Slashdot Mirror
Peter Gabriel's Web Server Stolen
miller60 writes "Web servers hosting musician Peter Gabriel's web site have gone missing from their data center. "Our servers were stolen from our ISP's data centre on Sunday night — Monday morning," reads a notice at PeterGabriel.com. The incident is the latest in a series of high-profile equipment thefts in the past year, including armed robberies in data centers in Chicago and London. How secure is your data center?"
Wow. It never even occurred to me that people would execute traditional bank-style heists of data servers.
It's a handiwork of music pirates!
How could they have gotten in? Something like a sledgehammer maybe?
Never argue with a man carrying a water buffalo
Peter Gabriel isn't the first musician to be a victim of equipment theft. Earlier in the millennium BT and Hybrid suffered major setbacks in the making of long-awaited new albums when their computers were stolen. I remember being royally pissed when Hybrid's Morning Sci-Fi , already generating a lot of buzz based on the band's material at concerts, was delayed years just because some dumbass saw shiny electronics in a studio and walked off with them.
Did they break in with a sledgehammer?
Your mind is clear / The things that you fear / Will fade with how much you / Believe what you hear
If at first you don't succeed... buy a gun and go there in person.
Be on the lookout for a young man holding the server above his head outside a window...
The repercussions of this show what kind of destruction something like this can bring
Gabriel stole it from himself. He's jealous of Rick Astley's recent fame. He wants an internet Peter-roll using "Sledgehammer"...
For the amount of money that is invested in server equipment, I'm amazed that they don't have a server cam for security (sending high-res images of the room to a remote server via wireless or cable).
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
... As long as nobody hacks it from a spinning telephone booth.
A similar method of attack, layer 1 hijacking has been around at least 10 years now.
There were three...
One ring to bind them - should probably have more fiber and less rings in their diet.
But that server was stolen, too. Unfortunately, the servercam on that one pointed to another server... which was also stolen. That one didn't have a camera, however.
Did anyone else read the title and, quite literally, laugh out loud?
Just me, then?
I'll just go stand over in the corner where I belong, then....
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
There was a talk at ACM CCS a couple of years ago by a guy who specialized in physical security. He runs a company which works as site security testers. He told of being hired to check how secure a client's computers were in a "secure" data-center. The servers were in a floor-to-ceiling cage with a padlock and security cameras. All they had to do was to fake some passes to get into the data center and then either go under the floor or over the ceiling. In this data center, as in most, there was about a 2-foot crawlspace below the floor and another one above the ceiling. Floor-to-ceiling cages don't mean much if you can just go around them, and that's how many "secure" data-centers are set up. Likewise, the security cameras are only useful if someone is watching them, and in the places he tested, no one was. Since he was only testing, he didn't actually steal the machines, but he did put stickers on them to prove that he'd been there.
So, how secure is your data center: probably not very.
They will throw them in the BIG HOUSE!
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
To increase bandwidth, use firearms.
The data center I use has laughable security. An armed individual could easily gain entry.
That is stolen music.
Now you can tell the difference.
Our data centre is behind three locked doors and on the middle floor. I love telling people when I remote into a server "yeah, I'm rebooting a box 16 miles away, behind locked doors and guards..."
Ask not what you can do for your country. Ask what your country did to you
You guy's are not content stealing his music using P2P you have to use 'Ford Transit' too!! :D
Woo! :D
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
If they stole hardware from high profile places, they prolly post here...
Maybe in that Data Center some servers had stored images used in the extortion of the British Crown or corrupt cops, and the thieves were in fact hired by some english agency to take those servers out... and Peter Gabriel ones were unfortunately close to those ones. Wonder if jasonstatham.com had the servers in the same data center.
with these new containerized data centers you don't have to worry about hackers (crackers, whatever); you have to worry about somebody with one of these.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
I have a friend whose co-located server went down. The Linux partition was screwed, and it needed a reinstall something fierce. I couldn't reach him (he was on vacation), so I drove down to the provider to grab the box. They did not so much as ask for my name; they just let me in, said, "go on in the machine room and grab it." This perturbed me a bit (because the machine clearly had a label that said "Property of [not me]. Do not touch."), but I went in, took it, brought it home, and fixed it up. When I brought it back (with a new install of SuSe and the then newly-released 2.6 stable), the techs remarked that the owner's roommate showed up to see what was wrong with the server. Having been told that an unnamed individual was allowed to make off with the server, he threatened to call the police. The service provider's response to him was, (and I quote), "fuck off."
