So...we'll be stripping out all that Cisco kit......
....you know, the internet backbone stuff with the NSA/GCHQ backdoors?
*
Oh, sorry.....just remembered that those backdoors are for the so called "good guys"!!!
A Huawei phone mast is to be installed next to a secret MI5 data centre, despite government directives to strip the Chinese company's equipment from UK mobile networks in the next seven years. The mobile mast is to be built at a West London location across the road from a Security Service bit barn – no more than 30 yards away …
@DavCrav
*
Link: https://drive.google.com/drive/folders/1MfK8-Fv5Y7rcRz1Cp_swsZhJcgcILmyd?usp=sharing
This looks interesting. If this sort of code is used BEFORE using an end-to-end channel,
snoopers will get something like this (see below). (And that would be ANY flavour of snooper - GCHQ, NSA, Russian, Chinese........)
Simple single file source code, less than 1500 lines of code.
Looks like the cipher text might be difficult to decode....even with the source code.
*
0JAY1Oui08hv0s6f16uc0Pxf1FtY100S1kvz1B2h
0LkF1Dy81JSq1mtQ1Twt1HoG0oCk1lcU0cRB0NmC
0LVC1LSh0Ccp01EN1DAU1Fgm0$Qr0uIo0kV40F0i
0GX5053M1WnQ0XxK1d0M0da=0Hnk1FoA0FK90NF6
1keW1E0y07p90EKn0wWf1JpQ1BOI1CkB03$n1iRY
1DNn0Z1o1fma0TUP0dyS0nKf1SSJ0TjK05jp05CC
1Qyv0P$y1XJC0Bm0129c09RE0u4S0NO21N0K0cdR
1jn91L8j15MH1Uhj0lr31Y6U1Yk700Hv1WDY1Dgu
0hmc1Pbh0IOD1Sry0sqq005z1XzB06Jp0Unf0NM9
1Xp00NL40tPZ0RWy065a0AL20H$G1GyU0SHu0aWI
1hA60kUm0f1z1a8r0c8i1RZI1KIg06jC0tyz0EoY
1Tec10HW1fTw0EQm0OlS1eLl0x3b1Uk10M1w0cHK
1To717BM1GqD15jC1gXd0YKy0Ry$1mEn0JNO0qwu
1EtP1XrV04hO1R3f137T15XJ1gub12W91WI80NUn
1QP21TA214HG0Tyw0A680rwK1JyG1Cqz1RvX1XXE
0s9f0FNE1B6b0Vlq0KiX0Fd409We08CP1TaC1Mbx
0G0=1Xap0v9l1iPs0kWS0XDJ19J10OZ80vAm08rV
0OKz0jn31lMS0yCZ09qG0urT0xh70z1$0pec0mqw
1RZ703tN0TUN1Xtr1HVH1QZZ0EQg0OBh0D6z1ixS
1SR71C0P0B=g09FB1Q9=15W80fSq1GyL
*
Achtung!
Alles turisten und nonteknischen lookenpeepers!
Das maschine-kontrol ist nicht für der gefingerpoken und mittengraben! Oderwise ist easy to schnappen der springenwerk, blowenfusen und poppencorken mit spitzensparksen.
Der maschine ist diggen bei experten only!
Ist nicht für gewerken bei dummkopfen. Der rubbernecken sightseeren keepen das cottonpicken händer in das pockets.
Zo relaxen und watschen der blinkenlights.
Maybe the MI5 DC meant there was a gap in their coverage there (either because they'd avoided it in the past or MI5 picked the spot because of that), so when they looked to fill in those gaps the centre of the gap seemed the natural place to put it. Which happened to be where the data centre was.
At school we had a few spots were a switch was installed with 1 cable in, 1 out, because the 4 put switches and the unshielded cable did not approval, but the shielded cable necessary to cover the same distance without switches or other repeaters was too expensive and would have to go through the (lengthy) tender process.
The fact that this solution was well over twice the cost didn't matter because the individual parts were below the threshold so could simply be bought off the shelf.
Although local councillors and planning officers were told of the new mast's precise location, MI5 did such a good job of being unobtrusive that nobody in local government appears to have realised the implications.
Or why local government planning departments would need to know. They might know it's a list X site, or they may be blissfully unaware. So just follow usual planning processes, publish the application and see if anyone objects. Then the objection may go to BT's liason folks who might then quietly withdraw the application. Or the spooks may be ok with the idea because they've done a risk assessment and decided it's not.
Is yours the one in the Faraday cage?
No, and Mr Faraday is just fine in his cage. Human rights cease upon death (ish) & thus a reanimated version is our intellectual property.
But cages. Best way to identify a suspicious data centre is not via the planning register, but by checking for permits to keep wild animals*. So if generic industrial unit has licences to keep leopards and sharks.. they may be bitbarns of interest.
* Sysadmins require neither permits nor licences. Yet.
Anything that can be hacked by mere proximity to the building is insecure by definition.
