Slashdot Mirror
Sprint Routers Stolen; NYC Internet Outage Ensues
cbnet2004 writes "This story on eWEEK reports that late Sunday night a number of Sprint's DS-3 network cards were stolen from a Verizon colocation center at 38th St in Manhattan. Some customers apparently have service back but a number remain down -- it could be a while. The latest rumor on this situation is that some fiber optic cables were cut as well; this could put the affected customers out for days more."
This quote sort of caught me off-guard as I imagine some customers might disagree:
Fleckenstein said that the outage was "not major," and not large enough to require a report to the Federal Communications Commission.
The beginning of the article states:
A handful of corporate customers were left without e-mail and Internet access Monday after the theft of networking equipment from a New York City office late Sunday.
So, I would guess that the "handful" of corporate customers who lost service probably felt it was major to them. I understand the notion that it was not major in the sense of being more widespread, I just think his comment could have been worded better.
Happy Trails!
Erick
http://www.busyweather.com/
Be on the lookout for crackheads with amazingly fast internet connections!
This story's been on for a while and i see very few posts .... not even the usual fp BS .....
How many people were affected by this?
What kind of stupid moron would steal something like that. Probably some crackhead shmuck who didn't know what it was and figured it was worth a buck.
Who'd you sell it to? Dude will be busted. Someone walks up to you in an alley and say "wassup cuz you wanna buy a ds3 innernet?" it raises eyebrows.
I don't need no instructions to know how to rock!!!!
If it's so easy to steal these things, I hope nobody steal's my ISP'#353708534 ### NO CARRIER ###
503 Sig Unavailable
The Signature could not be accessed. Please try again later or contact the administrator
Next week on Slashdot:
NIC thieves busted! Traced by MAC Address when the stolen components were plugged in.
Sounds like a disgruntled Verizon customer decided to take out his frustrations...in which case I can hardly blame him. It's unfortunate that others had to suffer, but a man can only get passed from call center to call center so many times before he snaps like a dried twig.
I'm surprised it didn't happen sooner.
---- El diablo esta en mis pantalones! Mire, mire!
Kind of like setting the password for your atmospheric shield to 1-2-3-4-5, then later finding out it's the same combination President Skroob uses for his luggage.
Much of the time, thefts at locales like this are often done by people with at least some inside knowledge of the site's security.
It'll be interesting to see where this investigation goes.
"You spoony bard!" -Tellah
...dumb crackheads with amazingly cheap DS-3 cards for selling on eBay.
I guess you could say the bigger the internet gets, the greater the chance it becomes for real life to come slapping it down. Somebody steals expansion cards from a CO = loss of service for 10's of 1000's of people. It's pretty interesting, almost reminds me of that Real Life DDoS schtuff.
in addition, no notice of the outage was posted to Sprint's Scheduled Maintenance and Outage page. Under FCC rules, phone carriers must report outages affecting more than 50,000 subscribers within two hours WHAT you are supposed to schedule your DS-3 cards being stolen 2 hours in advance
You might be able to get one cheap.
Talking about stealing cable....
I used to work in datacenters throughout Silicon Valley and let me tell you that unless they have hired some kick ass security guards than shit gets stolen all the time. Usually small stuff like PDAs, or the like. Once I heard of an entire rack being stolen when it was left outside, thank god they were empty. Security for these places should be like fortx knox, and the second the card was removed there should be of been a notification to the current on-site physical security detail. These systems will not work unless interopabrable measures are taken to make sure everyones eyes are wide open.
An Education is the Font of All Liberty
1. An employee stole the stuff and cut the wires to make it look like a vandal.
2. A vandal actually did it and will soon sell the goods on ebay
3. Spring is making the whole thing up to cover up their incompetence
4. The entire world is on crack.
Personally, I would vote choice 1.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
Sure, I could have brought in a stick and poked at lots of other customer's gear, thru the chainlink cubicles, but I mean, I was signed in and on camera.
Check the log - when did the affected net go down and who was there at the time?
It has got to be a short list of visitors and guards or somebody is really stoopid.
This issue is a bit more complicated than you think.
Some dude just sold me some DS3 cardz for like $30 bucks a piece! But they wont fit in my computer PCI slot! Plus I cant find where my phone jack plugs into it!!@!!!!!@# Someone help me! Man, im gonna be able to download so much more stuff than my dialup connection!
Thanks!~~~
How hard is this one to figure out?
"late Sunday night a number of Sprint's DS-3 network cards were stolen from a Verizon colocation center at 38th St in Manhattan"
This can also be read:
"late Sunday night a number of MAJOR TELCO's DS-3 network cards were stolen from a RIVAL MAJOR TELCO colocation center at 38th St in Manhattan"
The reward money can be sent to my spam-obfuscated email addy.
