Peter Gabriel's Web Server Stolen
According to Peter Gabriel's web site sometime on Sunday Night or Monday Morning their web servers were stolen from their data center.
I wonder if they broke in with a Sledgehammer? Or if they were Quiet and Alone? I wonder if the RIAA will sue the thieves for stealing music?
Ok, enough jokes....
Kind of makes you wonder how they got in....or does it? I've been speaking to several colleagues lately who either currently perform social engineering engagements or did them in previous lives and it is amazing to me the areas of buildings that they have been able to access and the confidential information that they have uncovered just by every day, common techniques that we all do: tailgating, acting like you misplaced your access badge, or just looking like you belong somewhere.
Then once they were in the data center, how did they access the cabinet that the servers were in? Many cabinets go from the floor to the ceiling or have safeguards in place to prevent the cabinet from being compromised from on top. They should also have at minimum either a keylock or combination lock (or both), not to mention that the data center should also have security cameras covering every square inch of floor space.
We talk about proofs of concept very frequently where the occurrence of one crime is a finger pointing towards the potential occurrence of something much more damaging. This is definitely one of those types of crimes. If it can happen at this data center, what is to say that this same thing couldn't happen at any number of others as well? What security policies does your data center have? How well do they follow them?
We make a lot of assumptions with regards to the security of data centers, but all the technology controls in the world don't make a bit of difference if they can easily be bypassed.
Posted by smasiello at 12:48 PM | Link | 0 comments
Comments
No comments found.
