Crappy security
at this data center.
Many security breaches involve leaks, but not perhaps in the same way as one revealed by noted security consultant Andrew Tierney, who managed to gain unauthorized access to a datacenter via what he delightfully terms the "piss corridor." Tierney, who works as a consultant for security services outfit Pen Test Partners, …
This post has been deleted by its author
Yeah, I'll take a Robertson or Torx any day over Phillips. And slot-head screws should only be used for decorative purposes. Years ago I had to assemble an outdoor shelter using slotted screws, and the number that were ruined by the driver camming out... ugh, it doesn't bear remembering.
Ah, similar to the venerable BR key, still used to disassemble locomotives, and access all manner of interesting things on railtrack premises.
Do NOT get caught by BTP with one, or they'll ask pointy questions. (sparky, i have one because the square section fits loft hatches and door locks where someone's removed the handle, it's on my set of fire brigade keys, not my everyday carry)
>Do NOT get caught by BTP with one, or they'll ask pointy questions
When I was a consultant I kept a kit in my car for all those times the failing equipment was behind a locked door and no one on site could produce a key. Lock picks, security bits, various 'universal' keys, tools for disassembling security hinges, etc.
Aaand then I got pulled over for speeding and the cop saw the bright orange Pelican with a tongue-in-cheek 'Burglary Tools' stenciled on it in my back seat.
Whew, boy. Five minutes of explaining, twenty minutes of sitting while he made sure I had absolutely no warrants, another five minutes of re-explaining, and then he wanted me to run him through what I had in there because he was interested.
Got out of the speeding ticket at least, but I painted over the stencil and renamed it the 'Lock-out Kit'.
Not sure why railway types get so shirty about people having these T keys, pretty much every coach driver I've ever met has at least one because they're used to lock all kinds of panels and lockers shut on coaches and buses... I think they sometimes forget it's a common solution to a common problem!
I once worked in a 'secure' research centre where the actual work was done behind a key coded door. However, during maintenance we found out that the void beneath the false floors outside and inside was continuous and the space was about 60 cm high, the tiles could be lifted from above with a small lever (e.g. a screwdriver) and from below just by lifting them, so you could in principle crawl past the locked door from outside.
...but 60cm seems like a hell of a large space to me!
Only 60cm? I've worked in a few DCs with deeper floor voids, so easily deep enough to crawl through comfortably. The first was for a large mainframe site, and asked the facility manager why. Answer was because it used forced air underfloor cooling*. And being a big IBM (ok, Amdahl 5990-1400E) shop, the floor void needed enough space to accomodate massive channel cables that were probably 3cm in diameter, with brick-sized connectors, plus all the thick serial cables going to channel controllers, FEPs etc.
So it allowed decent cable routing & management, without restricting airflow too much. Plus it made it easier for us to do the human ferret thing and crawl under the floor dragging cables. And despite being a secure DC with an even more secure room inside it, we could crawl into that room because the drywall only went as far as the floor tiles. That got fixed by adding sheetrock under the tiles.. Which we then improvised some cable routes with a couple of large screwdrivers. High security doors and mantrap entrances may impress manglement and clients, but won't defeat a determined attacker who can make their own entrance using a skillsaw or a large hammer.
That was a fun introduction to big IT and DC design. I also learned that a lot of DCs since shared the same problem. Plus other incipient risks, like using non-plenum rated cables between fire zones, and the challenges of creating fire stops that could be easily managed if new cables needed to be run.
*Naturally we abused the underfloor cooling and used it to keep a couple of slabs of beer cool under the floor of our comms room inside the DC.
Hopefully the toilets are not upstream from the air source.
===
I used to work at a place where the inflow fans were located behind our premises: in Drummond Street*, NW1. You could usually tell when the curry houses were getting ready to open.
*Street name mentioned as the area is well-respected by curry lovers.
Current working location, very large, very old building. Was on the 'third' floor with an FM team to work out where we could possibly run some cables (assuming the 'aboves' would even let us once they saw the plan; they didn't). The FM guy, popped up the floorboards in the corridor and I was expecting maybe a one- or two-foot drop to the ceiling of the floor below, and maybe some rafters and old conduit running around. Nope, it was about eight feet straight down to a solid concrete (?) layer you could walk around on. You could have lived down (up?) there.
A/C b/c location.
My mum's house and all houses in that street were on wooden suspended floors with a 2 ft 6 inch (say 75cm) 'crawl space' below the floors, in which the ancient lead water pipes were run from street water cock to under sink and water store (large diameter day tank holding at least two day's supply in case of water problems) built in mid 1850s.
