Could you rob from a server while in the same room?
June 18, 2009 7:45 AM Subscribe
Wrecking havoc/ fiction: How much spying could someone who works for a server farm engage in?
This is for a work of fiction so I'm not looking for a how-to, more I'm looking for a could-do or better still stories of has-been-done. I only know that 'server farms' exist, beyond that, I really haven't that faintest. I want a character to work at(for?)/babysit one and, because he works at night, use the fact that he is alone as an opportunity to engage in a little industrial espionage/ sensitive data theft. Is this feasible?
This is for a work of fiction so I'm not looking for a how-to, more I'm looking for a could-do or better still stories of has-been-done. I only know that 'server farms' exist, beyond that, I really haven't that faintest. I want a character to work at(for?)/babysit one and, because he works at night, use the fact that he is alone as an opportunity to engage in a little industrial espionage/ sensitive data theft. Is this feasible?
Best answer: An infinite amount, even all of it, like the NSA is/was accused of doing.
For plenty of material for character and plot, research or Google these three terms: whistleblower, AT&T, NSA.
You'll find this story hashed infinitium.
posted by foooooogasm at 7:55 AM on June 18, 2009
For plenty of material for character and plot, research or Google these three terms: whistleblower, AT&T, NSA.
You'll find this story hashed infinitium.
posted by foooooogasm at 7:55 AM on June 18, 2009
Best answer: Yes, very feasible. In most cases, especially with server/hosting-rental firms that supply servers to thousands of customers, the team of administrators has root (master) level access to all the machines, or the ability to make such connections "outside the loop" via terminal connections or other means. The security comes from policy (they're not allowed to snoop and they have to log all such access) and very rarely from technology.
Even in environments where the server farm employee doesn't have passwords or theoretical access, means such as FishBike's suggestion would let them sniff/copy any data entering or leaving any given server for a very 'low level' snoop.
It's the same as PC security. The rule of thumb is that physical access (the ability to walk up to a server and touch its cables and hard disks) trumps almost any security/privacy.
Your only plot problem will be the privacy the employee needs to do this, out of sight of people/systems that are monitoring his behavior, and such regular problems as security cameras. The easiest way around that is to conceal your character's access within a real incident. Customer reports a problem, employee investigates and by-the-way installs some sniffing/copying/backdoor software or hardware so they can get back in from home later.
posted by rokusan at 8:00 AM on June 18, 2009
Even in environments where the server farm employee doesn't have passwords or theoretical access, means such as FishBike's suggestion would let them sniff/copy any data entering or leaving any given server for a very 'low level' snoop.
It's the same as PC security. The rule of thumb is that physical access (the ability to walk up to a server and touch its cables and hard disks) trumps almost any security/privacy.
Your only plot problem will be the privacy the employee needs to do this, out of sight of people/systems that are monitoring his behavior, and such regular problems as security cameras. The easiest way around that is to conceal your character's access within a real incident. Customer reports a problem, employee investigates and by-the-way installs some sniffing/copying/backdoor software or hardware so they can get back in from home later.
posted by rokusan at 8:00 AM on June 18, 2009
Best answer: Essentially, If you are at a bit telco hotel and you are peering with a number of major ISP's, you can see large parts of the internet fly right by, in plain text. Email, pictures, html, instant messages, everything. Now, you only get what passes through your node and thats going to be some the traffic between comcast and hurricaine electric and the like.
posted by Freen at 8:03 AM on June 18, 2009
posted by Freen at 8:03 AM on June 18, 2009
Best answer: This is the Electronic Communications Privacy Act of 1996, US CODE Title 18, 2107. If you search for cases, particularly people convicted thereof, you'll hit a goldmine of information.
This is also an excellent source of information re: terminology and law.
posted by foooooogasm at 8:04 AM on June 18, 2009
This is also an excellent source of information re: terminology and law.
posted by foooooogasm at 8:04 AM on June 18, 2009
Best answer: I've audited foreign-owned telecom clients centered around proving to the NSA, DOJ, FBI and other TLAs that equipment that can intercept domestic communications, or divert them outside of the country is secure from tampering. This sort of thing is exceedingly easy to do and it's taken very, very, very seriously. We're talking about man traps and secret clearance and rooms that even auditors can't enter combined with one-time passwords transmitted through automated and secure means and daily log analysis to make sure nothing odd happened.
posted by TheNewWazoo at 8:09 AM on June 18, 2009
posted by TheNewWazoo at 8:09 AM on June 18, 2009
Best answer: Extremely easy and the theft/data analysis can be automated so all he would need is a laptop connected to the network that he could leave there for the day/night. If you want to see an example of this in action I would look up Defcon's Wall of Sheep
posted by metex at 8:47 AM on June 18, 2009
posted by metex at 8:47 AM on June 18, 2009
Best answer: Extremely easy yes. I've had to go to our colo (Colo = co-location, same as server farm) to help our IT guy install some new hardware. Once you get past security at the door, there's an entire floor filled with racks and racks of other people's computers, and zero other people. We were there for maybe two hours and never saw another soul. That's a lot of time for someone to be alone with your hardware.
Some of the racks had metal cages with locking doors erected around them, so maybe your character would need a master key/lockpick to get at them, but that's pretty much the only physical barrier. Once they have access to the hardware its basically impossible to really block a determined thief, especially if you don't encrypt your volumes (very few people do) .
posted by spatula at 10:17 AM on June 18, 2009
Some of the racks had metal cages with locking doors erected around them, so maybe your character would need a master key/lockpick to get at them, but that's pretty much the only physical barrier. Once they have access to the hardware its basically impossible to really block a determined thief, especially if you don't encrypt your volumes (very few people do) .
posted by spatula at 10:17 AM on June 18, 2009
Best answer: At my data center, all the cages are locked, and you need a passcard and a finger print to open a cage as well as enter and exit the floor. When you enter, you go in a kind a airlock thing with weight sensors, so two people can't get in at the same time (you can't kidnap a guy and force him to let you in. Dead fingers don't work.) Additionally, Security patrols the floor every 15 minutes and there are cameras everywhere. I can't get into other people cages, and administration can't get into mine without at least a bit of red tape. Also, according to the sales literature at least, all the building walls are reinforced and all the glass is bulletproof. During the Zombie Apocalypse, I would probably hole up there for a while.
There's a team in the NOC (network operations center) 24/7 as well. I don't think there is ever a time when just one dude would have the run of the place, and even if he did, he'd still have to compromise my servers before being able to steal any data. If anything happens to any of them, someone at my company gets emailed or sent a text message immediately. We'd know if anybody tried to power one off. You could monitor data over the wire if you worked in the NOC, but if we do anything important it is encrypted end to end for precisely that reason.
So... kind of difficult to imagine a rouge datacenter tech trying to steal information in that situation. I agree with everyone else that data theft is easy if you are an admin (or are given admin on a server), but with respect to an outsider, I think it probably depends a lot on environmental factors.
posted by tracert at 11:08 AM on June 18, 2009 [1 favorite]
There's a team in the NOC (network operations center) 24/7 as well. I don't think there is ever a time when just one dude would have the run of the place, and even if he did, he'd still have to compromise my servers before being able to steal any data. If anything happens to any of them, someone at my company gets emailed or sent a text message immediately. We'd know if anybody tried to power one off. You could monitor data over the wire if you worked in the NOC, but if we do anything important it is encrypted end to end for precisely that reason.
So... kind of difficult to imagine a rouge datacenter tech trying to steal information in that situation. I agree with everyone else that data theft is easy if you are an admin (or are given admin on a server), but with respect to an outsider, I think it probably depends a lot on environmental factors.
posted by tracert at 11:08 AM on June 18, 2009 [1 favorite]
Response by poster: The security comes from policy
Well, that's a chilling phrase, though from a plot point of view it is also fortuitous: so are the workers vetted particularly strenuously, I mean like bond/securities couriers are? I'm guessing the answer is no, which is also a touch scary. I think I would go with tracert's provider though - and I would assume any large multinational industrial corporation (such as I had in mind as victim) would do so also.
Thanks everyone for your input - If anyone has any other theft stories I am all ears. The technique this characters uses to steal is only slightly less important that he is stealing and it occurred to me I have no idea if that is even possible.
posted by From Bklyn at 11:54 AM on June 18, 2009
Well, that's a chilling phrase, though from a plot point of view it is also fortuitous: so are the workers vetted particularly strenuously, I mean like bond/securities couriers are? I'm guessing the answer is no, which is also a touch scary. I think I would go with tracert's provider though - and I would assume any large multinational industrial corporation (such as I had in mind as victim) would do so also.
Thanks everyone for your input - If anyone has any other theft stories I am all ears. The technique this characters uses to steal is only slightly less important that he is stealing and it occurred to me I have no idea if that is even possible.
posted by From Bklyn at 11:54 AM on June 18, 2009
Best answer: Like everybody says, the big hurdle in hacking a data center is bypassing the various physical security mechanisms (cameras, locked cages, man traps, patrolling guards). Once you can touch the server itself, it's pretty much game over. Install a keylogger on the keyboard; plug in an autorun USB drive that extracts the database or a USB WiFi card that'll let you back in at your convenience from outside the building; plug a laptop into the LAN & sniff traffic across the local network or attack the machine from an unprotected position.
posted by scalefree at 11:56 AM on June 18, 2009
posted by scalefree at 11:56 AM on June 18, 2009
This thread is closed to new comments.
posted by FishBike at 7:48 AM on June 18, 2009