Could you rob from a server while in the same room?
June 18, 2009 7:45 AM   Subscribe

It's extremely feasible. For example if this fictional employee has access to administrate switches, they could set up port monitoring and forward copies of all traffic to/from a server to their laptop. From there they could scan it for unencrypted passwords, e-mails going back and forth between organizations, and that type of thing.
posted by FishBike at 7:48 AM on June 18

An infinite amount, even all of it, like the NSA is/was accused of doing.

For plenty of material for character and plot, research or Google these three terms: whistleblower, AT&T, NSA.

You'll find this story hashed infinitium.
posted by foooooogasm at 7:55 AM on June 18

Yes, very feasible. In most cases, especially with server/hosting-rental firms that supply servers to thousands of customers, the team of administrators has root (master) level access to all the machines, or the ability to make such connections "outside the loop" via terminal connections or other means. The security comes from policy (they're not allowed to snoop and they have to log all such access) and very rarely from technology.

Even in environments where the server farm employee doesn't have passwords or theoretical access, means such as FishBike's suggestion would let them sniff/copy any data entering or leaving any given server for a very 'low level' snoop.

It's the same as PC security. The rule of thumb is that physical access (the ability to walk up to a server and touch its cables and hard disks) trumps almost any security/privacy.

Your only plot problem will be the privacy the employee needs to do this, out of sight of people/systems that are monitoring his behavior, and such regular problems as security cameras. The easiest way around that is to conceal your character's access within a real incident. Customer reports a problem, employee investigates and by-the-way installs some sniffing/copying/backdoor software or hardware so they can get back in from home later.
posted by rokusan at 8:00 AM on June 18

Essentially, If you are at a bit telco hotel and you are peering with a number of major ISP's, you can see large parts of the internet fly right by, in plain text. Email, pictures, html, instant messages, everything. Now, you only get what passes through your node and thats going to be some the traffic between comcast and hurricaine electric and the like.
posted by Freen at 8:03 AM on June 18

This is the Electronic Communications Privacy Act of 1996, US CODE Title 18, 2107. If you search for cases, particularly people convicted thereof, you'll hit a goldmine of information.

This is also an excellent source of information re: terminology and law.
posted by foooooogasm at 8:04 AM on June 18

I've audited foreign-owned telecom clients centered around proving to the NSA, DOJ, FBI and other TLAs that equipment that can intercept domestic communications, or divert them outside of the country is secure from tampering. This sort of thing is exceedingly easy to do and it's taken very, very, very seriously. We're talking about man traps and secret clearance and rooms that even auditors can't enter combined with one-time passwords transmitted through automated and secure means and daily log analysis to make sure nothing odd happened.
posted by TheNewWazoo at 8:09 AM on June 18

Extremely easy and the theft/data analysis can be automated so all he would need is a laptop connected to the network that he could leave there for the day/night. If you want to see an example of this in action I would look up Defcon's Wall of Sheep
posted by metex at 8:47 AM on June 18

Extremely easy yes. I've had to go to our colo (Colo = co-location, same as server farm) to help our IT guy install some new hardware. Once you get past security at the door, there's an entire floor filled with racks and racks of other people's computers, and zero other people. We were there for maybe two hours and never saw another soul. That's a lot of time for someone to be alone with your hardware.

Some of the racks had metal cages with locking doors erected around them, so maybe your character would need a master key/lockpick to get at them, but that's pretty much the only physical barrier. Once they have access to the hardware its basically impossible to really block a determined thief, especially if you don't encrypt your volumes (very few people do) .
posted by spatula at 10:17 AM on June 18

At my data center, all the cages are locked, and you need a passcard and a finger print to open a cage as well as enter and exit the floor. When you enter, you go in a kind a airlock thing with weight sensors, so two people can't get in at the same time (you can't kidnap a guy and force him to let you in. Dead fingers don't work.) Additionally, Security patrols the floor every 15 minutes and there are cameras everywhere. I can't get into other people cages, and administration can't get into mine without at least a bit of red tape. Also, according to the sales literature at least, all the building walls are reinforced and all the glass is bulletproof. During the Zombie Apocalypse, I would probably hole up there for a while.

There's a team in the NOC (network operations center) 24/7 as well. I don't think there is ever a time when just one dude would have the run of the place, and even if he did, he'd still have to compromise my servers before being able to steal any data. If anything happens to any of them, someone at my company gets emailed or sent a text message immediately. We'd know if anybody tried to power one off. You could monitor data over the wire if you worked in the NOC, but if we do anything important it is encrypted end to end for precisely that reason.

So... kind of difficult to imagine a rouge datacenter tech trying to steal information in that situation. I agree with everyone else that data theft is easy if you are an admin (or are given admin on a server), but with respect to an outsider, I think it probably depends a lot on environmental factors.
posted by tracert at 11:08 AM on June 18 [1 favorite]

Like everybody says, the big hurdle in hacking a data center is bypassing the various physical security mechanisms (cameras, locked cages, man traps, patrolling guards). Once you can touch the server itself, it's pretty much game over. Install a keylogger on the keyboard; plug in an autorun USB drive that extracts the database or a USB WiFi card that'll let you back in at your convenience from outside the building; plug a laptop into the LAN & sniff traffic across the local network or attack the machine from an unprotected position.
posted by scalefree at 11:56 AM on June 18