Is it Just Me, Or Is Our Mainframe Missing?

xnuandax writes "Here's a salient lesson for those system security personnel who spend their time fretting over the theoretical crack-ability of their 1024 bit encryption keys. Australian Customs have recently suffered a rather unfortunate set back in their "War Against Terror" with the admission that two of their secure mainframe servers have been wheeled out of the building by persons unknown. I'll bet my $2 that the root password on those boxes was 'trustno1'."

I bet I know where those machines are...

[Capt'n+Hector]

*starts looking for cheap parts on ebay*

Physical security

[HermanAB]

is more important than anything else. Some years ago, people stole from Harrods in london, by simply taking a whole cash register, while disguised as maintenance men.

PC

[Timesprout]

The men, described as being of Pakistani-Indian-Arabic appearance

Thats PC for terrorist isnt it ?

Re:PC

[Brad+Mace]

A Pakistani, an Indian, and an Arab walk into a server room...

I forget the rest, but the Australian government ends up looking like a bunch of tools

Those pesky Pakistani-Indian-Arabians!

[balthan]

Let this be a lesson...

When you're caught being grossly negligent and incompetant, blame terrorists.

Re:Those pesky Pakistani-Indian-Arabians!

[MoonFog]

Obligatory Simpson quote :
"If something goes wrong, blame the guy who doesn't speak English"

simple security procedures

[erfmuffin]

.. bah.. bloody idiots. And I bet these are the same people that call me up and expect me to tell them their passwords over the phone and then get pissed off because I want their details..

Simple security procedures.

Didn't anyone learn anything from losers like Kevin Mitnick?

Re:simple security procedures

[1lus10n]

Didn't anyone learn anything from losers like Kevin Mitnick?

Nope. if they did social engineering wouldnt be as easy as it is, and believe me it is EASY. i work for an outsourcing company (3000 employees, dual OC 192 connections, and two brand new V880's) and they dont employ ONE security person, they have no security policy. and we are doing work for some of the top companies in the telecom/datacom industry. amusing from my perspective anyway.

My IT team did that once.

[paganizer]

My last contract at a bank we did that; I won't mention the city, but the bank owned the buildings all around it and used them for storage. We had a bunch of contractors coming in for a workstation rollout, and the first day on the job I had them wander around the building, without ID of any kind, and just grab random computers and haul them across the street, using whatever explanation for it they felt like.

it was the NEXT DAY before any inquiries came in.

Oh, they also used the signs on the buildings you could see through the windows as admin passwords.

Its not just what was taken...

[PerryMason]

The big question has to be; what have they left behind? The guys who knicked the servers were floating around the Customs building for the better part of 5 hours. I'd bet a penny to a pound that they left backdoors open to get back in when they feel like it.

From my perspective as a former sysadmin/security guy, how could someone not notice that 2 main fileservers were suddenly offline? Alarm bells should have been ringing the second they came offline. Where's the monitoring? I suppose at the very least that its a kick in the ass to anyone who thinks that physical security and good procedures are any less important than firewalls and network intrusion detection.

Re:Its not just what was taken...

[PerryMason]

[The representative] said the stolen servers did not contain sensitive information.

Because you'd expect them to say anything different? Hell, the theft took place on the 27th of last month and since then the very woman whose job it is to ensure physical security of the site has been involved in a Parliamentary review of National security. She managed to appear a few times and didn't mention the theft once.

The short answer is that they'll tell you nothing if they think they can get away with it, then tell a lie when caught out telling nothing and then when caught lying, they'll claim they had to lie for the protection of "National Security".

Biggest security hole in any corporation...

[silverhalide]

This just reminds us what the greatest risks are to any secure system: social engineering and inside men. If you look authoritative and dress up in a serviceman's outfit, very few people will question your actions. You can steal furniture, computers, machinery, tools, whatever by just looking important. By imporsonating a sysadmin on the phone, you can easily talk passwords out of gullible people. With a fake service order "signed" by the right people, the odds are endless.

On the same note, people inside an organization are often responsible for hacks, stolen information, and other things since they have the keys already!

It just goes to show the weakest portion of any system is the people.

Possible Scenario

[cybermace5]

Sysadmin: "HA! I have patched all my software, yelled at all the users with weak passwords, locked down every possible port and continously monitor the allowed ones, and with this keystroke I will enable UNBREAKABLE encryption on every critical data file!"

*slams hand down to hit Enter key*

*hits bare desk*

Reminds me of the story

[nagora]

of the three guys that walked into a Belfast pub and stole the newly fitted carpet while the pub was open. They just said the wrong stuff had been delivered and apologised to the customers as they worked around them.

