[AusNOG] RISK - IT Industry - Concern Over Equipment Being, Installed in Data Centre Facilities - Further Replies

Tue Sep 27 12:12:52 EST 2016

Chris + Ausnog,

Seriously guys.  This thread should stop because frankly it's stupid.

1.  If you think the greatest (or significant) risk to network disruption
is the vector you are suggesting, then you lack real imagination
2.  If you don't operate your business without physical separation in your
business continuity plans then you are negligent (read 1)
3.  If you want to keep banging the drum on this specific vector then you
are damaging your credibility (read 1 and 2)
4.  If you, or anyone on this list actually operates infrastructure that is
critical in nature then we chat about these things in responsible forums -
and guess what?  It's not Ausnog.

Move on people - please moderators.  Kill thread.

[b]

On 27 September 2016 at 11:50, chrismacko80 <chrismacko80 at gmail.com> wrote:

> Hi Mark et alii,
>
> I'm unsure if I follow what you mean "You're still over estimating how
> easy these materials are to get in the volumes necessary for the
> attack to be effective". If I read it the way it comes across, I think
> you're saying it's much harder to get the volumes for the attack to be
> effective/pose an issue rather than a threat. To outline a few items,
> I recall times of assisting clients with server installations, at
> times, an individual piece of specialised equipment would weigh up to
> 600kgs, this equipment was never reviewed or checked, it was only
> approximately 10RU in size. This was in the same building as one of
> the ASX data centres located in Melbourne. In addition, in other
> locations, fully populated racks were allowed to be wheeled into
> facilities, again without any checks or scrutiny.
>
> I've seen many gaps of a physical nature in many industries, even the
> lack of physical security even in our agriculture. I was stunned to
> see a water shed around 100m when I stayed in the Barossa Valley at a
> cottage for a weeks' retreat and saw a pesticide shed that added
> chemicals to their dam for what appeared to be the supply of water to
> their grapes and was stunned when the person working that day left the
> door open to the shed, and rarely came back. Councils will not allow
> residents to plant fruit trees in council lands (including verge
> policies) for risk of someone poisoning an individual fruit tree and
> the follow on effect of this, and yet our fruit producers have their
> product available in most cases without fence, it is a little
> surprising.
>
> Itt appears that our agriculture is also a concern, in particular as
> some countries are indeed motivated to affect our liberties and
> somewhat free ways of life. See
> http://medicalfuturist.com/disruptive-technologies-
> bioterrorism/?ct=t(Newsletter_2014_07_177_17_2014).
> Going somewhat off topic, there's even gaps in the physical security
> to the gas supply to the Adelaide AGL power plant, where the two gas
> pipelines leading up to the power plant are clearly visible at points
> and are not monitored via CCTV, the above ground points are not even
> contained within a secure shed. You drive through the roads and if
> you're motivated to find out where the gas pipeline runs, it's not
> that hard to see. You have direct access to the pipeline under the
> bridge to Torrens Island, Adelaide, someone has cut the security mesh
> on the underside of the bridge many years ago, and no one at AGL cared
> that I contacted, I did contact their security office, employees that
> were contacts with us at the time, and also the gas contractor who
> didn't seem to be too bothered about any risks existing. Who really is
> assessing the potential risks of others to damage assets of our
> country? I certainly don't believe they're doing it to a sufficient
> degree given just how in the open things appear to be, and I'm sorry
> for saying this, it may offend some.
>
> On some good news, I came across this article in methods of explosive
> detection which outlines possible ways of achieving scanning
> capabilities, including;
>
>     1.1 Colorimetrics & Automated Colorimetrics
>     1.2 Dogs
>     1.3 Honey bees
>     1.4 Mechanical scent detection
>     1.5 Spectrometry
>     1.6 X-ray machines
>     1.7 Neutron activation
>     1.8 Silicon nanowires for trace detection of explosives
>
> If you're interested to see more, please see
> https://en.wikipedia.org/wiki/Explosive_detection.
>
> Overnight, I woke up with a thought and decided to go back to bed
> think a little more about it. Is it possible the Syrian group I
> mentioned yesterday may also be working on strategies to influence
> programmers in particular in regard to installing filters into an
> individuals mind - as programmers if we see something unusual or
> different, we generally inspect the source code, what if that had
> something harmful present for our mind? If that slush fund is as high
> as has been advised, they certainly have ways of being funded to
> challenge the status quo with developing new potentially harmful
> technology, what other ways could they use the money to influence or
> disrupt other countries? What if source code was written in a way that
> interfaces with our mind to install filters? I don't know if this is
> possible, it's certainly not my area of expertise, however
> programming, hosting, software, risk assessment and security are. Are
> there certain governments that have invested into placing filters into
> our own minds through technological means? We are a massive biological
> computer, has someone or a group found how to interface with it on a
> low level and are testing by trial and error how to interface at a
> higher level? I do understand that this is getting beyond the realms
> of most, and indeed it is beyond my own current knowledge.
>
> Thanks for everyone that replied off list and phone conversations -
> some comments were raised including specialist security meetings on
> this topic and others in government areas of decision making - there's
> lots of invaluable data that you've shared and I can understand why
> you wouldn't want this to be made public - I can see that the issue is
> much larger than I first envisaged.
>
> Chris Macko.
>
> On Tue, Sep 27, 2016 at 8:55 AM, Mark Smith <markzzzsmith at gmail.com>
> wrote:
> > On 26 September 2016 at 23:33, chrismacko80 <chrismacko80 at gmail.com>
> wrote:
> >> Still seem to be getting some emails being blocked via gmail, so have
> >> initiated a seperate thread in replies to all that have been received
> >> to date;
> >>
> >> Thomas Jackson - Thanks for your reply. I find it somewhat odd that we
> >> have bulletproof glass considered at the front entry foyer yet no
> >> process for checking for such harmful substances being wheeled in.
> >> Which poses a more significant threat and likelihood - a data centre
> >> isn't somewhere that you hold up as it doesn't contain any cash in
> >> most cases!
> >>
> >
> > You're still over estimating how easy these materials are to get in
> > the volumes necessary for the attack to be effective. I have some
> > insights as I have a close relative who is licensed by the government
> > to acquire and use these sorts of materials, and I've been present
> > when they've been used.
> >
> > This is not a significant threat.
> >
> > <snip>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160927/ba4f4f4a/attachment.html>