Absolutely no problem in running modern electrics from room to room.
There was a Telco *unmanned* Data Centre which I had to visit often where the outer wall of the building was literally next to a public pavement (within 50cm or so) and the card-activated door opened outwards.
On multiple occasions as I was about to use my access card I noticed that the door was already sitting about 2-3cm ajar. It seems that sometimes when the door closed (via typical "auto close" mechanism) sometimes it "bounced" and never actually closed. So the open door would be in full view of anyone walking (in one direction) along the pavement.
There were allegedly sensors in place that should have detected any such "door open" events and triggered alarms at the off-site security monitoring station but either that was not the case or else security routinely ignored them.
I have that in the flats where I live.
The delay between the holding magnets de-energising (fail safe rather than fail secure) when the door release is pressed and the magnets re-energising can be a little too long at times.
Result - the door can "bounce" off the door jam and the closer then doesn't close it back to within "grab" range of the magnets when they re-energise. Thus the door remains "unlocked".
I used to work for an access control company. Was at one site where they wanted the door ajar alarm set, which I did.
Turns out that they had a painter working the same day and so kept leaving doors open.
Was asked to turn alarm off, no idea if it was ever enabled again....
Server room in an ancient building had an unlocked (unlockable?) door which opened onto a vertical shaft with a rails-and-rungs metal ladder "fire escape" bolted to the brickwork.
I discovered this shaft from opening a door in a disused storage room on 7th floor, went down the ladder (I'm a bit of compulsive explorer) as far as it went: a second-floor balcony, from which you'd have to jump to the ground in case of fire. Climbed back up to the 7th floor. Oops, that door autolocked. Down to 6th floor, tried the door, which also was locked. Down to the 5th floor, tried the door, and, bingo, hey, here's a server room!
I slipped an anonymous, typed note into security's in-box, but never dared risk my job to return to see what they'd done about it.
Quite common in installations with BTW (back to wall) toilets and the (concealed) cistern hidden behind the rear wall of the cubicle.
You either need to have "maintenance" hatches in every cubicle, which can potentially be opened by unauthorised people to give access to nice hideaways for illicit materia/itemsl, bombs etc.
Or you have a maintenance "gang way" running behind all of the cubicles giving access to all the otherwise inaccessible cisterns, water and sewage services. And electrical control gear for those "no contact" proximity flush things.
The problem here seems to be that someone forgot about the security of the maintenance areas.
I remember many, many moons ago whilst working for a company that liked to keep a tight control on 'expensive' office supplies (think boxes of floppy disks), they decided to lock everything up in a small room - with an 8 foot wall which could easily be climbed over due to someone deciding it would be also be a good idea to put filing cabinets up against said wall. Both sides.
By building one larger restroom and splitting it to serve both sides.
If you want to build something secure, start your plan with a reinforced concrete box with concrete floor and ceiling, then justify and fully secure every opening in that box.
It has to be that, doesn't it. The clever security experts doing the planning probably thought they were above thinking about toilets and the bean counters controlling the overall build wouldn't want to spend the money on two separate sets of toilets unless the security experts specifically demanded it, is my guess.
True security requires a Faraday cage integrated into the walls. Worked in a few, so secure they even had power filters designed to prevent the electrical wiring from being used as an antenna, with regular testing to make sure nothing electrical inside could be detected outside.
How about fire sprinkler pipes?
"Don't Look Up: Ubiquitous Data Exfiltration Pathways in Commercial Spaces" by Anku Adhikari, Samuel Guo, Paris Smaragdis, Marianne Winslett (arXiv, 2022).
Abstract: We show that as a side effect of building code requirements, almost all commercial buildings today are vulnerable to a novel data exfiltration attack, even if they are air-gapped and secured against traditional attacks. The new attack uses vibrations from an inconspicuous transmitter to send data across the building's physical infrastructure to a receiver. Our analysis and experiments with several large real-world buildings show a single-frequency bit rate of 300Kbps, which is sufficient to transmit ordinary files, real-time MP3-quality audio, or periodic high-quality still photos. The attacker can use multiple channels to transmit, for example, real-time MP4-quality video. We discuss the difficulty of detecting the attack and the viability of various potential countermeasures.
https://arxiv.org/abs/2206.12944
Quite possibly it was originally drawn up with a partition wall in that access corridor but after security had signed it off, the builders realised some building regulation required that a soil pipe can't go through a different property or inaccessible area and as they didn't know why a wall had been specified anyway they didn't build it.