It all comes down to physical security in the end. You can have the most secure network, but usually anyone with physical access to the equipment can attack it in several ways. They can obviously steal it, or steal parts of it. Hot swap hard drives are great except when someone can run up to a server in an unsecured server closet and in a few seconds have all of a company's data in their hands. Obviously most hardware vendors also put password "backdoors" (think default Cisco configs) that allow you to override any passwords, or recover passwords from a serial port.
Most people spend way too much time on thinking of attacks from the Internet or employees, but usually don't look at someone who wants to sabotage the equipment. Computer rooms usually contain all of the proprietary data in a company, and most companies don't put that much effort into patrolling computer rooms for people who shouldn't be there. Executives should make sure that physical security is part of the I.T. plan from the beginning and not an afterthought.
I'm assuming in this case it was in a Verizon C.O. which are usually somewhat secure, but something like this could happen anywhere, computer sabotage I think will become more and more common in the future as businesses rely more and more on them.
being investigated by New York City Police and members of the joint terrorism task force
That's just great. Not that I don't hope they find the crooks to walked off with this stuff - but once the word "terrorism" pops up, all of the sudden I'm thinking Patriot Act.
These thieves might have gotten themselves some kick butt network hardware - but I bet they won't get themselves due process
Ryan Kennedy opposes comm
The outage affected area customers of Sprint Corp., including Ziff Davis Media Inc., the publisher of eWEEK.com.
No wonder eWeek was the first on the story, even though it took them a while to publish it.
The article mentioned that the fiber optics cables were cut, which is a great business opportunity for people who "join" those cables together.
100K or so a year for fixing fiber optic cables... I'm definently in the wrong field. Of course, those technicians have to be very precise or else you get refraction in the wire.
Yes! I listen to NYC Speedcore and do math at 3AM. I suggest you try it too.
Then again, I suppose it does take some network connectivity to build a Beowulf cluster...
UNIX? They're not even circumcised! Savages!
What if a terrorist had got in there and blew up all our data.
Then, if your hosting company isn't full of morons, you will restore it from the multiple backups.
I've got more mod points and GMail invi
That's the truth. I've worked in places where the management is more concerned with the security of the accounting department (which is paperless btw) than the security of the computer room down the hall. The accounting department had key card access, restricted hours, etc. while the computer room just had a regular old lock and the keys were kept in an office managers drawer.
Imagine my surprise to see this up on slashdot. Last night around 10 PM mountain I saw a couple circuits go down in NYC. So being the enterprising person I am, I immediately decided that it must be a higher level service problem with our Provider. I call them up, tell them what's going on, and they (Qwest) complete my suspicions and confirm they are having a higher level outage problem. About 4 AM Mtn I called Qwest for an update. They informed me that they were still waiting access as the site was currently cordoned off as a police crime scene and they were still awaiting access. Wow... Cool... never heard that one before during the night shift.
Can you ping me now? no?!!! oh shit!!!
Large chat rooms available for to discuss with the experts on a variety of subjects: cultural assimilation, border crossings, language skills, practical chemistry, and MORE.
GIRLS, GIRLS, GIRLS!!!!!
Find the young Islamic girl of your dreams -- hajib optional. All credit cards accepted.
Visit Osama World OnLine NOW!!!
Every mans' island needs an ocean; choose your ocean carefully.
I had two routers go missing from a transport room, which should have less people in and out. My name and phone number was all over the cabinet and the routers.
To be fair, I hadn't connected them yet, so they were just in the cabinet not powered up, and I was going to bring them up the next time I returned to that location, which was going to be in about 3 months. All to often, in a production environment, when there is an emergency, anything not powered up is often considered fair game. I'm sure that the routers are still in use at the company, I just can't find them.
Most colo space in our company is pretty secure. You'd have a pretty tough time getting in if you weren't supposed to be there. Even if you did get in to the colo space, most customers keep the stuff that they manage themselves in locked cages, inside the already secured colo space. Perhaps it was Verizon employees just trying to screw over Sprint. Or perhaps Sprint didn't secure their stuff properly.
------Can you hear me now?.
-- -- Warning. Do not stare directly at the sun.
