Slashdot Mirror
Peter Gabriel's Web Server Stolen
miller60 writes "Web servers hosting musician Peter Gabriel's web site have gone missing from their data center. "Our servers were stolen from our ISP's data centre on Sunday night — Monday morning," reads a notice at PeterGabriel.com. The incident is the latest in a series of high-profile equipment thefts in the past year, including armed robberies in data centers in Chicago and London. How secure is your data center?"
Wow. It never even occurred to me that people would execute traditional bank-style heists of data servers.
It's a handiwork of music pirates!
How could they have gotten in? Something like a sledgehammer maybe?
Never argue with a man carrying a water buffalo
Peter Gabriel isn't the first musician to be a victim of equipment theft. Earlier in the millennium BT and Hybrid suffered major setbacks in the making of long-awaited new albums when their computers were stolen. I remember being royally pissed when Hybrid's Morning Sci-Fi , already generating a lot of buzz based on the band's material at concerts, was delayed years just because some dumbass saw shiny electronics in a studio and walked off with them.
Did they break in with a sledgehammer?
Your mind is clear / The things that you fear / Will fade with how much you / Believe what you hear
If at first you don't succeed... buy a gun and go there in person.
The repercussions of this show what kind of destruction something like this can bring
Gabriel stole it from himself. He's jealous of Rick Astley's recent fame. He wants an internet Peter-roll using "Sledgehammer"...
For the amount of money that is invested in server equipment, I'm amazed that they don't have a server cam for security (sending high-res images of the room to a remote server via wireless or cable).
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
... As long as nobody hacks it from a spinning telephone booth.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
A similar method of attack, layer 1 hijacking has been around at least 10 years now.
There were three...
One ring to bind them - should probably have more fiber and less rings in their diet.
But that server was stolen, too. Unfortunately, the servercam on that one pointed to another server... which was also stolen. That one didn't have a camera, however.
Did anyone else read the title and, quite literally, laugh out loud?
Just me, then?
I'll just go stand over in the corner where I belong, then....
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
There was a talk at ACM CCS a couple of years ago by a guy who specialized in physical security. He runs a company which works as site security testers. He told of being hired to check how secure a client's computers were in a "secure" data-center. The servers were in a floor-to-ceiling cage with a padlock and security cameras. All they had to do was to fake some passes to get into the data center and then either go under the floor or over the ceiling. In this data center, as in most, there was about a 2-foot crawlspace below the floor and another one above the ceiling. Floor-to-ceiling cages don't mean much if you can just go around them, and that's how many "secure" data-centers are set up. Likewise, the security cameras are only useful if someone is watching them, and in the places he tested, no one was. Since he was only testing, he didn't actually steal the machines, but he did put stickers on them to prove that he'd been there.
So, how secure is your data center: probably not very.
They will throw them in the BIG HOUSE!
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
That is stolen music.
Now you can tell the difference.
Our data centre is behind three locked doors and on the middle floor. I love telling people when I remote into a server "yeah, I'm rebooting a box 16 miles away, behind locked doors and guards..."
Ask not what you can do for your country. Ask what your country did to you
You guy's are not content stealing his music using P2P you have to use 'Ford Transit' too!! :D
Woo! :D
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
If they stole hardware from high profile places, they prolly post here...
with these new containerized data centers you don't have to worry about hackers (crackers, whatever); you have to worry about somebody with one of these.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
I have a friend whose co-located server went down. The Linux partition was screwed, and it needed a reinstall something fierce. I couldn't reach him (he was on vacation), so I drove down to the provider to grab the box. They did not so much as ask for my name; they just let me in, said, "go on in the machine room and grab it." This perturbed me a bit (because the machine clearly had a label that said "Property of [not me]. Do not touch."), but I went in, took it, brought it home, and fixed it up. When I brought it back (with a new install of SuSe and the then newly-released 2.6 stable), the techs remarked that the owner's roommate showed up to see what was wrong with the server. Having been told that an unnamed individual was allowed to make off with the server, he threatened to call the police. The service provider's response to him was, (and I quote), "fuck off."
Gabriel's servers are hosted by Rednet Ltd, although that appears to be a defunct brand of a UK company called Opal Telecom, which in turn is a wholly owned subsidiary of Carphone Warehouse.
So his hosting company was the side-project of a prepaid cellphone company? He got what he deserved.
I wish I had a penny for every idiot that hosts with Joe and Bob's Basement Hosting Company and then bitches when the power goes out all the time, stuff disappears, etc.
Please help metamoderate.
To quote a favourite band of mine:
"But this feels so unnatural
Peter Gabriel too"
naah sig schmig
Stephan
http://stephan.sugarmotor.org
Fact is, due to inefficient software (and I am not talking about proprietary systems only) we are stuck with expensive machines. I wonder if more efficient systems such as Plan 9, not to mention Lisp and/or relational operating systems and machines, wouldn't enable us to have cheaper, and therefore less attractive to criminals, systems.
