[AusNOG] RISK - IT Industry - Concern Over Equipment Being, Installed in Data Centre Facilities - Further Replies

Wed Sep 28 01:30:23 EST 2016

God help us all.

...Skeeve

*Skeeve Stevens - Founder & The Architect* - eintellego Networks Pty Ltd
Email: skeeve at eintellegonetworks.com ; Web: eintellegonetworks.com

Cell +61 (0)414 753 383 ; Skype: skeeve ; LinkedIn: /in/skeeve
<http://linkedin.com/in/skeeve> ; Expert360: Profile
<https://expert360.com/profile/d54a9> ; Keybase: https://keybase.io/skeeve

On Tue, Sep 27, 2016 at 12:40 PM, Bevan Slattery <bevan at slattery.net.au>
wrote:

> *facepalm*
>
> On 27 September 2016 at 12:39, chrismacko80 <chrismacko80 at gmail.com>
> wrote:
>
>> B - "I know that I am intelligent, because I know that I know
>> nothing." - Socrates
>>
>> 1. It's not the greatest risk or a significant risk to an individual
>> DC. It is however a non mititigated risk affecting what appears to be
>> the whole global data centre / information housing community, that
>> makes it a significant risk.
>> 2. Physical seperation? Your last DC's at NextDC were approximately
>> 1000m2 per suite, how do you call that physical separation? What
>> damage would be inflicted if even one of your suites was affected? Did
>> any one of your companies scan for any damaging substances? You have
>> Aussie publicly listed firms - do you feel this capability should be
>> within the ASX data centres if they allow other customer equipment to
>> be installed?
>> 3. Read the book Winning Credibility by Matthew Michalewicz, nice guy,
>> had the pleasure of meeting him in person in Adelaide.
>> 4. Actually it has uncovered many items, in particular from guys who
>> have had these concerns to date and have presented to senior levels of
>> decision making within government.
>>
>> Chris.
>>
>> On Tue, Sep 27, 2016 at 11:42 AM, Bevan Slattery <bevan at slattery.net.au>
>> wrote:
>> > Chris + Ausnog,
>> >
>> > Seriously guys.  This thread should stop because frankly it's stupid.
>> >
>> > 1.  If you think the greatest (or significant) risk to network
>> disruption is
>> > the vector you are suggesting, then you lack real imagination
>> > 2.  If you don't operate your business without physical separation in
>> your
>> > business continuity plans then you are negligent (read 1)
>> > 3.  If you want to keep banging the drum on this specific vector then
>> you
>> > are damaging your credibility (read 1 and 2)
>> > 4.  If you, or anyone on this list actually operates infrastructure
>> that is
>> > critical in nature then we chat about these things in responsible
>> forums -
>> > and guess what?  It's not Ausnog.
>> >
>> > Move on people - please moderators.  Kill thread.
>> >
>> > [b]
>> >
>> >
>> >
>> >
>> > On 27 September 2016 at 11:50, chrismacko80 <chrismacko80 at gmail.com>
>> wrote:
>> >>
>> >> Hi Mark et alii,
>> >>
>> >> I'm unsure if I follow what you mean "You're still over estimating how
>> >> easy these materials are to get in the volumes necessary for the
>> >> attack to be effective". If I read it the way it comes across, I think
>> >> you're saying it's much harder to get the volumes for the attack to be
>> >> effective/pose an issue rather than a threat. To outline a few items,
>> >> I recall times of assisting clients with server installations, at
>> >> times, an individual piece of specialised equipment would weigh up to
>> >> 600kgs, this equipment was never reviewed or checked, it was only
>> >> approximately 10RU in size. This was in the same building as one of
>> >> the ASX data centres located in Melbourne. In addition, in other
>> >> locations, fully populated racks were allowed to be wheeled into
>> >> facilities, again without any checks or scrutiny.
>> >>
>> >> I've seen many gaps of a physical nature in many industries, even the
>> >> lack of physical security even in our agriculture. I was stunned to
>> >> see a water shed around 100m when I stayed in the Barossa Valley at a
>> >> cottage for a weeks' retreat and saw a pesticide shed that added
>> >> chemicals to their dam for what appeared to be the supply of water to
>> >> their grapes and was stunned when the person working that day left the
>> >> door open to the shed, and rarely came back. Councils will not allow
>> >> residents to plant fruit trees in council lands (including verge
>> >> policies) for risk of someone poisoning an individual fruit tree and
>> >> the follow on effect of this, and yet our fruit producers have their
>> >> product available in most cases without fence, it is a little
>> >> surprising.
>> >>
>> >> Itt appears that our agriculture is also a concern, in particular as
>> >> some countries are indeed motivated to affect our liberties and
>> >> somewhat free ways of life. See
>> >>
>> >> http://medicalfuturist.com/disruptive-technologies-bioterror
>> ism/?ct=t(Newsletter_2014_07_177_17_2014).
>> >> Going somewhat off topic, there's even gaps in the physical security
>> >> to the gas supply to the Adelaide AGL power plant, where the two gas