Even though this is a Verizon location, the fact that it's Sprint equipment just makes it BEAUTIFUL in my eyes. Last time we had a problem with our Sprint OC-3, I called up the emergency number and got a voice prompt run around. Mind you, the POS interface was down/down with no sign of why it happened. Finally I got a "tech" who said the line was working normally. Then he said that he actually didn't know if it was up or down. At that point, I flipped out and told him to put a real tech on the line who could help me. Of course, that never happened, he instead forwarded it to their Layer 1/2 group. That whole experience left me with a horrible taste in my mouth. At a previous job, I had a mere T1 to Genuity. One time my boss needed a crossover cable and he took the one between the router and the firewall (can't make this crap up). Within mere minutes, Genuity called (this was the weekend mind you) and said "Ethernet0 is showing down, any idea why?" Let's see, Genuity is proactive with a T1, yet Sprint couldn't give a damn about an OC-3 POS line.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
Security for these places should be like fortx knox, and the second the card was removed there should be of been a notification to the current on-site physical security detail.
:)
Ar....that remind me of my days in a research lab.
Security guards downstair would be 'notified' whenever someone is attempting to reboot those SGI workstations at night. The problem was that SGI hanged up quite often. When this happen, we should either move to another workstation, wait til tomorrow morning. Sometime we had no choice but to trouble those security guards when we ran out of unhanged SGI.
Initially those security guards were nice to us as we didn't do reboot very often - until someone decided to replace all those SGI workstations with NT Alpha. You imagine how irritating to have been called 2-4 times every night.
Soon after the SGI were replaced by NT Alpha, those reboot-alarms were removed for obvious reason.
My point is, Seth was not special, there are many many places to off high end network gear.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
on ebay
Well... maybe not found it... but sure found a replacement!
I wonder if Sprint can afford it.
Hmm... I wonder if I just put myself, or them, on the FBI watch list...
In the mid 1990s parked my GTI in the West 12 th with out of state plates. I was staying at a friends young and naive. Only thing I left in the car was the "Matt pack" in the front seat and a small bag of dirty laundry out of site in the hatch. The Mattpack was a 5 pound lead acid battery with some electronics and LEDs on top for charging and current/voltage control.. About the size of a soda can but square and black. The top contained custom electronics job by Matt Kahn electicrical engineer extrodinare.
Who would want this? Its big its heavy and useless to anyone but me (It powered a flash for my camera.)
Stolen.
So were the dirty clothes.
Basically if your not carefull or tie stuff down in NY it will be stolen. I got over it but I still miss New York
One of those companies was our NY office ;) ;)
We lost our direct extension phone dialing ability to them (could use the full 10 numbers though) and they completely disappeared from our network. They still had regular internet connectivity through a 100mbit cogent line and were able to access other company resources through our other offices Citrix metaframe farms [note 1] with almost full capacity but we still recieved numerous calls at our office as only the road warriors were actually used to using that method for access. We have the licences, horsepower, redundancy, and data sharing ability for this exact reason, well actually in case of another terrorist attack but it works for this too
[note 1]
One thing stood out above all of this. About a year ago, a discussion at a network/desktop meeting lead to a disagreement but eventually a gadget VBS workstation AD weenie created a script on the pc's to "automatically" select connections to our fellow offices Citrix servers through the internal network if you were plugged into the internal network. It was to "eliminate" any http or https confusion as you technically did not need https if you were already on the company WAN, I guess the KISS approach was not a challenge. That was all fine and dandy until today when the route was down. They eventually pushed out an undo so you could connect either way but I wanted to call up and laugh and say I told ya so but I decided not too. What comes around goes around.
Bad boys rape our young girls but Violet gives willingly.
Or, if you can't afford solo, go managed hosting with a company like Rackspace.
I do.
I've been to one of their data centers. I met the former black ops specialist who's responsible for building them up and locking them down. Take a router? Ha. You can't get in door of the datacenter, much less into the datacenter.
I'll go back to my own equipment when I need my 1000th redundant DB master. Then I think I can afford to build the redundantly powered, redundantly backed up, quadratically backboned, overly secured, continuously manned building that goes around important production servers. Funny how the facility is usually left out of the equation not only of the cost but of the requirements for 24x7 uptime.
I've seen one too many people lingering in the XO co-lo facility on Barranca in Irvine, CA (last time I was there, anyway) reading the ID tags and ip addresses of the servers in adjacent cages. No thanks. I think I can begin to keep out Internet intruders, but physical accessors always have an advantage (cloop.o or not).
-- @rjamestaylor on Ello
Ahh.. I wonder if they will actually look on the other machines in the data center to make sure the theft wasn't just a cover for loading services/keyloggers/etc on the boxes through the data center... sort of a distraction with the fringe benefit of some sellable hardware.
meh
Ok - this is MY main pop - but im not a Sprint customer.
I mention this because I have some anecdotal evidence that shows that as secure as the mantrapped and biometrically scanned datacenters are, they really arnt.
