Slashdot Mirror
Is it Just Me, Or Is Our Mainframe Missing?
xnuandax writes "Here's a salient lesson for those system security personnel who spend their time fretting over the theoretical crack-ability of their 1024 bit encryption keys. Australian Customs have recently suffered a rather unfortunate set back in their "War Against Terror" with the admission that two of their secure mainframe servers have been wheeled out of the building by persons unknown. I'll bet my $2 that the root password on those boxes was 'trustno1'."
... when you don't do retinal scans on pizza delivery people.
*starts looking for cheap parts on ebay*
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Isn't that how they always did it on Josie and the Pussycats cartoon? They'd dress up as "computer repairmen" and then wheel the computer out the door, which would then infuriate the bad guy and they'd have the chase scene set to a song.
I kept saying that's how I'd get my SGI Onyx that way, but it never seemed to work out. Anybody that steals a mainframe is either looking to part it out and sell it on Ebay, or they are going to melt it down for the valuable metals.
If telephones are outlawed, then only outlaws will have telephones.
is more important than anything else. Some years ago, people stole from Harrods in london, by simply taking a whole cash register, while disguised as maintenance men.
Oh well, what the hell...
The men, described as being of Pakistani-Indian-Arabic appearance
Thats PC for terrorist isnt it ?
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
yeah, that's unfortunate, but i'm sure that the fault lies with their security gaurd not the admin's
Let this be a lesson...
When you're caught being grossly negligent and incompetant, blame terrorists.
Simple security procedures.
Didn't anyone learn anything from losers like Kevin Mitnick?
Deography Photoblog
My last contract at a bank we did that; I won't mention the city, but the bank owned the buildings all around it and used them for storage. We had a bunch of contractors coming in for a workstation rollout, and the first day on the job I had them wander around the building, without ID of any kind, and just grab random computers and haul them across the street, using whatever explanation for it they felt like.
it was the NEXT DAY before any inquiries came in.
Oh, they also used the signs on the buildings you could see through the windows as admin passwords.
Why, yes, I AM a Pagan Libertarian.
The big question has to be; what have they left behind? The guys who knicked the servers were floating around the Customs building for the better part of 5 hours. I'd bet a penny to a pound that they left backdoors open to get back in when they feel like it.
From my perspective as a former sysadmin/security guy, how could someone not notice that 2 main fileservers were suddenly offline? Alarm bells should have been ringing the second they came offline. Where's the monitoring? I suppose at the very least that its a kick in the ass to anyone who thinks that physical security and good procedures are any less important than firewalls and network intrusion detection.
"I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
This just reminds us what the greatest risks are to any secure system: social engineering and inside men. If you look authoritative and dress up in a serviceman's outfit, very few people will question your actions. You can steal furniture, computers, machinery, tools, whatever by just looking important. By imporsonating a sysadmin on the phone, you can easily talk passwords out of gullible people. With a fake service order "signed" by the right people, the odds are endless.
On the same note, people inside an organization are often responsible for hacks, stolen information, and other things since they have the keys already!
It just goes to show the weakest portion of any system is the people.
Like for ages IBM's mainframes has a standard privileged technician account with the password "musigate", very useful when some BOFH expired my accounts. Ooops, you mean it's still musigate now?
Ceci n'est pas une signature
Sysadmin: "HA! I have patched all my software, yelled at all the users with weak passwords, locked down every possible port and continously monitor the allowed ones, and with this keystroke I will enable UNBREAKABLE encryption on every critical data file!"
*slams hand down to hit Enter key*
*hits bare desk*
...
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Hey, why all the hassle ?
A good sysadmin has all important stuff backed up. And if you do it properly the backup is sent to a offsite location. Isn't it easier to steal those backup tapes or discs? If you are lucky the outsourced company doesn't even notice the theft or someone who does not want to loose his job does not tell anyone.
So my question is: Do *you* encrypt your backups?
The Australian Customs Service has admitted the security blunder, but told customs officers in an email that no sensitive operational information was lost.
As we can see it's a well-planned action, and there's almost no way to sell the two mainframe for good profit. The major cost center of a mainframe lies mainly in the operational and maintanence, which are not applicable to stolen hardware.
