[AusNOG] RISK - IT Industry - Concern Over Equipment Being, Installed in Data Centre Facilities - Further Replies

Skeeve Stevens skeeve+ausnog at eintellegonetworks.com
Wed Sep 28 01:24:27 EST 2016


+1


...Skeeve

*Skeeve Stevens - Founder & The Architect* - eintellego Networks Pty Ltd
Email: skeeve at eintellegonetworks.com ; Web: eintellegonetworks.com

Cell +61 (0)414 753 383 ; Skype: skeeve ; LinkedIn: /in/skeeve
<http://linkedin.com/in/skeeve> ; Expert360: Profile
<https://expert360.com/profile/d54a9> ; Keybase: https://keybase.io/skeeve

On Tue, Sep 27, 2016 at 12:12 PM, Bevan Slattery <bevan at slattery.net.au>
wrote:

> Chris + Ausnog,
>
> Seriously guys.  This thread should stop because frankly it's stupid.
>
> 1.  If you think the greatest (or significant) risk to network disruption
> is the vector you are suggesting, then you lack real imagination
> 2.  If you don't operate your business without physical separation in your
> business continuity plans then you are negligent (read 1)
> 3.  If you want to keep banging the drum on this specific vector then you
> are damaging your credibility (read 1 and 2)
> 4.  If you, or anyone on this list actually operates infrastructure that
> is critical in nature then we chat about these things in responsible forums
> - and guess what?  It's not Ausnog.
>
> Move on people - please moderators.  Kill thread.
>
> [b]
>
>
>
>
> On 27 September 2016 at 11:50, chrismacko80 <chrismacko80 at gmail.com>
> wrote:
>
>> Hi Mark et alii,
>>
>> I'm unsure if I follow what you mean "You're still over estimating how
>> easy these materials are to get in the volumes necessary for the
>> attack to be effective". If I read it the way it comes across, I think
>> you're saying it's much harder to get the volumes for the attack to be
>> effective/pose an issue rather than a threat. To outline a few items,
>> I recall times of assisting clients with server installations, at
>> times, an individual piece of specialised equipment would weigh up to
>> 600kgs, this equipment was never reviewed or checked, it was only
>> approximately 10RU in size. This was in the same building as one of
>> the ASX data centres located in Melbourne. In addition, in other
>> locations, fully populated racks were allowed to be wheeled into
>> facilities, again without any checks or scrutiny.
>>
>> I've seen many gaps of a physical nature in many industries, even the
>> lack of physical security even in our agriculture. I was stunned to
>> see a water shed around 100m when I stayed in the Barossa Valley at a
>> cottage for a weeks' retreat and saw a pesticide shed that added
>> chemicals to their dam for what appeared to be the supply of water to
>> their grapes and was stunned when the person working that day left the
>> door open to the shed, and rarely came back. Councils will not allow
>> residents to plant fruit trees in council lands (including verge
>> policies) for risk of someone poisoning an individual fruit tree and
>> the follow on effect of this, and yet our fruit producers have their
>> product available in most cases without fence, it is a little
>> surprising.
>>
>> Itt appears that our agriculture is also a concern, in particular as
>> some countries are indeed motivated to affect our liberties and
>> somewhat free ways of life. See
>> http://medicalfuturist.com/disruptive-technologies-bioterror
>> ism/?ct=t(Newsletter_2014_07_177_17_2014).
>> Going somewhat off topic, there's even gaps in the physical security
>> to the gas supply to the Adelaide AGL power plant, where the two gas
>> pipelines leading up to the power plant are clearly visible at points
>> and are not monitored via CCTV, the above ground points are not even
>> contained within a secure shed. You drive through the roads and if
>> you're motivated to find out where the gas pipeline runs, it's not
>> that hard to see. You have direct access to the pipeline under the
>> bridge to Torrens Island, Adelaide, someone has cut the security mesh
>> on the underside of the bridge many years ago, and no one at AGL cared
>> that I contacted, I did contact their security office, employees that
>> were contacts with us at the time, and also the gas contractor who
>> didn't seem to be too bothered about any risks existing. Who really is
>> assessing the potential risks of others to damage assets of our
>> country? I certainly don't believe they're doing it to a sufficient
>> degree given just how in the open things appear to be, and I'm sorry
>> for saying this, it may offend some.
>>
>> On some good news, I came across this article in methods of explosive
>> detection which outlines possible ways of achieving scanning
>> capabilities, including;
>>
>>     1.1 Colorimetrics & Automated Colorimetrics
>>     1.2 Dogs
>>     1.3 Honey bees
>>     1.4 Mechanical scent detection
>>     1.5 Spectrometry
>>     1.6 X-ray machines
>>     1.7 Neutron activation
>>     1.8 Silicon nanowires for trace detection of explosives
>>
>> If you're interested to see more, please see
>> https://en.wikipedia.org/wiki/Explosive_detection.
>>
>> Overnight, I woke up with a thought and decided to go back to bed
>> think a little more about it. Is it possible the Syrian group I
>> mentioned yesterday may also be working on strategies to influence
>> programmers in particular in regard to installing filters into an
>> individuals mind - as programmers if we see something unusual or
>> different, we generally inspect the source code, what if that had
>> something harmful present for our mind? If that slush fund is as high
>> as has been advised, they certainly have ways of being funded to
>> challenge the status quo with developing new potentially harmful
>> technology, what other ways could they use the money to influence or
>> disrupt other countries? What if source code was written in a way that
>> interfaces with our mind to install filters? I don't know if this is
>> possible, it's certainly not my area of expertise, however
>> programming, hosting, software, risk assessment and security are. Are
>> there certain governments that have invested into placing filters into
>> our own minds through technological means? We are a massive biological
>> computer, has someone or a group found how to interface with it on a
>> low level and are testing by trial and error how to interface at a
>> higher level? I do understand that this is getting beyond the realms
>> of most, and indeed it is beyond my own current knowledge.
>>
>> Thanks for everyone that replied off list and phone conversations -
>> some comments were raised including specialist security meetings on
>> this topic and others in government areas of decision making - there's
>> lots of invaluable data that you've shared and I can understand why
>> you wouldn't want this to be made public - I can see that the issue is
>> much larger than I first envisaged.
>>
>> Chris Macko.
>>
>> On Tue, Sep 27, 2016 at 8:55 AM, Mark Smith <markzzzsmith at gmail.com>
>> wrote:
>> > On 26 September 2016 at 23:33, chrismacko80 <chrismacko80 at gmail.com>
>> wrote:
>> >> Still seem to be getting some emails being blocked via gmail, so have
>> >> initiated a seperate thread in replies to all that have been received
>> >> to date;
>> >>
>> >> Thomas Jackson - Thanks for your reply. I find it somewhat odd that we
>> >> have bulletproof glass considered at the front entry foyer yet no
>> >> process for checking for such harmful substances being wheeled in.
>> >> Which poses a more significant threat and likelihood - a data centre
>> >> isn't somewhere that you hold up as it doesn't contain any cash in
>> >> most cases!
>> >>
>> >
>> > You're still over estimating how easy these materials are to get in
>> > the volumes necessary for the attack to be effective. I have some
>> > insights as I have a close relative who is licensed by the government
>> > to acquire and use these sorts of materials, and I've been present
>> > when they've been used.
>> >
>> > This is not a significant threat.
>> >
>> > <snip>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160928/2e93f6ff/attachment.html>


More information about the AusNOG mailing list