Location: Exodus, New Jersey (its the datacenter that was in the big new building above the first path station in NJ - I just cannot remember the name of the building or the train station!)
Time: summer 1999
Issue: company needs to move 16 servers, 2 routers, a firewall, some switces and hubs out of the datacenter.
Procedure to enter: get signed in via biometric security and massive checkin procedure at front door. To get to the front door, you have to walk by the freight elevator, as well as a little wooden door with a twist lock on it.
How I got my kit out: I simply "borrowed" a hand cart, and walked out the back door (the little one I passed on the way to the checkin facility) The twist lock was on the inside, so I just un-locked it and walked out without anyone seeing me.
This made me feel REALLY secure.
Sorry for the AC.
My business initally heard stolen equipment but we were later told that it was caused by damaged equipment from a "Verizon union employee".
I was not on the call but that type of information is VERY specific and there is no gray area or room for interpetation there. I assume this is either totally 100% completely false or someone else knows something more.
The datacenters I've had gear located in have had great security. IN YOUR CAGE. They were very upfront about "if you leave your stuff laying around or your cage unlocked there's a good chance it'll be liberated."
Admittedly in these datacenters there were cameras everywhere..
And of course there are stupid people in these places -- like the folks (not from our company) that were wandering around and wondered "What does this Emergency Shutoff Button on this big power unit do?" Shut off a big portion of the datacenter. The result being certain folks permanently banned and better warnings/protection around the EPO buttons. (admittedly that's a tough one -- 'cause when you need to turn it off you REALLY don't want to waste time..)
Invalid Checksum. Retrying.
Dude...we're not talking about "network cards" in a PC. These are DS3 WICs, probably in 7206VXRs or the like. Not only is there no unscrewing of a case (other than the two thumbscrews at either side), but they're fine to yank while powered up.
What's amazing (and it may not be the case, as we don't know all of the details, I'm sure) is that a simple correlation of the start time of the network down event and the sign-in log and security cameras (if any) hasn't been done to ID who did it. These facilities aren't particularly heavily trafficed by people on Sunday evenings, and they usually aren't all that big.
Do not fold, spindle or mutilate.
Verizon has more unmanned facilities (at least at night) than you can shake a stick at. As a nocster for a regional ISP, I can tell you - when a circuit goes down at night, if the testing and troubleshooting w/ Vz requires access to a CO, fugetaboutit till daytime - you can escalate to hell and back, but ain't nothing happening (for emergencies, their on-call techs typically don't respond to pages). Compounding the problem, most of our other circuit providers have to use Vz for the last mile 'tail' circuit.
FP!! Wtf though is up with these ungodly ping times here in NY.
The physical security is usually pretty good. About on par with a normal Fortune 500 company, where you scan into areas that you have a reason to be in. The switch room is usually a little harder to get in, especially since 9/11. At Nextel, they actually hired armed guards for a short while when we almost hired an alleged Felon. A competitors security guard recognized him and tipped off our security. Turns out he was supposedly part of a crew that carted off entire racks of telecom equipment.
Getting back on topic. The cards sound like they are the DS3 that pop into a larger fiber demark, like an OC12, 48 or 192. The cards are pretty small and just have coax-looking DS3 plugs on the front (in, out, and monitor). These aren't cards you could really ever use anywhere else. It almost sounds like someone accidentally yanked the wrong cards during maintenence. Although, most telecoms are very religious about not doing maint during the day (if the outage started at night, tho, I'd say it was a switch tech who screwed up).
The reason I'd assert this is the theft was too small to be of any other value. Three DS3 cards aren't going to fetch much, and they're tainted goods. If you're malicious, you're not going to just grab 3. If you're damaging a competitor, grabbing 3 cards is somewhat silly. We commonly have a backhaul path in preparation for things such as this. For example, when I worked at Nextel a fiber dig broke a couple DS3s we had going through PacBell. Within 4 or 5 hours, we swung the traffic over to other DS3s that bypassed the carrier and area with the break.
On a side note, it was also an eye opener that the "Protected, Redundant" Ring-topology that we were paying extra for was not being provided by the Telco. Let's just say there were some very colorful conversations going on between companies at the VP level.
Hello owing to the death of my rch uncle I have come into possesion of some advanced technology. However due to the import / export restrictions I am unable to move it out of the country. I have some ds3 internet cards I will give you in return. Please contact me as soon as possible.
911: 911 Emergency line
Slashdot user: I just lost all Internet!!!
911: Excuse me?
Slashdot user: I was just about to first post to Slashdot, and I clicked "Submit," and nothing happened. I tried to ping them to see if I was dreaming, but got nothing, so I tracerouted and found out I couldn't get past localhost.