Gabriel's servers are hosted by Rednet Ltd, although that appears to be a defunct brand of a UK company called Opal Telecom, which in turn is a wholly owned subsidiary of Carphone Warehouse.
So his hosting company was the side-project of a prepaid cellphone company? He got what he deserved.
I wish I had a penny for every idiot that hosts with Joe and Bob's Basement Hosting Company and then bitches when the power goes out all the time, stuff disappears, etc.
Please help metamoderate.
OrgName: Media Temple, Inc.
OrgID: MEDIAT-10
Address: 8520 National Blvd.
Address: Building A
City: Culver City
StateProv: CA
PostalCode: 90232
Country: US
NetRange: 72.47.192.0 - 72.47.255.255
CIDR: 72.47.192.0/18
NetName: MEDIATEMPLE-105
NetHandle: NET-72-47-192-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.MEDIATEMPLE.NET
NameServer: NS2.MEDIATEMPLE.NET
Comment:
RegDate: 2007-05-30
Updated: 2008-01-10
To quote a favourite band of mine:
"But this feels so unnatural
Peter Gabriel too"
naah sig schmig
Stephan
http://stephan.sugarmotor.org
Fact is, due to inefficient software (and I am not talking about proprietary systems only) we are stuck with expensive machines. I wonder if more efficient systems such as Plan 9, not to mention Lisp and/or relational operating systems and machines, wouldn't enable us to have cheaper, and therefore less attractive to criminals, systems.
Leandro Guimarães Faria Corcete DUTRA
DA, DBA, SysAdmin, Data Modeller
GNU Project, Debian GNU/Lin
The company I work for has all of its servers in a secure colo. The place offers secured cabinets, secured cages with racks, and even does walled off areas of the datacenter floor with a secured door for high paying customers like Google. The facility is manned 24/7 with cameras all over outside and in. The rear of the facility is fenced and gated.
If you're on the roster for your company with floor access this is the process you have to go through to even get to your server:
-If it's at night, you have to use your RFID badge to get in the front door
-Check in with security and sign out for your key if the door is not a combo lock
-Security needs to buzz you through the first door
-RFID badge and finger print through two or three doors
-Iris scan in the man-trap to get to the datacenter floor
-Combo or the checked-out key to get in to the cabinet or cage
On regular intervals they check the people on the floor to make sure that you're suppose to be there.
I'm not saying this place is a fortified facility that can handle a team of insurgents. However, I'd feel that my equipment is safe from the theft I've been hearing about at some datacenters. For a cabinet with a 1Mbps commit data rate with an actual 10Mbps internet connection and IPs, it's about the same cost of having a T1 to the office.
For those that want to know who we use, it's Quality Tech.
I believe the server in question actually had a voice module and an OnStar interface. It broadcast this recording of the thief's voice over the secret OnStar 7500-code network:
"Don't talk back
Just drive the car
Shut your mouth
I know what you are..."
No music was STOLEN. Bits were relocated, but no music was STOLEN.
A long long time ago I can still remember How that music used to make me smile
And I knew if I had my chance That I could make those people dance And maybe they'd be happy for a while
But February made me shiver With every paper I'd deliver Bad news on the doorstep I couldn't take one more step
I can't remember if I cried When I read about his widowed bride But something touched me deep inside
The day the music died
so bye, bye Miss American Pie
Drove my Chevy to the levee but the levee was dry And them good old boys were drinking whiskey in Rye
Singing this'll be the day that I die This'll be the day that I die
Did you write the book of love And do you have faith in God above
If the Bible tells you so? Now do you believe in rock and roll?
Can music save your mortal soul? And can you teach me how to dance real slow?
Well, I know that you're in love with him 'cause I saw you dancing in the gym
You both kicked off your shoes Man, I dig those rhythm and blues
I was a lonely teenage broncin' buck With a pink carnation and a pickup truck
But I knew I was out of luck The day the music died
I started singing
Bye, bye Miss American Pie
Drove my Chevy to the levee but the levee was dry And them good old boys were drinking whiskey in Rye
Singing this'll be the day that I die This'll be the day that I die
Now, for ten years we've been on our own And moss grows fat on a rolling stone
But that's not how it used to be When the Jester sang for the king and queen
In a coat he borrowed from James Dean And a voice that came from you and me
Oh and while the king was looking down The Jester stole his thorny crown
The courtroom was adjourned No verdict was returned
And while Lenin read a book on Marx The quartet practiced in the park
And we sang dirges in the dark The day the music died
We were singing
Bye, bye Miss American Pie
Drove my Chevy to the levee but the levee was dry And them good old boys were drinking whiskey in Rye
Singing this'll be the day that I die This'll be the day that I die
Helter skelter in a summer swelter The birds flew off with a fallout shelter
Eight miles high and falling fast Landed foul on the grass
The players tried for a forward pass With the Jester on the sidelines in a cast
Now the half-time air was sweet perfume While sergeants played a marching tune
We all got up to dance Oh, but we never got the chance
'Cause the players tried to take the field The marching band refused to yield
Do you recall what was revealed The day the music died?
