The FCCN and Universities Breach

A major cybersecurity incident that shook Portuguese academic and corporate networks (2002-2004)

Major Incident
2002-2004
Academic Networks
Corporate Targets
Incident Overview
Widespread breaches across Portuguese institutions

Between 2002 and 2004, two unidentified Portuguese hackers carried out a series of high-profile breaches that targeted academic institutions and corporate entities in Portugal. This incident stands out due to its scope, the sophisticated methods employed, and the lasting impact on cybersecurity practices in the country.

Primary Targets

  • Foundation for National Scientific Computation (FCCN)
  • Multiple Portuguese universities
  • 'Centopeia' cluster at the University of Coimbra
  • A.M. Gonçalves (corporate target)
  • Salvador Caetano (Portuguese Toyota distributor)

Technical Details

  • Custom reverse ICMP backdoor developed by the hackers
  • Persistent access maintained across multiple systems
  • Targeted both academic high-performance computing and corporate databases
Incident Timeline
2002
FCCN Breach Begins
Two Portuguese hackers gain access to the Foundation for National Scientific Computation (FCCN)
2002-2004
Widespread University Breaches
Multiple Portuguese universities compromised, including the 'Centopeia' cluster at the University of Coimbra
2002-2004
Corporate Breaches
Database servers of A.M. Gonçalves and Salvador Caetano (Portuguese Toyota distributor) compromised
2004
Hackers Disappear
The two hackers responsible for these breaches vanish from the hacking scene
The ICMP Backdoor

The hackers developed and deployed a sophisticated reverse ICMP backdoor, which was instrumental in maintaining persistent access to compromised systems. This backdoor was particularly notable for several reasons:

  • Utilized ICMP (Internet Control Message Protocol) for covert communication
  • Reverse connection made it difficult to detect and block
  • Allowed remote access and control of compromised systems
  • Rumored to have remained active long after the initial breaches

The use of ICMP for the backdoor was a clever choice, as this protocol is often overlooked in network security monitoring, allowing the hackers to maintain access without triggering typical intrusion detection systems.

Impact and Legacy

The FCCN and Universities Breach had significant implications for cybersecurity in Portugal:

  • Exposed vulnerabilities in academic and research networks
  • Highlighted the need for improved security in high-performance computing environments
  • Demonstrated the potential for long-term, undetected access to critical systems
  • Led to increased scrutiny of ICMP traffic in network security practices
  • Prompted a reevaluation of cybersecurity measures in Portuguese institutions
  • Contributed to the development of more robust incident response procedures

The sudden disappearance of the hackers in 2004 left many questions unanswered and fueled speculation about their identities and motivations. This incident remains a significant chapter in Portuguese hacking history, serving as a cautionary tale about the importance of comprehensive cybersecurity measures.