911: I don't understa...
Slashdot user: My god, this first post would have done wonders for my karma! And now I've been beaten by a goatsex troll...
911: Sir, this line is used strictly for emerencies...
Slashdot user: THIS IS AN EMERGENCY, DAMN IT!!! Send ambulences! DSL repairmen! Cowboyneal! I won't leave this computer until I get my Internet back, and I only have half a can of Mountain Dew to live on till then!
Like most/all Verizon Central Offices, security is via a keycard. If your keycard does not automatically grant you entry to the C.O., you must be manually allowed in by a guard. Each "guest" must sign in.
38th Street C.O. is just about the highest trafficked C.O. in the world, in terms of Frame Terminations and the like. Being in Central Manhattan, near one of the major CoLoc Hotels nearby, only increases the data throughput on all the eqpt therein.
Vandalism is most likely, performed by another company's techs.
Also- when they say it's not considered a "major" failure, it's b/c Verizon is strictly governed by the PSC's guidelines as to what constitutes "major". These guidelines provide the framework that determines how Verizon (and others) are/can be fined each year with respect to how many/long outages.
Not sure about SGI, but most standard UNIX machines can be rooted if you can get a custom boot floppy to boot so you can access the filesystem. NT is more difficult to compromise this way due to its convoluted/security-by-obscurity NTFS. That is not to say that NT is more secure, merely that this particular method is less useful.
We used to have a rack in a very prominent facility with lots of excellent security measures.
Unfortunately every one of these security measures could be easily bypassed.
The security guards didn't even ask us any questions or look at our ID when we moved our gear out of there. I'm glad we did!
Vixie gives it an allow ACL.
Cisco's "Packet" magazine calls it "this season's most secure flick".
NANOG calls it "an interface to remember".
(ignore the creative liberties. I was out of ways to tie things together...)
it worries me that people can just roll in there and steel our equipment
I don't need to worry about that because most of my equipment is steel already. Except my Powerbook, which is aluminum.
What if a terrorist had got in there and blew up all our data.
That would be terrible. I remember one time when I spilled all of my data on the floor. I was cleaning it up for days; it's almost impossible to get data out of a carpet once it dries!
For terrorists this would be a major blow to interest banking which they so abbhor.
I'm sure Osama bin Laden is at this very moment plotting to destroy those infidel bankers that are keeping his billions secure and earning him a nice revenue stream through his investments.
First off, let me just say that the one thing telcos get right is engineering for uptime and reliability. When companies talk about "dial tone" reliability, there's a reason for it. Think about it, when was the last time your phone stopped working (assuming you're still with a Baby Bell for local calls)? They have engineered triple redundancy for power for the station:
1. Two independent power feeds from separate substations each running at 50% with a crossover switch. If one station goes down, the other flips to 100% draw with no downtime.
2. Failing that, 2 diesel powered generators with enough fuel to run the CO for 3 weeks without interruption.
3. Failing that, enough lead acid batteries to run the entire station for 13 hours. Some of those dated back to the 60s, but were maintained in pristine condition.
Now, the one thing I will say is that co-located equipment was treated like it was coated in anthrax. It was maintained in a separate cage that could not be accessed from the main building. All co-located equipment was accessed from a separate street level entry that only had a single door and no monitoring. So if the stolen equipment was from Sprint in a Verizon CO, odds are that no one from Verizon was even watching it. (This was back when the 94 telecom bill was just coming into effect, so all of these rules were new...)
For the main building, we had to be escorted at all times, and the engineer we were with got antsy if we bumped against any of the equipment (including some great old magnetic physical switches that were still in use for some old lines). But I wasn't too impressed with the overall security. Some locked doors and a security guard but nothing fancy. That said, if any of Verizon's equipment had broken/shut down I'll guarantee that they have an immediate monitoring/notification system.
It's all about acting like you're supposed to be doing what you're doing. Act like you own the place, and nobody will say a thing to you.
Jeepers...
That can be a boot floppy too.
On a NT/2000/2003 box, PDC/AD-PDC etc, I can get complete root access in less than 10 minutes, provided I can boot from CD/floppy. (If the file system is encrypted, then no go, but I suspect that is very rare.)
Sure NT/2000 can be a pain to *fix* if the filesystem trashes a bunch of things. But we're talking about a system that is functioning properly.
And with the shatter exploits, priviledged escalation is trivial on a Win box.
Frankly, for most boxes, local access is game over, but for Win boxes, it's pretty dang easy. Just do a google search for "NT reset password" - the first link is a free-ware utility that will do it easily for you. Ironically, it uses Linux and Linux drivers to do it for you...
Cheers,
Greg