We started singing
Bye, bye Miss American Pie
Drove my Chevy to the levee but the levee was dry And them good old boys were drinking whiskey in Rye
Singing this'll be the day that I die This'll be the day that I die
Oh, and there we were all in one place A generation lost in space
With no time left to start again So come on Jack be nimble, Jack be quick
Jack Flash sat on a candlestick 'Cause fire is the devil's only friend
And as I watched him on the stage My hands were clenched in fists of rage
No angel born in hell Could break that Satan's spell
And as the flames climbed high into the night To light the sacrificial rite
I saw Satan laughing with delight The day the music died
He was singing
Bye, bye Miss American Pie
Drove my Chevy to the levee but the levee was dry And them good old boys were drinking whiskey in Rye
Singing this'll be the day that I die This'll be the day that I die
I met a girl who sang the blues And I asked her for some happy news
But she just smiled and turned away I went down to the sacred store
Where I'd heard the music years before But the man there said the music wouldn't play
And in the streets the children screamed The lovers cried, and the poets dreamed
But not a word was spoken The church bells all were broken
And the three men I admire most The Father, Son, and Ho
Virtual everything around here is being stolen for scrap metal value: irrigation pipes, public statutes, road rails, roof flashing, etc.
and then say
So. Us had no self control and was diggin in the dirt for some do it yourself security, eh?
*ow* What?
You also need to pay the guards more then the Minimum Wage like the Chicago data center was willing to pay with then say that being able bring your own gun being a big plus in the job posting.
my heart's going boom boom boom... (whatever that means)
Your data needs to be secure against:
* loss
* physical theft of media/hard drive/server
* interception over the wire
If Peter's box required a password to read his sensitive data AND he had backups AND a quick way to restore the backups and get back online, then he's in good shape. If he didn't then he could have prepared better.
Of course, if he really needed it, he could've gotten hot-failover with a data center in another city. That works well if your primary data center is taken offline by a small nuclear blast.
At some point though, you have to draw the line and accept the loss. If WWIII happens, if you are musician your server's data center is probably the least of your worries.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Sorry to reply with a personal story, but I once had a server in a secured facility in the downtown of a major city. I signed up with the place because on their web site it said "you get 24 hour secured access to your server". Amongst the many false advertisements, they couldn't offer me this because they didn't want commoners such as their paying customers to run amok in the data center.
So I take off on one columbus day weekend for a 3-day holiday. That friday night (midnight on a saturday), they power down my machine, move it to a different rack, plug in the wrong network port, and forget to power it back on.
I called on the monday at 7:00pm and mention there is a problem and ask if I can come check it out (20 minutes walk away from where I am) or if they can look at it. Since it's after hours, they say I can come in at 9:00 the next morning or PAY to have someone look at it.
So I go in the next morning to find out what had happened, fix it, then get on the phone with them about how they violated my contract in so many different ways while exhibiting gross negligence.
I'm able to get out of my contract, which had renewed itself after one year (this is called an evergreeen clause, NEVER sign one), but they were extremely resistant to refund my money, let alone credit me for the downtime or violations of their contract and service level agreement. I did, after two months, get back the money I had paid for the 5 days in that month I actually had service.
So, with all the building access, video monitors, locked entries, and staffed facilities where they don't let their paying customers come in unannounced or in the evening - my security was thoroughly compromised by their great incompetence.
Oh and prior to this they accidentally tripped power to the whole floor and didn't feel like mentioning it to me.
The longer version of this story contains more details of outrageous "are you kidding me?" moments.
point: go with a data center you can trust who has real people that will work to solve your problems instead of passing you around to people who can't help you. Also watch out for anyone jerking you around in sales or with contracts.
What? No link to his site?
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Dammit, CowboyNeal! I told you to steal Rick Astley's web server!
You could be right, I was just reading about that here.
Support Right To Repair Legislation.
