[AusNOG] RISK - IT Industry - Concern Over Equipment Being, Installed in Data Centre Facilities - Further Replies

Bevan Slattery bevan at slattery.net.au
Tue Sep 27 12:40:48 EST 2016 

*facepalm*

On 27 September 2016 at 12:39, chrismacko80 <chrismacko80 at gmail.com> wrote:

> B - "I know that I am intelligent, because I know that I know
> nothing." - Socrates
>
> 1. It's not the greatest risk or a significant risk to an individual
> DC. It is however a non mititigated risk affecting what appears to be
> the whole global data centre / information housing community, that
> makes it a significant risk.
> 2. Physical seperation? Your last DC's at NextDC were approximately
> 1000m2 per suite, how do you call that physical separation? What
> damage would be inflicted if even one of your suites was affected? Did
> any one of your companies scan for any damaging substances? You have
> Aussie publicly listed firms - do you feel this capability should be
> within the ASX data centres if they allow other customer equipment to
> be installed?
> 3. Read the book Winning Credibility by Matthew Michalewicz, nice guy,
> had the pleasure of meeting him in person in Adelaide.
> 4. Actually it has uncovered many items, in particular from guys who
> have had these concerns to date and have presented to senior levels of
> decision making within government.
>
> Chris.
>
> On Tue, Sep 27, 2016 at 11:42 AM, Bevan Slattery <bevan at slattery.net.au>
> wrote:
> > Chris + Ausnog,
> >
> > Seriously guys.  This thread should stop because frankly it's stupid.
> >
> > 1.  If you think the greatest (or significant) risk to network
> disruption is
> > the vector you are suggesting, then you lack real imagination
> > 2.  If you don't operate your business without physical separation in
> your
> > business continuity plans then you are negligent (read 1)
> > 3.  If you want to keep banging the drum on this specific vector then you
> > are damaging your credibility (read 1 and 2)
> > 4.  If you, or anyone on this list actually operates infrastructure that
> is
> > critical in nature then we chat about these things in responsible forums
> -
> > and guess what?  It's not Ausnog.
> >
> > Move on people - please moderators.  Kill thread.
> >
> > [b]
> >
> >
> >
> >
> > On 27 September 2016 at 11:50, chrismacko80 <chrismacko80 at gmail.com>
> wrote:
> >>
> >> Hi Mark et alii,
> >>
> >> I'm unsure if I follow what you mean "You're still over estimating how
> >> easy these materials are to get in the volumes necessary for the
> >> attack to be effective". If I read it the way it comes across, I think
> >> you're saying it's much harder to get the volumes for the attack to be
> >> effective/pose an issue rather than a threat. To outline a few items,
> >> I recall times of assisting clients with server installations, at
> >> times, an individual piece of specialised equipment would weigh up to
> >> 600kgs, this equipment was never reviewed or checked, it was only
> >> approximately 10RU in size. This was in the same building as one of
> >> the ASX data centres located in Melbourne. In addition, in other
> >> locations, fully populated racks were allowed to be wheeled into
> >> facilities, again without any checks or scrutiny.
> >>
> >> I've seen many gaps of a physical nature in many industries, even the
> >> lack of physical security even in our agriculture. I was stunned to
> >> see a water shed around 100m when I stayed in the Barossa Valley at a
> >> cottage for a weeks' retreat and saw a pesticide shed that added
> >> chemicals to their dam for what appeared to be the supply of water to
> >> their grapes and was stunned when the person working that day left the
> >> door open to the shed, and rarely came back. Councils will not allow
> >> residents to plant fruit trees in council lands (including verge
> >> policies) for risk of someone poisoning an individual fruit tree and
> >> the follow on effect of this, and yet our fruit producers have their
> >> product available in most cases without fence, it is a little
> >> surprising.
> >>
> >> Itt appears that our agriculture is also a concern, in particular as
> >> some countries are indeed motivated to affect our liberties and
> >> somewhat free ways of life. See
> >>
> >> http://medicalfuturist.com/disruptive-technologies-
> bioterrorism/?ct=t(Newsletter_2014_07_177_17_2014).
> >> Going somewhat off topic, there's even gaps in the physical security
> >> to the gas supply to the Adelaide AGL power plant, where the two gas
> >> pipelines leading up to the power plant are clearly visible at points
> >> and are not monitored via CCTV, the above ground points are not even
> >> contained within a secure shed. You drive through the roads and if
> >> you're motivated to find out where the gas pipeline runs, it's not
> >> that hard to see. You have direct access to the pipeline under the
> >> bridge to Torrens Island, Adelaide, someone has cut the security mesh
> >> on the underside of the bridge many years ago, and no one at AGL cared
> >> that I contacted, I did contact their security office, employees that
> >> were contacts with us at the time, and also the gas contractor who
> >> didn't seem to be too bothered about any risks existing. Who really is
> >> assessing the potential risks of others to damage assets of our
> >> country? I certainly don't believe they're doing it to a sufficient
> >> degree given just how in the open things appear to be, and I'm sorry
> >> for saying this, it may offend some.
> >>
> >> On some good news, I came across this article in methods of explosive
> >> detection which outlines possible ways of achieving scanning
> >> capabilities, including;
> >>
> >>     1.1 Colorimetrics & Automated Colorimetrics
> >>     1.2 Dogs
> >>     1.3 Honey bees
> >>     1.4 Mechanical scent detection
> >>     1.5 Spectrometry
> >>     1.6 X-ray machines
> >>     1.7 Neutron activation
> >>     1.8 Silicon nanowires for trace detection of explosives
> >>
> >> If you're interested to see more, please see
> >> https://en.wikipedia.org/wiki/Explosive_detection.
> >>
> >> Overnight, I woke up with a thought and decided to go back to bed
> >> think a little more about it. Is it possible the Syrian group I
> >> mentioned yesterday may also be working on strategies to influence
> >> programmers in particular in regard to installing filters into an
> >> individuals mind - as programmers if we see something unusual or
> >> different, we generally inspect the source code, what if that had
> >> something harmful present for our mind? If that slush fund is as high
> >> as has been advised, they certainly have ways of being funded to
> >> challenge the status quo with developing new potentially harmful
> >> technology, what other ways could they use the money to influence or
> >> disrupt other countries? What if source code was written in a way that
> >> interfaces with our mind to install filters? I don't know if this is
> >> possible, it's certainly not my area of expertise, however
> >> programming, hosting, software, risk assessment and security are. Are
> >> there certain governments that have invested into placing filters into
> >> our own minds through technological means? We are a massive biological
> >> computer, has someone or a group found how to interface with it on a
> >> low level and are testing by trial and error how to interface at a
> >> higher level? I do understand that this is getting beyond the realms
> >> of most, and indeed it is beyond my own current knowledge.
> >>
> >> Thanks for everyone that replied off list and phone conversations -
> >> some comments were raised including specialist security meetings on
> >> this topic and others in government areas of decision making - there's
> >> lots of invaluable data that you've shared and I can understand why
> >> you wouldn't want this to be made public - I can see that the issue is
> >> much larger than I first envisaged.
> >>
> >> Chris Macko.
> >>
> >> On Tue, Sep 27, 2016 at 8:55 AM, Mark Smith <markzzzsmith at gmail.com>
> >> wrote:
> >> > On 26 September 2016 at 23:33, chrismacko80 <chrismacko80 at gmail.com>
> >> > wrote:
> >> >> Still seem to be getting some emails being blocked via gmail, so have
> >> >> initiated a seperate thread in replies to all that have been received
> >> >> to date;
> >> >>
> >> >> Thomas Jackson - Thanks for your reply. I find it somewhat odd that
> we
> >> >> have bulletproof glass considered at the front entry foyer yet no
> >> >> process for checking for such harmful substances being wheeled in.
> >> >> Which poses a more significant threat and likelihood - a data centre
> >> >> isn't somewhere that you hold up as it doesn't contain any cash in
> >> >> most cases!
> >> >>
> >> >
> >> > You're still over estimating how easy these materials are to get in
> >> > the volumes necessary for the attack to be effective. I have some
> >> > insights as I have a close relative who is licensed by the government
> >> > to acquire and use these sorts of materials, and I've been present
> >> > when they've been used.
> >> >
> >> > This is not a significant threat.
> >> >
> >> > <snip>
> >> _______________________________________________
> >> AusNOG mailing list
> >> AusNOG at lists.ausnog.net
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160927/c2d101b2/attachment.html>

More information about the AusNOG mailing list