A group of “ethical hackers” has obtained access to sensitive systems and proprietary online data hosted by the Fermi National Accelerator Laboratory in the US after accessing multiple unsecured entry points in late April and early May. The group – Sakura Samurai – discovered configuration data for the lab’s NoVa experiment and more than 4500 “tickets” for tracking internal projects.
The Sakura Samurai team has previous experience probing the vulnerabilities of scientific and educational organizations, which hold critical information that if leaked could put those institutions at risk. “Fermilab was no different,” Sakura Samurai leader Robert Willis told Physics World. “Oversharing can be very dangerous, especially when it’s sharing credentials that could enable a malicious actor to take over a server with the potential to move across their network to access items that the organization wouldn’t even think of being vulnerable.”