Quite frankly, if you have hardware setup in a cage, it's not much effort to put your own cameras there, and use a utility like 'motion' on Linux to notify someone when any activity takes place in your cage.
Now that's what I call 0wn3ing a server. Hackers are getting more aggressive every day. The only thing more impressive would be if the hacker got his lawyer to get the courts to agree that he had the legal ownership of the thing. I wonder how vulnerable the law is to hacking?
In this Land of Confusion, only one man could be so evil to steal Peter Gabriel's hard drive: Phil Collins. Peter could probably fell it coming in the air tonight. (Oh! Lord!) But Seriously, (gotcha!) we'll see his true colors shining when the cops catch Phil throwing it all away. No son of mine would get away with that!
The Rapture is NOT an exit strategy.
A few years back, the Mirriam-Webster website (www.m-w.com) went down because someone did the same thing -- physically stole the servers. I thought at the time that this was pretty weird, but I guess that it isn't that uncommon.
Oh, they have a suspect but the only thing he'll say is I don't remember, I can't recall, I don't remember anything at all...
(n/t)
Everything I needed to know about life, I learnt from Blake's Seven
If at first you don't succeed... buy a gun and go there in person.
True enough.
How secure is your data center?
I keep my data in Texas.
Now, originally, I was going to leave it at that (true) little joke, but then I noticed something about the cited break-ins:
- one in Chicago, where private gun ownership is banned (a place called "Illinois")
- one in London, where private gun ownership is banned (a place called "Britain")
Determined, armed robbers who knew who knew the bargaining power they'd have over their victims. If someone's going to threaten lives to get their way, 1) make them risk the same, and 2) give yourself an even chance of defending your own instead of resigning yourself to the capricious whims of the assailant, who may be reasonable and focused on the theft at hand, jittery, focused on killing you, cowardly enough to back down to any threat, unreasonable enough to heed no threat, or anything else you can imagine, all beyond your control.
You're willing to take your chances that the assailants will be satisfied by taking your stuff? You don't know their objective or their motivation, and not even they know how they will respond to the second-to-second situation. It's not at all unusual (therefore not unlikely) that such an assailant will plan, or even decide as the situation unfolds, that it's best to leave no witnesses. Your life will be at the mercy of chance. You might think differently if you thought there was a decent chance you'd die even though you surrendered. History is replete with examples of people fighting for their lives when so fighting represented their best (or sometimes only) chance for survival. Your chances of surviving by surrender to an armed attacker are worse than you think because don't know their intent, future decisions, or future accidents. As an afterthought, it might be better to leave no witnesses, especially since they've already surrendered.
If you don't want to be armed, that's of course your prerogative and your actions can make that a reality. But you cannot, by your actions, disarm your would-be assailants any more than you can dictate what breakfast cereal they eat no matter how vehemently or self-righteously you may disagree with their choice. Neither is it your prerogative to dictate to others that they may not defend themselves, but that doesn't seem to be the opinion of the typical Illinois or New York resident, let alone Britons, nor, therefore, of their government representatives, so the laws reflect that. If you have the bad fortune to meet an attacker in Illinois who wants you dead, you may either 1) submit and die, or 2) attempt to defend your life with a deadly weapon, which will result in either your death or your subsequent imprisonment by the state for having the wherewithal (the gun and the will to carry and use it) to defend your life.
The whole god-complex a bitter price to pay for Texas, but at least they don't consider it a crime to materially disagree with their views (mostly; cf. "unlawful" sex between consenting adults or other such biblical pettiness), and they let you respond to deadly force with deadly force. By comparison, the intellectual climate of Illinois or New York is more tolerant, but they don't let you respond to deadly force with deadly force, and they do consider it a crime to disagree with this. Compare: live in Texas, disagree with local religion, versus live in Illinois and carry a gun to defend your life-- let alone defend yourself with it during an actual armed assault; see which one leads the state to imprisoning you as an enemy of and threat to society.
So it's one thing to make sure your data's safe, but I think it's just a nice possible consequence of changing the safety of its overseers from all chance to a "fighting" chance.
And yes I mean to be ambiguous about which of the 4 jurisdictions I've mentioned I do or don't inhabit. I suppose a native of any of them could come to have simila
A rash of data center hardware thefts is the starting point for the cyber-punk audio book on podiobooks called Beautiful Red. Very good listen. http://www.podiobooks.com/title/beautiful-red/feed/
http://www-03.ibm.com/systems/z/hardware/z10ec/specifications.html
Because they weigh in at over 2800lbs and have a footprint of 30sqft.
