and letting go of the others.

This went on for nine days. It was a gruelling process – the team would find a tiny foothold, investigate it, but nothing significant would emerge. This happened again and again.

Finally, Stojanovic was woken up one day by a short message, “I got it!” Someone on the team had solved the puzzle – a breakthrough generated by multiple late nights of patient analysis.

Details of the breakthrough are kept secret due to a confidentiality agreement with CERN. But after more than two weeks of work, the team revealed weaknesses in CERN’s security infrastructure and provided important recommendations on how to improve it.

CERN’s security group was then able to roll out fixes and address the identified vulnerabilities before U of T’s formal report even hit their desks.

Stojanovic hopes that his team’s success will encourage educators to use penetration testing as a pedagogical tool. “It’s a lot of really fantastic experience,” he says, adding that these are the hands-on skills that new security professionals are going to need in the fast-growing information security industry.

Stojanovic hopes that other institutions, including U of T, will follow CERN’s lead in opening themselves up to testing of this nature.

And this won’t be the last CERN will see of U of T – Lüders has already asked for round two.

The U of T at CERN

Working on a small piece of the world’s largest experiment, it’s easy to lose sight of the big picture.

Kyle Cormier, a University of Toronto grad student in particle physics, is a member of U of T’s research group at CERN, the sprawling international lab on the French-Swiss border that is home to the largest particle accelerator, the Large Hadron Collider.

His job? Researching a silicon microchip for a planned upgrade to the 7,000-tonne Atlas detector, one of four major experiments at the LHC. He has designed, tested and redesigned the chip to withstand extreme cold and radiation exposure – all so that it can read data from proton collisions without needing a tune-up for at least a decade.

It may not sound glamorous, but it’s the type of precise, exacting work that led CERN researchers to the 2012 discovery of the Higgs boson, a particle that had been theorized in the 1960s.

“If you’re on a big hike up a mountain, you’re stepping over root branches working your way up,” Cormier says.

Professor Pekka Sinervo and U of T students, including Vincent Pascuzzi, Joey Carter, Laurelle Veloce, Kyle Cormier (seated right), at CERN outside Geneva (photo by Geoffrey Vendeville)

At first glance, CERN, a collection of low-slung concrete buildings on the outskirts of Geneva, doesn’t look like a state-of-the-art, multibillion-dollar research facility. But deep underground, the accelerator races protons around a 27-kilometre ring until they are travelling nearly the speed of light and then smashes them together. Like crash scene investigators looking for clues in rubble, scientists analyze the debris from the collisions, which send subatomic particles flying in every direction.

CERN scientists used this method to detect the Higgs boson in 2012, a particle explaining why others have mass. Now they’re digging even deeper, investigating questions such as the nature of dark matter.

The mysterious type of matter, which makes up more than a quarter of the universe, has puzzled scientists since the first clues about its existence arose in the 1930s through astronomical observation and calculations.

“We’re at the point where we’ve looked where the light’s brightest,” says Pekka Sinervo, a professor of experimental high energy physics at U of T. “Now we’re looking in all the dark corners that are hard to investigate.”


Researchers may still be a long way off from answering the dark matter riddle, but some breakthrough is just a matter of time, says Laurelle Veloce, who is also studying particle physics at U of T and working at CERN.

“You just put one foot in front of the other and eventually you know someone will find something,” she says.

The U of T research group is the largest Canadian team working on the Atlas experiment, with 17 graduate students, four postdocs and six faculty members. Over the summer, undergraduate students can take a summer course at CERN.

Olivier Arnaez, now a U of T postdoc, spent years searching for the Higgs. When CERN researchers had gathered enough statistical evidence to confirm the discovery of a new particle, there was no eureka moment, he recalls – just relief.

“We were happy because we knew we could sleep soon,” he says, “which didn’t happen because we then had to investigate more properties of the Higgs.” The celebrations involved litres of champagne and Nobel prizes for the theorists who proposed the Higgs mechanism decades earlier.

Years of research at CERN haven’t been without setbacks, however. Only nine days after the first successful beam tests in 2008, a soldering error caused an accident that put the project behind schedule by more than 18 months. And last year, researchers who thought they had discovered another new particle admitted they had misinterpreted the data.

But researchers are still hopeful and morale remains high, says Sinervo.

“We’re trying to do things every day that nobody has ever done before,” he says.

Engineering a microchip to work for 10 years without the need for repair, as his student Cormier is doing, is no small feat, he adds. “That’s like how you build spaceships for a moonshot.

“We know that there is going to be some discovery over the horizon,” Sinervo says. “How far do we have to go to reach it? That’s something we don’t know.”

See the full article here .

Please help promote STEM in your local schools.


Stem Education Coalition

U Toronto Campus

Established in 1827, the University of Toronto has one of the strongest research and teaching faculties in North America, presenting top students at all levels with an intellectual environment unmatched in depth and breadth on any other Canadian campus.

Established in 1827, the University of Toronto has one of the strongest research and teaching faculties in North America, presenting top students at all levels with an intellectual environment unmatched in depth and breadth on any other Canadian campus.