Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is it Just Me, Or Is Our Mainframe Missing?

Posted by timothy on from the or-is-it-an-ibm-commercial dept.

xnuandax writes "Here's a salient lesson for those system security personnel who spend their time fretting over the theoretical crack-ability of their 1024 bit encryption keys. Australian Customs have recently suffered a rather unfortunate set back in their "War Against Terror" with the admission that two of their secure mainframe servers have been wheeled out of the building by persons unknown. I'll bet my $2 that the root password on those boxes was 'trustno1'."

13 of 606 comments (clear)

  1. Those pesky Pakistani-Indian-Arabians! by balthan · · Score: 5, Insightful

    Let this be a lesson...

    When you're caught being grossly negligent and incompetant, blame terrorists.

  2. simple security procedures by erfmuffin · · Score: 5, Insightful
    .. bah.. bloody idiots. And I bet these are the same people that call me up and expect me to tell them their passwords over the phone and then get pissed off because I want their details..

    Simple security procedures.

    Didn't anyone learn anything from losers like Kevin Mitnick?

    --
    Deography Photoblog
    1. Re:simple security procedures by 1lus10n · · Score: 5, Insightful

      Didn't anyone learn anything from losers like Kevin Mitnick?

      Nope. if they did social engineering wouldnt be as easy as it is, and believe me it is EASY. i work for an outsourcing company (3000 employees, dual OC 192 connections, and two brand new V880's) and they dont employ ONE security person, they have no security policy. and we are doing work for some of the top companies in the telecom/datacom industry. amusing from my perspective anyway.

      --
      "Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
  3. Re:I bet I know where those machines are... by gregfortune · · Score: 4, Insightful

    As the article states, they were likely after information, not hardware. It's likely that hardware will be destroyed after the info is sucked off of it.

  4. Biggest security hole in any corporation... by silverhalide · · Score: 5, Insightful

    This just reminds us what the greatest risks are to any secure system: social engineering and inside men. If you look authoritative and dress up in a serviceman's outfit, very few people will question your actions. You can steal furniture, computers, machinery, tools, whatever by just looking important. By imporsonating a sysadmin on the phone, you can easily talk passwords out of gullible people. With a fake service order "signed" by the right people, the odds are endless.

    On the same note, people inside an organization are often responsible for hacks, stolen information, and other things since they have the keys already!

    It just goes to show the weakest portion of any system is the people.

  5. No official BS by jsse · · Score: 5, Insightful

    The Australian Customs Service has admitted the security blunder, but told customs officers in an email that no sensitive operational information was lost.

    As we can see it's a well-planned action, and there's almost no way to sell the two mainframe for good profit. The major cost center of a mainframe lies mainly in the operational and maintanence, which are not applicable to stolen hardware.

    Obviously, their target is the data within. If the authority do not start investigating what information the thieves are looking for and the possible use of the information within the stolen hw, the consequence might be very serious.

    No more official BS. Do something before too late.

    1. Re:No official BS by wagemonkey · · Score: 5, Insightful
      They weren't mainframes, they were servers.

      1) If it was a mainframe there'd be no point stealing the CPU, there's no hard drives in it, you need to take the DASD.
      2) If it was a mainframe CPU and/or DASD 2 guys couldn't hack it - you'd need a crane or possibly a forklift- if it's a small box. They are big+heavy.
      3) Of course the bigger mainframes are water cooled as so they'd need more time for the plumbing or someone would have noticed the leaks...

      The article says they were let into the mainframe room and put the computers on trolleys, then later they refer to "mainframe servers". It doesn't add up-what a surprise the reporting is vague.

      Still, in my opinion (fwiw) the most likely thing stolen is big HP/IBM/DELL servers. These are often put in mainframe rooms to take advantage of the (ha!) physical security, air-con and halon systems. You'd also be a lot more confident of being able to actually hack in to one of these, without the dedicated power supply and other costs you mentioned.

  6. Mainframes or file servers? by klevin · · Score: 5, Insightful

    If, as described, they were actual mainframes, the Customs people's statement that no sensitive info was lost/stolen might not be too far from the truth. In servers & other high end systems, it's not uncommon for the hard drives in the computer to contain only the OS & applications. The data used/created by the applications would be on a RAID attached to the computer. If that was the setup of the systems, the only actual data would system passwords and possibly temp data currently in use at the time of shutdown.

    If, however, one or more of the systems was a RAID or some such data storage system, then the Custom's people are (as expected) lying through their teeth. The next question would be whether or not some form of encryption was in use (fs or application level).

  7. This means that by poemofatic · · Score: 4, Insightful

    to access your data, I have to know your publicly available ID and I have to have access to the phone in your (unlocked) cubicle.

    How well does your company pay their cleaning/janitorial staff? Suppose a coworker went into your cubicle and called IT from your phone -- how would security find out who did it?

    I would assume that they would need to see your ID (as well as you) before resetting your password. If that is too burdensome, then have a system in which you contact your manager or HR. One of these can then log in through a secure connection and file a password reset request with your ID to the remote IT support site. The fact that they are logged in (with their password) at least ensures there is a starting point for an audit, and the odds of impersonation are less likely.

    --

    When in doubt, have a man come through a door with a gun in his hand.

    1. Re:This means that by Jerf · · Score: 4, Insightful

      to access your data, I have to know your publicly available ID and I have to have access to the phone in your (unlocked) cubicle. etc. etc. etc.

      He didn't claim his security was perfect. There's always a way around security; mere existance of a way around it does not automatically mean its worthless. It raises the bar, I'd bet money it provides a paper trail, and as long as the employee isn't on vacation, the employee will detect it when they try to login next and can't because the password changed. (Detection isn't instant but should average less then a day.)

      I post this because this is one of the common mistakes made in security, not doing a risk analysis and just assuming you need "more". I strongly suspect that unless the grandparent poster is working for the NSA, that they've successfully raised the bar past what anybody who cares can hurdle. Spending more on a more restrictive regime would just be a waste of money.

  8. Re:Mainframe repairmen! by 1u3hr · · Score: 5, Insightful
    Read the article. It states that the theives were likely after information instead of hardware.

    The article "states" that, but how does anyone know? The thieves didn't give any interviews.

  9. Outsourcing and security by Badgerman · · Score: 4, Insightful

    They presented themselves to the security desk as technicians sent by Electronic Data Systems, the outsourced customs computer services provider which regularly sends people to work on computers after normal office hours.

    Another reason you should be damn careful about how you outsource, who you outsource with, and the security involved. People need to know who they're really dealing with and how to check.

    --
    "The Sage treasures Unity and measures all things by it" - Lao Tzu
  10. Experience in post 9/11 NYC by Halo- · · Score: 4, Insightful

    I had to visit the data center for a major financial center in Jersey City, NJ shortly after WTC. (A lot of the big iron is across the river from Manhattan... for price reasons more than security) Because of the sudden lack of available downtown office space, every available empty space in Jersey City was suddenly rented out.

    So... I walked into see my customer. I was surprised a the new security in place. I showed my company badge, signed in, and was lead to a desk under a sign marked "High Value Transactions". Plopped me right down in front of a terminal. I was really confused. The setup was totally different than what I was expecting from previous visits. So I started looking around for people I knew, etc... After about 10 minutes I realized I was in the data center for the WRONG company!

    So I got up and left. I have no idea how long I could have stayed there, or what I could have done. I suspect that if I had gotten out a screwdriver, I could have likely started shopping for hardware.

    Moral of the story: chaos breeds insecurity, and an "official" plastic badge with your picture on it is shockingly powerful.