TWW

No official BS

[jsse]

The Australian Customs Service has admitted the security blunder, but told customs officers in an email that no sensitive operational information was lost.

As we can see it's a well-planned action, and there's almost no way to sell the two mainframe for good profit. The major cost center of a mainframe lies mainly in the operational and maintanence, which are not applicable to stolen hardware.

Obviously, their target is the data within. If the authority do not start investigating what information the thieves are looking for and the possible use of the information within the stolen hw, the consequence might be very serious.

No more official BS. Do something before too late.

Re:No official BS

[wagemonkey]

They weren't mainframes, they were servers.

1) If it was a mainframe there'd be no point stealing the CPU, there's no hard drives in it, you need to take the DASD.
2) If it was a mainframe CPU and/or DASD 2 guys couldn't hack it - you'd need a crane or possibly a forklift- if it's a small box. They are big+heavy.
3) Of course the bigger mainframes are water cooled as so they'd need more time for the plumbing or someone would have noticed the leaks...

The article says they were let into the mainframe room and put the computers on trolleys, then later they refer to "mainframe servers". It doesn't add up-what a surprise the reporting is vague.

Still, in my opinion (fwiw) the most likely thing stolen is big HP/IBM/DELL servers. These are often put in mainframe rooms to take advantage of the (ha!) physical security, air-con and halon systems. You'd also be a lot more confident of being able to actually hack in to one of these, without the dedicated power supply and other costs you mentioned.

they didn't need that server anyway

[stray]

qouth the fa:

Customs has been advised that the servers did not contain personal, business-related or national security information.

So, the servers had neither personal nor business data on it. So what's left? The server must have been empty then, good riddance.

Re:Australia

[lucifer_666]

In the last 24 months:

Afganistan: Australia's Special Air Service was there, saved a few yanks in a downed helicopter. The American soldiers seemed to thing these Aussies were all right.

Iraq: Australia sent 3 boats and about 2000 special forces personell. Did a lot of (if not all of) the ground based reconisance, plus about half the search and rescue missions.

East Timor: Liberated the poor little country from the Indonesians and wiped out the resistance. Free elections were held for the first time.

Indonesia: Sent Federal Police over who "helped" with the investigation into the recent Bali Bombing.

North Korea: We'll Be There!
Iran: Be a walk in the park!
Saudi Arabia: Hey, we all like cheap petrol!

Plus there's the fact we're all reasonably well off here in Aus, excellent education and health systems, great democratic political system, fair moral sense.

So you can see there's a few reasons the terrorists might not like us, although, if they do come here, we can easily melt their hearts with our koala bears, or melt their skin with our radiant sun :-)

Relax

[Timesprout]

It was the just RIAA removing a couple of infringing servers

How is this unusual?

[bertok]

I can relate to this with personal experience. One of my first IT contracting jobs was a two week Windows 2000 rollout at a 110 user company. My job was to pick up every desktop one by one, take it up to the IT cubicle, Ghost six of them at a time, then return the computers. I liased exlusively with the sole IT administrator there.

It was only on the second last day that someone questioned my actions. Until then, nobody thought twice about an unfamiliar person sauntering up their desk, unplugging their desktop PC, and walking off. Because the old PCs were so dusty, I wasn't even wearing my normal business attire -- instead, I was wearing jeans and a t-shirt.

This is by no means unusual. I've been to places where the IT employees did not know which servers do what, how many servers they actually have, or what the passwords are. In a place like that, a missing server may not be noticed for days!

It's been a while hasn't it?

[Mulletproof]

Imagine a beowolf cluster of-- FUCK, they're gone!!!!/I>

Mainframes or file servers?

[klevin]

If, as described, they were actual mainframes, the Customs people's statement that no sensitive info was lost/stolen might not be too far from the truth. In servers & other high end systems, it's not uncommon for the hard drives in the computer to contain only the OS & applications. The data used/created by the applications would be on a RAID attached to the computer. If that was the setup of the systems, the only actual data would system passwords and possibly temp data currently in use at the time of shutdown.

If, however, one or more of the systems was a RAID or some such data storage system, then the Custom's people are (as expected) lying through their teeth. The next question would be whether or not some form of encryption was in use (fs or application level).

Re:Mainframe repairmen!

[1u3hr]

Read the article. It states that the theives were likely after information instead of hardware.

The article "states" that, but how does anyone know? The thieves didn't give any interviews.