Slashdot Mirror
Verizon Central Office Heist Spoiled By 911 Outage
Qbans writes with a link the NYTimes story on a foiled robbery attempt at a Verizon Central Office in White Plains, New York, snipping "The plan seemed simple enough. The building had been cased and the burglars knew exactly what they wanted - advanced computer circuit panels that could be sold on the black market for hundreds of thousands of dollars." Qbans points out that this story parallels a previous story on how equipment was (successfully) stolen last May. Update: 11/27 22:01 GMT by T : Reader Dave C contributes a link to coverage at the registration-free JournalNews.com.
Registration free link, thanks to Google
The plan seemed simple enough. The building had been cased and the burglars knew exactly what they wanted - advanced computer circuit panels that could be sold on the black market for hundreds of thousands of dollars.
The night before Thanksgiving, about 8 p.m., they entered the Verizon building in White Plains undetected and set to work.
But as the criminals removed the panels, they soon triggered problems across Westchester County. Most problematic, 911 systems across the region began to crash. By the time some 150 panels were removed, roughly 25,000 people had lost 911 service.
At 9:51 p.m., the White Plains Police received a call alerting them to the fact that there might be a problem at the Verizon building. Still unaware that burglars were at work inside, a patrol car rolled up to the site, according to Inspector Daniel Jackson.
"Literally, the two guys were walking out the door," Mr. Jackson said. They were carrying two large boxes when the officer shouted for them to stop. The men dropped the stolen boxes, fled on foot and were eventually run down by the officer and arrested, Mr. Jackson said.
The two men were identified in a criminal complaint as Larry D. Davis, 43, of Brooklyn, and Gailican Phillips, 34 of Manhattan.
They have been charged with conspiracy to commit interstate shipment of stolen property, a federal crime with a maximum sentence of five years in jail, according to the complaint.
Mr. Jackson said that the burglary itself was not as disturbing as the widespread effect it had on the 911 system.
The police are working with the F.B.I. and the Department of Homeland Security on the case. Terrorism has been ruled out as a possible motive.
Although the burglary occurred in the Verizon building, the stolen equipment belonged to some half-dozen other telecommunications companies that use the premises to house part of their operations. No Verizon customers were affected, a company official said.
Dan Diaz Zapata, a spokesman for Verizon, said the building had many levels of security - from video cameras to security badges to on-site guards - and that the company was cooperating with local and federal authorities. Mr. Zapata said that Verizon had redundancy capabilities built into its system that would have prevented a theft of their own equipment from having such a wide impact.
Mr. Jackson said that there had been a theft at the building once before, in 2003, and the police had reason to believe one of the two men involved Wednesday also took part in that operation. He would not elaborate on other details in that case. However, much less was stolen then.
According to the complaint filed in Southern District of New York, the circuit boards ranged in value from $5,000 to $70,000 each and, all told, were worth in excess of $1 million. The plan was to deliver them to an unnamed co-conspirator who, in turn, planned to sell them to an unnamed company in California, according to the complaint.
"There apparently is a strong, robust black market for this stuff," said a federal law enforcement official, who insisted on anonymity for fear of saying something that would compromise the investigation.
There have been two other similar burglaries in New York City and New Jersey in recent years, according to Mr. Jackson. Those thefts were much smaller in scale.
National Infrastructure Coordination Center of the Department of Homeland Security is also working with local police because of concern that the 911 system could be relatively easily compromised.
After arresting the two men and photographing the stolen circuit panels, the police returned them to the companies that owned them. Once reinstalled, the 911 problems ended, and by 7 a.m. the system was back to normal, Mr. Jackson said.
Police said the panels that were stolen were each about the size of a legal pad and are used by telecommunications companies to transmit data and connect calls. There is an industry standard for the panels and they can easily be transferred from one computer to another.
Potential buyers of the panels on the black market range from small telecommunications companies to overseas clients, the police said.
The entire SS7 switching infrastructure would have to be updated to support directly addressing individual boards. Not likely to happen.
I'm still curious as to how they got past the guards, unless they had ID showing them to be from one of the telecoms colocating equipment there.
500GB of disk, 5TB of transfer, $5.95/mo
Local police stations have individual normal phone numbers, and some districts have 311 for nonemergency police. All they had to do was call the local station, have them get out there.
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
Third world demand for stolen components seems to have tailed off, according to this article.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Yes, boards generally have serial numbers and on all modern equipment (and even not-so-modern equipment of the carrier-class variety) it can be retrieved over the network management channels.
... by someone at the company using the stolen boards.
...AND the thieves or recipients did not change the serial numbers in the PROMs...
No sane company allows outside access to their network management channels. So unless the serial numbers were kept on file by the victim (which isn't always the case, sometimes docs fall behind quite badly) and those serial numbers were published so publicly and so broadly that one of the 5-10 people at the company using the stolen property who had clearance to access the serial numbers became aware of them, AND that person made the decision to become a whistleblower...
There's a lot that would need to happen for a company to get caught this way. If they were incredibly stupid and bought support contracts with the original vendor for the equipment (which they might do if they didn't know it was stolen,) the serial numbers might raise some alarms. Again, if the original vendor was informed and coordinated enough to connect the dots.
Someone had to do it.
from anonymous sources:
(4 ea) ws-x4515
(6 ea) ws-x6724-sfp
(5 ea) ws-f6700-cfc
(10 ea) ws-sup720
(10 ea) ws-f6k-pfc3a
(8 ea) ws-x6704-10ge
(32 ea) xenpak 10000mbps 802.3 line cards
The manufacturer keeps the serial numbers. When I worked for Lucent installing equipment like this, all the boards had serial numbers.
Anything purchased thru legit channels had the serial numbers recorded not only by the sales dept, but by the installing tech.
Cards purchased thru E-Bay were most likely registered to someone else.
There is a big market for older switching equipment components (ATM, Frame Relay, SS7, etc.) in Asia, the Middle East, Africa and Latin America. What is obsolete or close to obsolete in Europe and N. America is just entering its prime in other markets.
Serial numbers are network addressable (SNMP) though PROMs can be changed by those smart enough.
Learning HOW to think is more important than learning WHAT to think.
This article scares the hell out of me. Not because some dudes broke into a building and stole some stuff -- that's to be expected. It's because removing a few isolated pieces of equipment managed to paralyze the county's 911 system. Seriously -- do they actually run tests to see what happens if they pull the plug?
The rule for redundancy is that you've gotta have the equipment in more than one place. The redundant equipment shouldn't have been in the same building, let alone the same town.
A few years ago, an underground steam explosion knocked out the main phone and power stations for my area (both of which were stupidly placed smack next to each other). Because of the way the network was designed, phone service was not interrupted at all and the power went out for about 10 minutes. This was from an explosion which completely severed the connections to both buildings. THIS IS HOW IT SHOULD WORK.
-- If you try to fail and succeed, which have you done? - Uli's moose