Leandro Guimarães Faria Corcete DUTRA
DA, DBA, SysAdmin, Data Modeller
GNU Project, Debian GNU/Lin
The company I work for has all of its servers in a secure colo. The place offers secured cabinets, secured cages with racks, and even does walled off areas of the datacenter floor with a secured door for high paying customers like Google. The facility is manned 24/7 with cameras all over outside and in. The rear of the facility is fenced and gated.
If you're on the roster for your company with floor access this is the process you have to go through to even get to your server:
-If it's at night, you have to use your RFID badge to get in the front door
-Check in with security and sign out for your key if the door is not a combo lock
-Security needs to buzz you through the first door
-RFID badge and finger print through two or three doors
-Iris scan in the man-trap to get to the datacenter floor
-Combo or the checked-out key to get in to the cabinet or cage
On regular intervals they check the people on the floor to make sure that you're suppose to be there.
I'm not saying this place is a fortified facility that can handle a team of insurgents. However, I'd feel that my equipment is safe from the theft I've been hearing about at some datacenters. For a cabinet with a 1Mbps commit data rate with an actual 10Mbps internet connection and IPs, it's about the same cost of having a T1 to the office.
For those that want to know who we use, it's Quality Tech.
Virtual everything around here is being stolen for scrap metal value: irrigation pipes, public statutes, road rails, roof flashing, etc.
I just read Slashdot for the articles.
You also need to pay the guards more then the Minimum Wage like the Chicago data center was willing to pay with then say that being able bring your own gun being a big plus in the job posting.
I'd say most places would fall into that description, so I can't say that it's surprising.I can think of very few places that really have the security to prevent an armed individual. Add the tiniest bit of social engineering and they are that much more 'successful'.
I will shred my adversaries. Pull their eyes out just enough to turn them towards their mewing, mutilated faces. Illyria
You shouldn't have posted as AC...you should take credit for a comment this great!
I'm picturing John Cusack standing in the rain, serenading Ione Skye with the fan-whirring and hard drive-clicking of a blade server held over his head.
Just once I'd like someone to call me 'Sir' without adding 'You're making a scene.'
Your data needs to be secure against:
* loss
* physical theft of media/hard drive/server
* interception over the wire
If Peter's box required a password to read his sensitive data AND he had backups AND a quick way to restore the backups and get back online, then he's in good shape. If he didn't then he could have prepared better.
Of course, if he really needed it, he could've gotten hot-failover with a data center in another city. That works well if your primary data center is taken offline by a small nuclear blast.
At some point though, you have to draw the line and accept the loss. If WWIII happens, if you are musician your server's data center is probably the least of your worries.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Sorry to reply with a personal story, but I once had a server in a secured facility in the downtown of a major city. I signed up with the place because on their web site it said "you get 24 hour secured access to your server". Amongst the many false advertisements, they couldn't offer me this because they didn't want commoners such as their paying customers to run amok in the data center.
So I take off on one columbus day weekend for a 3-day holiday. That friday night (midnight on a saturday), they power down my machine, move it to a different rack, plug in the wrong network port, and forget to power it back on.
I called on the monday at 7:00pm and mention there is a problem and ask if I can come check it out (20 minutes walk away from where I am) or if they can look at it. Since it's after hours, they say I can come in at 9:00 the next morning or PAY to have someone look at it.
So I go in the next morning to find out what had happened, fix it, then get on the phone with them about how they violated my contract in so many different ways while exhibiting gross negligence.
I'm able to get out of my contract, which had renewed itself after one year (this is called an evergreeen clause, NEVER sign one), but they were extremely resistant to refund my money, let alone credit me for the downtime or violations of their contract and service level agreement. I did, after two months, get back the money I had paid for the 5 days in that month I actually had service.
So, with all the building access, video monitors, locked entries, and staffed facilities where they don't let their paying customers come in unannounced or in the evening - my security was thoroughly compromised by their great incompetence.
Oh and prior to this they accidentally tripped power to the whole floor and didn't feel like mentioning it to me.
The longer version of this story contains more details of outrageous "are you kidding me?" moments.
point: go with a data center you can trust who has real people that will work to solve your problems instead of passing you around to people who can't help you. Also watch out for anyone jerking you around in sales or with contracts.
What? No link to his site?
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Dammit, CowboyNeal! I told you to steal Rick Astley's web server!
You could be right, I was just reading about that here.
Support Right To Repair Legislation.
Now that's what I call 0wn3ing a server. Hackers are getting more aggressive every day. The only thing more impressive would be if the hacker got his lawyer to get the courts to agree that he had the legal ownership of the thing. I wonder how vulnerable the law is to hacking?
