Mar 16 2009

Your datacenter may not be secure enough

Published by at 7:19 am under General,Risk

Just imagine it: your web site is down, you can’t reach the server, you can’t reach the router, the guys at the datacenter aren’t answering the phone, what the heck is going on?  You get in your car and drive down to the datacenter and as you drive up you notice all the police cars in the parking lot.  Walking into your datacenter, you learn that thieves have broken in over night and made off with your hardware as well as that of half a dozen companies in the same datacenter.  Sound too ridiculous to be true?  Last.FM found out last week that steel doors aren’t enough to keep determined criminals from breaking into your datacenter.

Last week a Level 3 datacenter in London was broken into by some very tech savvy criminals. They battered down an external fire escape door, a door to the datacenter floor and the door to Last.fm’s suite.  The thieves were caught as they tried to take Last.fm’s 6500 series router, but had done a lot of damage in the mean time.  And apparently this isn’t the first time that the same datacenter has been broken into.

Level 3 isn’t the only datacenter to fall victim to this type of assault.  Masked thieves broke into a datacenter in Chicago in 2007, and not for the first time.  They’ve assaulted datacenter personnel and broke through walls on separate occasions to steal servers.  If they’d been as smart as the criminals in London, they would have gone for the routers and firewalls, which are pound for pound much more valuable and probably easier to sell on the black market than the servers.

Datacenters may need to step up security measures as criminals begin to realize exactly how valuable the equipment in datacenters is.  Even smarter criminals may realize that while the servers and routers are worth a lot, if they can find servers with credit card information on them, they may be able to hit an even bigger jackpot.  Personally, I have to think that there has to be an insider, whether a datacenter employee or a client, who’s involved with the criminals and telling them what systems to hit.  There’s too many security measures in place to break into a datacenter without some sort of insider knowledge.

Do you visit your datacenter at least annually to review it’s physical security?  If you’re a merchant who’s undergone a PCI assessment, the answer had better be ‘yes’.  But the best physical security you can afford, might not be enough as criminals get bolder.  If they’re willing to break down doors and hold datacenter personell at gun point, there may be nothing you can do but make sure you have a good set of backups and a disaster recovery site at a different datacenter. 

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

4 responses so far

4 Responses to “Your datacenter may not be secure enough”

  1. windexh8eron 16 Mar 2009 at 9:34 am

    Well then good thing my DC is in the ‘cloud’! That means it doesn’t physically exist anywhere, right? 😉

    On a more serious note that’s rather interesting. Definitely agree the network gear is the pot-o-gold, but maybe the attackers were going for IP? Do you think Last.FM has user data or source code that may rake in more than the overly heavy gear? (I can’t imagine trying to run out of a DC with a 65xx). In all reality if they were smart they would have stole the blades, left the PSU and heavy chassis (as those are relatively inexpensive anyway). Sold the supervisors and line cards — which is where the bank is anyway.

    –windexh8er

  2. […] Your datacenter might not be secure enough – Network Security Blog […]

  3. robinon 17 Mar 2009 at 7:50 am

    Good article. It will be interesting to see what Level 3 do to step up the security now.

    Typo, “you’re” not your in para 1.

  4. Aaron Guhlon 18 Mar 2009 at 6:23 am

    Physical security is definately something that I think is overlooked. I think there are ton of companies out there where gaining access to information over the network might be difficult, but they don’t put nearly as much effort into the physical side of it. Gaining access to the physical network would be easy if you new a little bit about the building, etc. But, like you said, there must be an insider that relays some secret info about the building and security measures in place so that they can get around them.

    But I have to think that if the thieves in this case had broken down walls and doors to gain access, it makes you wonder about the lengthes that some thieves are willing to go. How far do you take your security measures knowing that someone is willing to bust through walls to get access to your physical network?!

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: