The identity of the potentially vulnerable CRU computer that was: crua6.cru.uea.ac.uk
On 27 Feb I mentioned that there was a machine in the CRU computer network that was running an old version of an Internet service, thus potentially making it vulnerable to outside attacks. Since the machine seems offline now (to me), I think I can now reveal the identity of the machine: it's
crua6.cru.uea.ac.uk (IP address 18.104.22.168).
There are several references to
crua6 in the
FOI2009.zip archive. In
FOIA/documents/cru-code/linux/readme.txt we have this:
The code in this directory was (mostly) originally written in Compaq f90 on crua6, and was (mostly) subsequently ported to work under the Portland Group f90 compiler on the UEA Beowulf cluster (beo1.uea.ac.uk). This code has been ftp'd back to here to be within reach of crua6 users.The fully qualified name
crua6.cru.uea.ac.ukoccurs in the metadata of a number of files, such as
FOIA/documents/osborn-tree6/summer_modes/b. And I should also mention that the name
crua6pops up in
At this point we can ask: So did the CRU cyber-attacker use
crua6as an entry point to infiltrate the CRU network? I think for that to happen, the cracker will need to know that the machine exists, and also know what operating system and instruction set architecture it uses. And it's quite possible for an attacker to know these things: there's an indication that this information was (partly) available on CRU scientist Tim Osborn's home page, for one. Furthermore, the cracker will need to learn enough about the OS and instruction set to compromise programs written for it...
Then again, the attacker might have simply chosen an easier attack path.