If you can do anything inside that you don't want people outside to know, or vice versa, you have to take more precautions than "Can you just move that a bit further away, thanks lads".
And if everything is not completely encrypted and in a radio-dead-zone (whether by not allowing radio devices in or out, or by shielding) then it's game over anyway. Someone could stick something in a lamppost and get the same effect and you'd never know.
This is "security by proximity" (assuming that you have to be near it to be secure, or conversely that anyone far away can't access it), which is worse than "security by obscurity".
Agreed. If the equipment inside the data centre can be compromised merely by sticking something outside the data centre, someone has done something badly wrong in the design. At the very least, I would have thought the data centre would built with something like a faraday cage (maybe in the structure of the walls) to prevent EM radiation.
Shielding a room is straightforward and not outrageously expensive. Shielding a building is somewhat more difficult; window film is definitely a thing and helps but according to the datasheets I can find it provides 40ish dB of RF attenuation (vs. 90ish for a shielded enclosure), so it works with rather than instead of physical separation.
If the Security Service somehow didn't have a plan for mitigating such attacks, they'd be utterly screwed because anyone with a river-view room at the Doubletree next door and a telephoto lens has a great view into the back side of Thames House. (Decent hotel, but I haven't stayed there since it was the City Inn.)
Sensitive equipment and locations are shielded to prevent eavesdroppers from deducing data from spurious emissions, power line fluctuations and the like. Its been standard practice for many decades.
Don't you find it a bit worrying when you find people who are supposed to be technically knowledgeable repeating voodoo? Politiicans are sort-of allowed to be ignorant because they're supposed to know experts that can give them this information. However, its becoming increasingly obvious that we've lost it -- I can;t believe the level of crap coming from senior politicians and experts these days. (....and you think that this kind of studied ignorance is going to make your country competitive?)
FWIW -- Getting R/F into a generic data center is impossible. The buildings are too well shielded and too noisy. This has been a bit of an issue to get precision timestamps for system performance monitoring because the best source of those timestamps is GPS.
Well-shielded, or just a ton of metal in the way? GPS is easy; put an antenna on the roof and done. Unless you didn't plan for needing to know what time it is and failed to contract for the appropriate roof access, in which case you are bad and should feel bad.
The general relativity necessary to use the GPS system isn't that difficult, but everyone's using the helicopter icon in this thread already so science guy it is.
This post has been deleted by its author
I'd put three GPS units on the roof in different areas, feed the signals via fibre-optics into the building and then compare the signals before trusting anything. I'd keep a couple more units in the basement and swap them with a roof units at intervals to make sure the outside units don't get hacked.
I'd put three GPS units on the roof in different areas, feed the signals via fibre-optics into the building and then compare the signals before trusting anything. I'd keep a couple more units in the basement and swap them with a roof units at intervals to make sure the outside units don't get hacked.
Not always that simple.. Especially in shared datacentres eg London Hosting Center, where you may be err.. powerless to do that. Challenge is your collo provider may be sub-letting space on a floor which is leased from another provider in a building owned by someone else. Which means getting permission can be a major PITA, along with getting costings. Especially given roof rental is a thing that building owners profit from.
And then there's paperwork. Like risk assessment, method statement, proof of insurance and proof that the installer has completed the safe working at heights course & won't sue if they fall off. Which can be less of a risk in large data centres given their height, although someone could still sue on the deceased installers behalf.
And then there's more paperwork, ie what procedures and charges should apply if you need to get back on the roof to test/replace any kit up there.. Which may mean being accompanied by someone from your service provider who's safe* to accompany you.
*Back in the day, it was fun sunbathing on the roof of Telehouse while waiting for BT/spares/Godot. Which involved either playing cat & mouse with Telehouse security, or checking if one of the helpful ones was on duty first.
1. Huawei would not have made the decision on where to locate the mast. BTEE would have made that decision.
2. If the location is "Top Secret", BTEE wouldn't know about it, and would have made the decision purely based on a review of their coverage map.
3. If BTEE are aiming for (semi) decent coverage, and Huawei are their preferred supplier of masts, it is pretty much inevitable that this would happen.
Our son went to a new high school that was built around an office block that was originally designed for a company involved in developing electronic warfare equipment. On the surface the original building looked like a generic office building but on closer inspection you noticed that the windows had an unusual architectural 'sunshade' around them. This was to prevent people looking in -- from sattelites.
The company was active in that facility in the 70s and 80s. It was sufficiently secretive that its actually difficutl to find information on it, just the occasional reference in obscure government documents, and a search isn't helped by there being a similar sounding company that makes relatively benign equipment based on the other side of the country at that time. So -- sometimes reality is weirder than the most outlandish conspiracy theories.
(Incidentally, the basement of the facility included a high security meeting room, the sort you might see in a spy movie. It was removed when the facility was converted into the school.)
I have worked out that 'Extremely top-secret' means in effect that we poor British people, don't know what the rest of the world is intimately acquainted with.
If we want to know what's going on in the UK. we need to ask a foreigner. Preferably, an enemy foreigner - or an American.