Obviously, their target is the data within. If the authority do not start investigating what information the thieves are looking for and the possible use of the information within the stolen hw, the consequence might be very serious.
No more official BS. Do something before too late.
So, the servers had neither personal nor business data on it. So what's left? The server must have been empty then, good riddance.
In the last 24 months:
:-)
Afganistan: Australia's Special Air Service was there, saved a few yanks in a downed helicopter. The American soldiers seemed to thing these Aussies were all right.
Iraq: Australia sent 3 boats and about 2000 special forces personell. Did a lot of (if not all of) the ground based reconisance, plus about half the search and rescue missions.
East Timor: Liberated the poor little country from the Indonesians and wiped out the resistance. Free elections were held for the first time.
Indonesia: Sent Federal Police over who "helped" with the investigation into the recent Bali Bombing.
North Korea: We'll Be There!
Iran: Be a walk in the park!
Saudi Arabia: Hey, we all like cheap petrol!
Plus there's the fact we're all reasonably well off here in Aus, excellent education and health systems, great democratic political system, fair moral sense.
So you can see there's a few reasons the terrorists might not like us, although, if they do come here, we can easily melt their hearts with our koala bears, or melt their skin with our radiant sun
The Community and Public Sector Union, which represents customs officers, has asked for guarantees that none of its members is at risk as a result of the theft.
They've got to be kidding.
IMHO there should be some investigation into this level of incompetence. Procedures should be in place and followed. If procedures were followed, the person responsible for security (and the procedures) should be put out on their arse with zero chance of another job in security. If procedures weren't followed, the staff that didn't follow them should get their arses kicked.
To know that you know what you know, and that you do not know what you do not know, that is true wisdom. --Scooby Doo
It was the just RIAA removing a couple of infringing servers
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Just so people dont think we are complete nutters down here....
No mainframes were taken... they were two win32 computers taken from a semi secure? area.
I'm a little happy that they didnt leave a bomb in place of the two bombs that they took.
And a word of praise for the IT support staff. They had our systems back up in no time at all.
It was only on the second last day that someone questioned my actions. Until then, nobody thought twice about an unfamiliar person sauntering up their desk, unplugging their desktop PC, and walking off. Because the old PCs were so dusty, I wasn't even wearing my normal business attire -- instead, I was wearing jeans and a t-shirt.
This is by no means unusual. I've been to places where the IT employees did not know which servers do what, how many servers they actually have, or what the passwords are. In a place like that, a missing server may not be noticed for days!
Really? Then what the hell were they for?
They say
"They would have personal internal email accounts, probably the passwords for those accounts, and any information harboured within them.
hmm. 'personal email' sounds like personal information, and probably business and security related too. But then say:
The Australian Customs Service has admitted the security blunder, but told customs officers in an email that no sensitive operational information was lost.
So I guess they're just using their mainframes to advertise penis enlargement pills
"Customs officers use the accounts to communicate volumes of sensitive operational material and intelligence to each other, including information from other agencies such as AFP and ASIO. This would be at risk."
I give up.
I hate to give MS any credit, but even they figured that one out. Check out their Ten Immutable Laws of Security. -- "Law #3: If a bad guy has unrestricted physical access to your computer, its not your computer anymore."
Now we know how Telstra will save all that money...
Imagine a beowolf cluster of-- FUCK, they're gone!!!!/I>
You need a FREE iPod Nano
Customs has been advised that the servers did not contain personal, business-related or national security information.
Okayy.... So just what was on them, then?
They were completely empty. Completely. They never were used to and never inteded to be used, ever. Ever. Seriously. They were shut off since they were bought in 1982 and never, never, ever used for anything secret or anything. Especially not for anything secret at ALL... I SWEAR! This is a complete non-story, please stop asking about it. Nothing to see, nothing to write about, just normal EDS maintence contract gone wrong on some completely unused servers, pretty standard stuff. Here, look at the monkey.
"You just gave out my root password! "
Liar. I've seen your password. It's eight asterisks.
"Derp de derp."
