Took you guys long enough!
I've been reloading the page all morning waiting for this to appear...
BT's Mayfair exchange was burgled last night, leaving thousands of homes and businesses in central London without internet access this morning. The raid cleaned out routers, networking cards and fibre at about 9pm on Wednesday, Reg sources said. According to data at Samknows, the exchange serves about 3,000 residential …
"We were only borrowing the equipment so that we can advertise to BT better. As soon as we have a look at what types of network equipment they usually buy, we will be in a better position to sell them something they dont want to buy in the first place. Had BT opted out, none of this would have happened. Our opt-out notice is clearly displayed under the left front tyre of Mr Samson's car who lives in Green Oaks drive in lower East West London. Our methods bring better value to our customers - BT - and lots and lots of money to us. This was a legal trial - we asked our mate Joe at the pub, and he reckoned it was a great idea so long as we dont get caught."
Mine's the one that lost its Phorm because it got wet.
Now if they had read my book on Data Centre Security this would have never happened. I suppose I must get round to writing that book one day!
That's the problem with these new fangled routers - they are light enough for a single person to lift. Bring back thermionic valves style electronics I say!
Who on earth nicks that?
Maybe Virgin are finally going to increase the coverage of their cable network.
Although the incident does give a rough indication of BTs fault detection system. Alarms go off in another building, note left for engineers to investigate in the morning. Night shift go back to sleep again.
http://stores.ebay.com/SwitchXchange_Cisco-MGX-8000_W0QQcolZ4QQdirZ1QQfsubZ2QQftidZ2QQtZkm
the response we had from BT contained the following line in it...
"At 20:15 GMT on 10th September, the BT IP node site in Mayfair, London experienced a breach of security involving physical break in. This breach resulted in the removal of 38 network cards and caused service failures for our customers using UK VPN platform services. The cards were unlawfully extracted from live equipment racks and removed from site. In the process, extensive damage was also caused to BT fibres, cards and other equipment. "
"The police were alerted and this immediately became the subject of a police investigation and the police team were on site during the night, engaged with BT’s security experts. "
BT security experts.. huh??? experts... if they knew anything about security they wouldnt have let someone break into a datacentre and steel 38 line cards.. I mean how long does it take to remove 38 line cards..??!!??!??
So close to the City of London. Where the Police are investigating BT's relationship with one of their suppliers, and their use of routers, network cards and fibre kit to spy on their customers.
Or you might also suppose a supplier with a serious cash flow problem would want to recover the routers, network cards and fibre kit they had gifted to BT... particularly so if BT hadn't kept their part of the bargain.
:o)
"The theft was small scale and technical in nature and as no forensic evidence was left, it would have been difficult to frame any advice to BT about the burglary operation, and obtain any relevant consents for the removal of network equipment, with a wording that would have any resonance at all for theory victim"
Thats still no fucking excuse, 5 guys bowel up to my data centre with big rain coats, horn rimed glasses, and dodgy looking porn star mustaches and their goign to get told to fuck off.. or did the 80yr old half dead security gard not see them rolling in the sack barrow???
Okay.. so they get into the car park, through all the security barriers and manage to get to the main datacentre door. where there asked to wipe their muddy chav reebok classics. They then manage to get through into the datacentre itsself, and some how also into the racks that contain major routing points for UK VPN platform services and remove 38 cards and In the process, cause extensive damage to BT fibres and other equipment.
Fuck the SLA and any other soposed security procedures.. thats sheer and utter Incompetence.
You have a cotton picking, darn-dastardly, good point there!
We hear about DR this, and DR that, but even the 'big cheese' of British communications didn't have a DR plan or BC policy...
Shocking!
But a damn good point, well highlighted.
@AC RE: Steve Evans"
Poor fella, now get back to work, you! ;o)
Well it took me 3 phone calls this morning to find out about this...
Got told originally that it was a fault with our equipment, then they couldnt find my Company on the system, then they insisted they couldnt help as I didnt have the "S" number...
3rd call was the lucky one, where they actually couldnt of been more helpful... apart from maybe having a Disaster Recovery Plan...!
Still not up and working here.
I'm surpised that Guy Richies Snatch knocked nearly 8000 circuits off. I wonder if thats why there's all those rumours about her Madgesty.
Oh, and a point of note, we've not been advised that Fibre has been stolen, merely damaged (I suspect cut/pulled/broken to quickly release the cards).
Aren't these pics in breach of the OSA 1911 Section 3?
==
3.Definition of prohibited place.
For the purposes of this Act, the expression "prohibited place" means--
[F1 (a)
any work of defence, arsenal, naval or air force establishment or station, factory, dockyard, mine, minefield, camp, ship, or aircraft belonging to or occupied by or on behalf of His Majesty, or any telegraph, telephone, wireless or signal station, <snip>
==
More at http://spyblog.org.uk/2008/06/restrictions-on-photography-in-public-where-are-the-prohibited-places-designated.html
br -d
Actually Ive helped dissassemble an Exchange with older equipment,
Give someone 10minutes with the line-card rack and you would be looking
at somewhere between 10 to 20 cards removed,
depending on how quick the person got used to card removal...
so all up maybe 30-40 minutes to strip the equipment into a sack and leg it...
speaking of which I can personally strip down either of my own machines
and rebuild it (including PSU removal from the case with everything else)
in about that time if I am *really* in a hurry or totally wired up on sugar :)
<< Icon is Tux because my systems are all set to something I can use
without needing to deal with a lawyer first :)
No. Your snip removes the key part of the sentence.
