Security incident knocks UK supercomputer service offline for days

Britain’s main supercomputing service for academic research has been unavailable since Monday following a security incident that forced administrators to reset user passwords.

The ARCHER computing service, which scientists use to model climate change, coronavirus, and other societal challenges, likely won’t be available until at least next week as U.K. government cyber officials continue to help the system recover. ARCHER —  a set of powerful hardware and simulation software housed at the University of Edinburgh — recently made available to its users a tool for simulating the extent of the COVID-19 outbreak.

Scientific data and know-how has been in the crosshairs of hackers during the COVID-19 pandemic as governments around the world race to understand and treat the disease.

It was unclear who was responsible for the security incident. A spokesperson for the U.K.’s National Cyber Security Centre told CyberScoop the agency was aware of the incident and providing support for ARCHER’s recovery, but declined to answer questions on the culprit or how they may have accessed the system.

“We now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere in Europe,” the ARCHER website said in an update Wednesday. The statement said the computing service had experienced a “security exploitation” without providing details on the apparent attack. A University of Edinburgh spokesperson told the Register that the “a small number of user accounts” were affected by the incident so far.

The disruption to ARCHER users continues, and the recovery process has been gradual. The supercomputing service said it hopes to be up and running next week, but that depends on results of “diagnostics scans” of the system. Even when the system does get back online, it won’t be running at full tilt. Data transfer and analytics services won’t be available right away, the ARCHER website said.