You are viewing ijish

The identity of the potentially vulnerable CRU computer that was: crua6.cru.uea.ac.uk

On 27 Feb I mentioned that there was a machine in the CRU computer network that was running an old version of an Internet service, thus potentially making it vulnerable to outside attacks. Since the machine seems offline now (to me), I think I can now reveal the identity of the machine: it's crua6.cru.uea.ac.uk (IP address 139.222.104.9).

There are several references to crua6 in the FOI2009.zip archive. In FOIA/documents/cru-code/linux/readme.txt we have this:

The code in this directory was (mostly) originally written in Compaq f90 on crua6, and was (mostly) subsequently ported to work under the Portland Group f90 compiler on the UEA Beowulf cluster (beo1.uea.ac.uk). This code has been ftp'd back to here to be within reach of crua6 users.
The fully qualified name crua6.cru.uea.ac.uk occurs in the metadata of a number of files, such as FOIA/documents/osborn-tree6/summer_modes/briffafig_page1.pdf. And I should also mention that the name crua6 pops up in FOIA/documents/HARRY_READ_ME.txt. :)

At this point we can ask: So did the CRU cyber-attacker use crua6 as an entry point to infiltrate the CRU network? I think for that to happen, the cracker will need to know that the machine exists, and also know what operating system and instruction set architecture it uses. And it's quite possible for an attacker to know these things: there's an indication that this information was (partly) available on CRU scientist Tim Osborn's home page, for one. Furthermore, the cracker will need to learn enough about the OS and instruction set to compromise programs written for it...

Then again, the attacker might have simply chosen an easier attack path.