(Google for heist60.mpeg if above if slashdotted)
If, as described, they were actual mainframes, the Customs people's statement that no sensitive info was lost/stolen might not be too far from the truth. In servers & other high end systems, it's not uncommon for the hard drives in the computer to contain only the OS & applications. The data used/created by the applications would be on a RAID attached to the computer. If that was the setup of the systems, the only actual data would system passwords and possibly temp data currently in use at the time of shutdown.
If, however, one or more of the systems was a RAID or some such data storage system, then the Custom's people are (as expected) lying through their teeth. The next question would be whether or not some form of encryption was in use (fs or application level).
It's just been replaced by this little linux server over here.
-pyrrho
OK to quote from the article:
After supplying false names and signatures, they were given access to the top-security mainframe room. They knew the room's location and no directions were needed.
Inside, they spent two hours disconnecting two computers, which they put on trolleys and wheeled out of the room, past the security desk, into the lift and out of the building.
Nowhere does it say that two mainframe computers left the building, only that tey got access tothe mainframe room. All the mainframes I ever worked on had their own wheels they were so big.
This is just typical lazy and/or sensational reporting by the original journalist.
Someone should read these before they get posted here. The Story is about lax access for the computer room - not about mainframes being stolen.
It was in a central room, which had one door and no windows. The door opened to a hallway. From that hallway, you could either go out past the receptionist, past one of the company founder's office, to get out the front door, or you could go the other way, past my office, and the offices of a couple other programmers.
We noticed the machine missing at noon. It had last been used at 11am. Between that time, the receptionist had been on duty, the founder had been at work in his office with the door open, and four programmers had been at work with their doors open, facing the hallway.
There had been the usual bathroom breaks, trips to the printer, and stuff like that, but still...it seems like it would require amazing timing to find an opportunity in there to sneak the thing out...and there was no vantage point outside the building from which one could see that the route would be clear.
This reminds me of a story...
I live and work in a certain large Far Eastern city, which has quite a few major financial institutions.
Several of these institutions use Sun hardware.
One of these institutions found that on Monday morning, their production system didn't work.
A bit more investigation found that the CPUs (8, IIRC) had all been removed. Apparently, someone walked in over the weekend and then walked out with several thousand dollars worth of UltraSPARC IIs under his arm.
They made a bit of fuss about this, boosted their security, and bought a bunch of new CPUs.
Then, a couple of months later, they found that their production system wasn't working on a Monday morning...
to access your data, I have to know your publicly available ID and I have to have access to the phone in your (unlocked) cubicle.
How well does your company pay their cleaning/janitorial staff? Suppose a coworker went into your cubicle and called IT from your phone -- how would security find out who did it?
I would assume that they would need to see your ID (as well as you) before resetting your password. If that is too burdensome, then have a system in which you contact your manager or HR. One of these can then log in through a secure connection and file a password reset request with your ID to the remote IT support site. The fact that they are logged in (with their password) at least ensures there is a starting point for an audit, and the odds of impersonation are less likely.
When in doubt, have a man come through a door with a gun in his hand.
...you can get in *anywhere* with them if you frown hard enough
Of all the possible password attacks mentioned in my favourite cryptography book the rubber hose method is my favourite.
The rubber hose method consists of kidnapping someone who knows the password and beating him with a rubber hose till he tells you the password.
Guess this could be called the wheel out method.
Sindri Traustason.
Encrypted root filesystem.
This is your sig. There are thousands more, but this one is yours.
At a previous employer, one of our customers had their main Netware server stolen during the working day.
Two men dressed as couriers wandered into the reception, said that had a faulty machine to pick up, were let into the machine room, and walked out with the 3000 file server.
It took the network admin over an hour to realise that the server had been taken - they had even logged a fault call with us stating that users were having problems accessing their data.
If this really was a mainframe, then the thieves essentially just got the CPU and no sensitive data was taken. Unlike a Win32 machine, a mainframe does NOT have any data (beyond configuration information) stored inside the box. All data exists on external DASD or tape devices. Unless the thieves wheeled those out, too, they didn't get anything sensitive.