Stop right here. The rest of this discussion is a mobius strip of really bad jokes using titles of the few Peter Gabriel hits as gags. There are literally more than 50 Shock the Monkey jokes in here.
Don't say you weren't warned before continuing on in this discussion. Run while you can!
blah blah blah
this is only the genesis of our discontent...
One of my clients has their on-site data center in an isolated basement room with 50cm thick, solid walls, accessible only through a single, reinforced steel door in a secured room above. Also, the data center has a pure nitrogen atmosphere. Signs on the entry door, as well as the door to the security room warn "Non Breathable Environment. Breathing apparatus required" Said apparatus is in a separate secured room, in built-in, double locked safes. Both secured rooms have guards on duty 24/7.
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
or is it just me...
Hackers have long memories. It works both ways.
Mainly because they're in my house... in Canada... on the east coast.
x86, oh yes, I'm pro.
My data center has 24 hour surveillance and theft deterrent. So far no one has stolen my servers.
No sig for you. YOU GET NO SIG!
So -- here's a question: can you bypass this issue entirely by basically having a virtualized server on a grid of machines?
:)
Then there isn't a single machine to steal. You'd have to go all David-Bowman-on-HAL, pulling everything out to actually steal the server.
And if you were on a particularly sizable piece of Iron, it might be harder to carry the thing off.
Physical security is still important, but it's interesting to see that entire machines might benefit from the same kind of security bits in general do -- if you want them to be persistent, you spread them across as much hardware as possible.
Tweet, tweet.
Peter Gabriel's web presence isn't just about his ( great ) music.
His Witness project, co-ordinating on-the-spot hand held video recordings of human rights violations, is imaginably a far more serious target.
http://www.witness.org/
from their site:
WITNESS was founded in 1992 by musician and activist Peter Gabriel and the Reebok Human Rights Foundation as a project of the Lawyers Committee for Human Rights (now Human Rights First). In 1988, Peter was part of Amnesty Internationalâ(TM)s Human Rights Now! Tour. He was struck by the stories he heard from survivors of human rights abuses and the lack of attention these stories received. Peter had brought along one of the first camcorder models and realized the potential of video as a tool against abuse; he noted that perpetrators of abuses were often brought to justice when photographic or video evidence of abuses existedPeter Gabriel is always looking for secure ways to stream video content from troubled spots to his servers that they may be archived and shared.
If this project was effected by this theft that is far more of a crime than what is being discussed here. even phil collins.
then real things happen to the virtual world
This is a good ad for Sealand or The Bunker.
Perhaps the concept of having you host on Sealand is not quite so idiotic after all.
I always wondered why they put the hard drives with the CPU units. It makes more sense to simply create a self cooled bank vault like unit that holds all of the hard drives and requires multiple people to access and or is setup on a time specific access. Setup the rest of the units so you can install cpu's etc and just plug in fiber array that accesses a series of hard drives dedicated to that unit. You could even setup a controller switch that simply dedicates specific arrays to differing Racks based on their usage. This would let you run websites at differing efficiency in regards to CPU power usage since you don't always need the latest xeon to run a big name website.
You could even setup a self programming algorithm that caches specific websites to specific racks during certain times of the day.
You can control the cooling, the data, and the processors all separately. Make the boards and CPU's easier to access and replace without having to worry about data security. You simplify the entire array based on needs and secure the data. You would also cut down on the security needs of the data center.
Datacentres are on average no harder to get in than a hooker's pants. In fact, it's even easier, on account of them not even asking for money.
I've been to several datacentres where I noticed several security issues. The most ridiculous one was as follows:
Got there just after midnight to pick up my server. I had notified them that I'd be doing this, but didn't state exactly when I'd be there. As soon as I walked up to the security desk and said "Here to pick up my server" he gave me an "all areas access card". I then asked for the key to the specific rack, which I was given without any questions. I then went and got my server, returned the keys/card and left. At no time was I asked to state my name, show ID or sign anything.
So what I'm saying is: anyone schmuck can just walk in there and leave with whatever the hell they want. Sure, their rules state you're supposed to be IDd, but the security guys seem to ignore that fact. I love security.
"If you have a problem, if no one else can help, and if you can find them*, maybe you can hire..." http://en.wikipedia.org/wiki/A_Team
*: not on the maps/your SatNav and bad layout of the industrial estate they're based in.
i'd go up on Solsbury Hill and try Digging in the Dirt. they got his server huh? So.
How about an IT Staffer armed with a
... it shows up on ebay