>> >> pipelines leading up to the power plant are clearly visible at points
>> >> and are not monitored via CCTV, the above ground points are not even
>> >> contained within a secure shed. You drive through the roads and if
>> >> you're motivated to find out where the gas pipeline runs, it's not
>> >> that hard to see. You have direct access to the pipeline under the
>> >> bridge to Torrens Island, Adelaide, someone has cut the security mesh
>> >> on the underside of the bridge many years ago, and no one at AGL cared
>> >> that I contacted, I did contact their security office, employees that
>> >> were contacts with us at the time, and also the gas contractor who
>> >> didn't seem to be too bothered about any risks existing. Who really is
>> >> assessing the potential risks of others to damage assets of our
>> >> country? I certainly don't believe they're doing it to a sufficient
>> >> degree given just how in the open things appear to be, and I'm sorry
>> >> for saying this, it may offend some.
>> >>
>> >> On some good news, I came across this article in methods of explosive
>> >> detection which outlines possible ways of achieving scanning
>> >> capabilities, including;
>> >>
>> >>     1.1 Colorimetrics & Automated Colorimetrics
>> >>     1.2 Dogs
>> >>     1.3 Honey bees
>> >>     1.4 Mechanical scent detection
>> >>     1.5 Spectrometry
>> >>     1.6 X-ray machines
>> >>     1.7 Neutron activation
>> >>     1.8 Silicon nanowires for trace detection of explosives
>> >>
>> >> If you're interested to see more, please see
>> >> https://en.wikipedia.org/wiki/Explosive_detection.
>> >>
>> >> Overnight, I woke up with a thought and decided to go back to bed
>> >> think a little more about it. Is it possible the Syrian group I
>> >> mentioned yesterday may also be working on strategies to influence
>> >> programmers in particular in regard to installing filters into an
>> >> individuals mind - as programmers if we see something unusual or
>> >> different, we generally inspect the source code, what if that had
>> >> something harmful present for our mind? If that slush fund is as high
>> >> as has been advised, they certainly have ways of being funded to
>> >> challenge the status quo with developing new potentially harmful
>> >> technology, what other ways could they use the money to influence or
>> >> disrupt other countries? What if source code was written in a way that
>> >> interfaces with our mind to install filters? I don't know if this is
>> >> possible, it's certainly not my area of expertise, however
>> >> programming, hosting, software, risk assessment and security are. Are
>> >> there certain governments that have invested into placing filters into
>> >> our own minds through technological means? We are a massive biological
>> >> computer, has someone or a group found how to interface with it on a
>> >> low level and are testing by trial and error how to interface at a
>> >> higher level? I do understand that this is getting beyond the realms
>> >> of most, and indeed it is beyond my own current knowledge.
>> >>
>> >> Thanks for everyone that replied off list and phone conversations -
>> >> some comments were raised including specialist security meetings on
>> >> this topic and others in government areas of decision making - there's
>> >> lots of invaluable data that you've shared and I can understand why
>> >> you wouldn't want this to be made public - I can see that the issue is
>> >> much larger than I first envisaged.
>> >>
>> >> Chris Macko.
>> >>
>> >> On Tue, Sep 27, 2016 at 8:55 AM, Mark Smith <markzzzsmith at gmail.com>
>> >> wrote:
>> >> > On 26 September 2016 at 23:33, chrismacko80 <chrismacko80 at gmail.com>
>> >> > wrote:
>> >> >> Still seem to be getting some emails being blocked via gmail, so
>> have
>> >> >> initiated a seperate thread in replies to all that have been
>> received
>> >> >> to date;
>> >> >>
>> >> >> Thomas Jackson - Thanks for your reply. I find it somewhat odd that
>> we
>> >> >> have bulletproof glass considered at the front entry foyer yet no
>> >> >> process for checking for such harmful substances being wheeled in.
>> >> >> Which poses a more significant threat and likelihood - a data centre
>> >> >> isn't somewhere that you hold up as it doesn't contain any cash in
>> >> >> most cases!
>> >> >>
>> >> >
>> >> > You're still over estimating how easy these materials are to get in
>> >> > the volumes necessary for the attack to be effective. I have some
>> >> > insights as I have a close relative who is licensed by the government
>> >> > to acquire and use these sorts of materials, and I've been present
>> >> > when they've been used.
>> >> >
>> >> > This is not a significant threat.
>> >> >
>> >> > <snip>
>> >> _______________________________________________
>> >> AusNOG mailing list
>> >> AusNOG at lists.ausnog.net
>> >> http://lists.ausnog.net/mailman/listinfo/ausnog
>> >
>> >
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160928/b2a33da9/attachment-0001.html>