Buzzing the information Superhighway at Warp speed
Reminds me of that ATM machine that was stolen from Snow Hall on military base, they didnt find it for 2 years until a long dry spell let a pond get real low.
For those that dont know Snow Hall is a tech training center and has 24 hour security and video cameras. The machine was quite large and bolted to the floor and since it was the day before payday it was full also. 250k was in it I believe.
Only bank robbers I know of that got away with it AFAIK.
Region 1 DVD's not allowed??
Since when??
Region Free DVD players are legal in Australia (Thank you Alan Fels!!)
Burma?
They presented themselves to the security desk as technicians sent by Electronic Data Systems, the outsourced customs computer services provider which regularly sends people to work on computers after normal office hours.
Another reason you should be damn careful about how you outsource, who you outsource with, and the security involved. People need to know who they're really dealing with and how to check.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
Fortunately, he had a change of heart later, though. The world would be a much riskier place with more people like him around, I think.
By the way, I kindof wonder just what my kid is learning in 2nd grade, nowadays. Some of those Dr. Seuss' Crime for Kids series are a little extreme, don't you think?
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
I had to visit the data center for a major financial center in Jersey City, NJ shortly after WTC. (A lot of the big iron is across the river from Manhattan... for price reasons more than security) Because of the sudden lack of available downtown office space, every available empty space in Jersey City was suddenly rented out.
So... I walked into see my customer. I was surprised a the new security in place. I showed my company badge, signed in, and was lead to a desk under a sign marked "High Value Transactions". Plopped me right down in front of a terminal. I was really confused. The setup was totally different than what I was expecting from previous visits. So I started looking around for people I knew, etc... After about 10 minutes I realized I was in the data center for the WRONG company!
So I got up and left. I have no idea how long I could have stayed there, or what I could have done. I suspect that if I had gotten out a screwdriver, I could have likely started shopping for hardware.
Moral of the story: chaos breeds insecurity, and an "official" plastic badge with your picture on it is shockingly powerful.
No, no, no, you've got it all wrong.
This is what really happened to them.
(That's a link to a 5MB mpeg, please be gentle, mirror and post a link!)
Heist
I am not allowed to change my password! Seriously!
I'm just waiting for _the_ major security incident...
When I was in college I worked for the computer lab. One day we set out to upgrade all the PCs. What we had to do first was get the old ones out of the way. We backed an unmarked white van up to the computer lab, opened the doors to the lab, and started taking the machines. It was during a school day. Students and faculty were walking by watching us. Occasionally one would even lend a hand (hold a door open a bit more, pick up a dropped mouse, etc... ) No one questioned us. Not even the student worker running the lab. We had not even made conversation with the worker during the entire time. After we loaded up the 20+ PCs and headed out our boss decided to call the lab and 'warn them against people stealing PCs'. The worker freaked! He said he was there when it was happening but since "they looked like they knew what they were doing so I didn't question them." The boss then let him in on the real story.
The key: just look like you know what you are doing.
"If you are on fire you can just stop, drop, and roll. If you fall into Lava you are just dead." - my 5yr old daughter
> "TOO MANY CASTERS" (referring to how they wheeled the servers out?)
Yes!
You win the prize, a decrypted 8-bit character!
Here you go: @
And everyone's right about the moderators. They screwed the pooch on this one. Metamods, go remove their mouse fingers.
I imagine he'd say, "Crikey! My last name starts with an I, not an E!"
Then he'd problably add, "Crocs rule!"
Virg
I live in Perth, Australia. Remote place.. in most cases, the cost of shipping an oldish SGI out of here is more than they're worth. Somehow tho, I seem to have become known as the old-sgi-man. People come to me and say "Don Alex, I have these old SGIs that need to be gone", I take them, then mysteriously others come to me and say "Don Alex, my poor family needs an SGI". I charge and take no money for this service. Mostly they've gone to students who are after some non-intel hardware to play with a unix on. Indys run Linux particularly well.
In the last 6 months, I think I've helped dispose of about 40 unwanted SGIs to good or better homes. Mostly Indys (about 30), but some O2s and Indigos as well. i'm working on the Onyx still...