In this Land of Confusion, only one man could be so evil to steal Peter Gabriel's hard drive: Phil Collins. Peter could probably fell it coming in the air tonight. (Oh! Lord!) But Seriously, (gotcha!) we'll see his true colors shining when the cops catch Phil throwing it all away. No son of mine would get away with that!
The Rapture is NOT an exit strategy.
Oh, they have a suspect but the only thing he'll say is I don't remember, I can't recall, I don't remember anything at all...
(n/t)
Everything I needed to know about life, I learnt from Blake's Seven
A rash of data center hardware thefts is the starting point for the cyber-punk audio book on podiobooks called Beautiful Red. Very good listen. http://www.podiobooks.com/title/beautiful-red/feed/
http://www-03.ibm.com/systems/z/hardware/z10ec/specifications.html
Because they weigh in at over 2800lbs and have a footprint of 30sqft.
Stop right here. The rest of this discussion is a mobius strip of really bad jokes using titles of the few Peter Gabriel hits as gags. There are literally more than 50 Shock the Monkey jokes in here.
Don't say you weren't warned before continuing on in this discussion. Run while you can!
blah blah blah
One of my clients has their on-site data center in an isolated basement room with 50cm thick, solid walls, accessible only through a single, reinforced steel door in a secured room above. Also, the data center has a pure nitrogen atmosphere. Signs on the entry door, as well as the door to the security room warn "Non Breathable Environment. Breathing apparatus required" Said apparatus is in a separate secured room, in built-in, double locked safes. Both secured rooms have guards on duty 24/7.
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
or is it just me...
Hackers have long memories. It works both ways.
Mainly because they're in my house... in Canada... on the east coast.
x86, oh yes, I'm pro.
You know, we all make typos. I do it a lot, and I've have posted several today by being too hasty.
But there's something inherently funny about misspelling the name of a DICTIONARY website TWICE in one post.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
My data center has 24 hour surveillance and theft deterrent. So far no one has stolen my servers.
No sig for you. YOU GET NO SIG!
So -- here's a question: can you bypass this issue entirely by basically having a virtualized server on a grid of machines?
:)
Then there isn't a single machine to steal. You'd have to go all David-Bowman-on-HAL, pulling everything out to actually steal the server.
And if you were on a particularly sizable piece of Iron, it might be harder to carry the thing off.
Physical security is still important, but it's interesting to see that entire machines might benefit from the same kind of security bits in general do -- if you want them to be persistent, you spread them across as much hardware as possible.
Tweet, tweet.
Peter Gabriel's web presence isn't just about his ( great ) music.
His Witness project, co-ordinating on-the-spot hand held video recordings of human rights violations, is imaginably a far more serious target.
http://www.witness.org/
from their site:
WITNESS was founded in 1992 by musician and activist Peter Gabriel and the Reebok Human Rights Foundation as a project of the Lawyers Committee for Human Rights (now Human Rights First). In 1988, Peter was part of Amnesty Internationalâ(TM)s Human Rights Now! Tour. He was struck by the stories he heard from survivors of human rights abuses and the lack of attention these stories received. Peter had brought along one of the first camcorder models and realized the potential of video as a tool against abuse; he noted that perpetrators of abuses were often brought to justice when photographic or video evidence of abuses existedPeter Gabriel is always looking for secure ways to stream video content from troubled spots to his servers that they may be archived and shared.
If this project was effected by this theft that is far more of a crime than what is being discussed here. even phil collins.
This is a good ad for Sealand or The Bunker.
Perhaps the concept of having you host on Sealand is not quite so idiotic after all.
I always wondered why they put the hard drives with the CPU units. It makes more sense to simply create a self cooled bank vault like unit that holds all of the hard drives and requires multiple people to access and or is setup on a time specific access. Setup the rest of the units so you can install cpu's etc and just plug in fiber array that accesses a series of hard drives dedicated to that unit. You could even setup a controller switch that simply dedicates specific arrays to differing Racks based on their usage. This would let you run websites at differing efficiency in regards to CPU power usage since you don't always need the latest xeon to run a big name website.
You could even setup a self programming algorithm that caches specific websites to specific racks during certain times of the day.
You can control the cooling, the data, and the processors all separately. Make the boards and CPU's easier to access and replace without having to worry about data security. You simplify the entire array based on needs and secure the data. You would also cut down on the security needs of the data center.
"If you have a problem, if no one else can help, and if you can find them*, maybe you can hire..." http://en.wikipedia.org/wiki/A_Team
*: not on the maps/your SatNav and bad layout of the industrial estate they're based in.
Because stealing a computer is punishable by death. Is your NOC in Saudi Arabia? Sure as hell sounds like it.
... it shows up on ebay