"any work of defence, arsenal, naval or air force establishment or station, factory, dockyard, mine, minefield, camp, ship, or aircraft belonging to or occupied by or on behalf of His Majesty, or any telegraph, telephone, wireless or signal station, or office **so belonging or occupied**,"
BT exchanges are neither property of - nor occupied by - the crown.
- Chris
"Stolen To Order?
By Rick LeemingPosted Thursday 11th September 2008 10:26 GMT Somehow I don't think this stuff will end up on ebay. Or alternatively it's someone who has finally had enough of BT's level of "Service".
"
i dont know about to order but IF therewas any Phorm DPI/layer7 kit taken then THAT WOULD EB WERTH A LOY OF MONEY to some blackhat or criminal gang as it will have all their custom code in it...
as i understand it, it you have access to this then it makes it far simpler to find and exploit any 0day options later....
neologic, I take it you've never done any work in a telephone exchange!
These places are not typically manned out of hours, if manned at all. The last exchange I worked in the physical security consisted of the usual stuff (swipe cards, that sort of thing) and a video camera; the door locks were released remotely after you'd phoned the security people and they'd clocked you on the video cameras.
Telephone exchanges are a long way from being 'data centres', even in this day and age.
Given that your modern high-tech thief's idea of a wiring tool is a set of bolt cutters, I'm quite sure they could be in and out well before plod or anyone else was on the scene.
I always thought these kind of premises, you know, vital to communications and the like, were belled up to the max. And also, wasn't the interweb invented (DARPA) so that no single node knocked out could bring about communication breakdown? (Yeah I like Led Zeppelin too).
And WTF are these people doing nicking highly specialised network cards? Is there an abundance of precious metal in them that can be extracted at Peckham Scrap Metal? (I quite liked the comment about the Irish Exchange announcing an 'upgrade' though).
My flabber is truly ghasted.
the exchange itself is, I believe, on the first and second floors, the rest of them being occupied by some chunk of BT's other operations (I have a feeling it might be wholesale, but I wouldn't swear to it). There are doors into the exchange area served by the main stairwell, which also includes a lift shaft, which comes out at ground level into a teensy reception area directly behind the door into Farm Street, which is next to the pub. The street itself is VERY quiet even in the middle of the day, to the extent that there's a sign on the inside of the door saying something to the effect of "Please don't slam the door, it pisses the neighbours off". I didn't make a detailed survey of the security measures.
Anyway, the upshot of all this is that I would very strongly suspect an inside job: it really wouldn't be that hard to get a few mates in through the front door, set about the hardware, lump it back out to a waiting BT van and make good your escape.
Coat as in helping oneself to the contents...
>I would very strongly suspect an inside job
Couldnt agree more, smacks of someone getting an OBASS card as a contractor and hanging on to it for use at a later date.
Oh and all those snotty sods on the proverbial high horse about how their datacentre has armed guards, starving rotties, minefields etc. for security, please consider this: Its an exchange NOT a datacentre.
By law BT have to give equal access to ALL CP's and their contractors, anything less and OFCOM would be jumping on throats. This means that security can never be as tight as everybody would like.
This is a serious incident but small beer compared to the thefts that are being made of cable throughout the network, copper fetches a good price and its being ripped out of the ground almost daily.
the exchange affected a lot of businesses that connect into london including government. I work on a servicedesk for gov dept and we were mostly out of business until about 3pm. w couldnt get into systems and remote offices could not connect to london.
re kit stolen , what are they going to do with it ?? I think it will leave country. theives maybe have ££ in eyes and dont know that if connected will be seen and if sold abroad it is throw away as cisco will want ££ for support and they know who they sold it to !!
Imagine buying a stolen porsche abd the first time it breaks down being told that thay wont give you the parts or help !! (and the local fuzz come knocking on your door )
This stuff seems to be all local Final Mile routing stuff, so if there was any redundancy it was probably in the same building and stolen too. Despite all of the talk of the internet being redundant to route around failure, every residential node has ONE final connection to the rest of the network, and that's what they took - the entire exchange's worth of final connections.
Hard to blame BT for this, or even accuse them of incompetence - sometimes the cost of preventing any and all crime costs a lot more than the crime itself would be worth...
@ Chris Williams - the key part of the Spy Blog article is actually the reference to rhe
Communications Act 2003 section Schedule 17 para 2
http://www.opsi.gov.uk/acts/acts2003/ukpga_20030021_en_59
"Official Secrets Act 1911
2 For the purposes of the Official Secrets Act 1911 (c. 28), any electronic communications station or office belonging to, or occupied by, the provider of a public electronic communications service shall be a prohibited place. "
This certainly does cover a BT telephone exchange.
Luckily for you, and for all the tourists who take photos of the BT Tower, the Official Secrets Act 1911 power of arrest was repealed by the Serious Organised Crime and Police Act 2005, along with a dozen or so other obsolete powers of arrest (although the authorities now seem to want to reinstate these), and requires consent for prosecution to be given by the Attorney General.
- BT did have redundancy and contigency in place, an automatic switch over to Ilford took place immediately.
- Only cards were stolen, damage was done by the forced removal of said cards.
- Have a chat with the regulator about not allowing other line operators and their sub-contractors into BT Exchanges?
- Establish all facts before gobbing off?
- Remove foot/feet from mouth if you're an ignoramus talking out of your ar$e.