Schneier on Security
A blog covering security and security technology.
« Interview with Sandia Whistleblower |
| FBI Issued Illegal National Security Letters Under USA PATRIOT Act »
March 12, 2007
Al-Qaeda Plotting to Bring Down the Internet in the UK
This sounds so implausible.
If you find any follow-up stories, please post them in comments.
Posted on March 12, 2007 at 11:35 AM
• 66 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
*“servers��? , the boxes which contain the information that makes up the web.*
Doesn't sound like the journo knows that much about the web...
Um... what? I must say, that article is an unintelligible mass. From what I can get, they were planning to hit a major colo-site? And that colo was a single point of failure for a large number of businesses? Thus rendering it not really all that "co-located"?
@steve: So, yeah. I guess that is a single point of failure. That doesn't seem that bright.
*“servers��? , the boxes which contain the information that makes up the web.*
If you can think of a better one line definition for a server, aimed at the general public, I'd like to hear it. I think his definition is a good one for the audience and the length.
Wasn't this part of a plot in a recent novel by Richard Clarke--blowing up the connections on both US coasts where the Internet comes ashore.
Bruce, I trust you've made backup plans to mail your blog to me in case of such an event here. Hey, we'll become penpals.
What is a “web hotel��?? And why does the journalist use so many quotes?
"Last year MI5 uncovered intelligence which suggested that Islamic terrorist suspects had carried out reconnaissance of the huge Bacton complex of gas terminals on the Norfolk coast. The threat led to the deployment of armed guards around the plant."
So there were no guards before?!?!?!
Al-Qaeda is getting silly. Who cares about the Internet?
It's probably not the most likely target, nor would it completely destroy Internet infrastructure within the UK but the loss of Telehouse would cause major problems and the security is not that great in comparison to other datacentres.
Why isn't this plausible. Most companies don't have fully redundant data centers. Disabling any large commercial colo center would cause quite a bit of inconvenience. Even assuming everyone had disaster recovery plans, it would not necessarily be painless.
Targeting the international data links would cause problems as well. By nature, they are concentrated into a few cables and hitting one or more of them would also cause quite a bit of inconvenience. While there may be alternate routes, the traffic would need to be rerouted and capacity issues would certainly need to be considered.
Doomsday, it aint. But it would make a reasonbly visible effect.
Does this now mean that we can't bring any Internet enabled devices on planes anymore?
Do people run in panic every time Windows crashes?
Many years ago when I was at uni (erm... 12 years back almost now) a few of us were surfing the net and suddenly it all went down except the university next to us. Turned out some idiot in a JCB (er.. backhoe for you Americans) took out the router that everything seemed to go through. I hope they have upgraded since them with redundancy but doubt it somehow so yes I think this would work!
"The discovery led Eliza Manningham-Buller, head of MI5, to set up the Centre for the Protection of National Infrastructure last month. It is a special MI5 unit to help to protect “infrastructure��? sites from terrorist attacks, such as telecommunications, the internet and key utilities such as oil, gas installations and nuclear power stations."
Uhm... they set this up last *month* ?? Have these people been sleeping since the whole "conflict with verb" started?
I'm now sure how implausible an attack it is though. Britian is certainly a relatively importabt hub for internet traffic, and being an island makes them (in my opinion) more vulnerable to this type of physical attack.
What an amazing load of hyperbole: "The internet plotters appeared to be planning to infiltrate."
It's not that they _were_ planning, or that they had even begun with their infiltration. It's like I appeared to be planning to rob the supermarket, just because I had a grocery shopping list on my desk.
Two paragraphs later, they talk about protecting "key utilities such as [...] nuclear power stations," just to drive home the fear factor.
The Internet was originally a project of the U.S. Department of Defense and had redundancy built-in to continue to provide military communications in the event of nuclear war. Is the Internet as robust today? I have read that it even more so. If that is the case, there is nothing to fear...you will get your porn even if there is an Al-Qaeda attack.
The point of terrorism isn't to bring down the net, it's to cause terror. An interruption in service, even one not noticed by the general public, that involved destruction would make a jittery public all the more jittery.
Indeed, planning a terrorist act and having those plans discovered is almost as good as doing the deed. Who needs martyrs when we have the Patriot Act to keep us all scared?
Are we sure this article isn't talking about an Internet peering point?
I don't understand why they didn't give the story to a journalist who has some understanding in computers, on top of using Word.
BTW, at least there will not be e-voting in the UK as far as the US Government Audit Office is concerned:
Wasn't there an earthquake a couple of months ago that took out Internet and phone in Asia Pacific, because some key circuits got smashed??
Well I think it is very bad design in the first place to have a choke point at the UK's hub to the net.. There should be redundant systems in place to provide transparency of failure. As mentioned in the article the telehouse is there as a back..well we need more backup so the bad guys can't get them all easily!
> This sounds so implausible.
That the people were al qaeda associates?
That they were planning to damage the place?
That they could have accomplished their goal?
That the police are disclosing honestly?
That the loss of a major peering point woudl harm the internet?
The ARPANet had redundancy. The internet of 2006 has instead cheap high-bandwidth backbones. We've taken the decision (conscious or unconscious) to swap survivability against war-scale outages for lower priced bandwidth from the major hubs. Just compare topology maps then and now: from a past that was a graph of many largely equal-bandwidth links we're now down to what are almost single trunks between major areas.
Telehouse is indeed a massive target on a par with attacking the Stock Exchange datacentres, but without the multi-site redundancy. The past history of Telehouse's robustness to people kicking the plug out of the UPS is also less than confidence-inspiring...
"Uhm... they set this up last *month* ?? Have these people been sleeping since the whole "conflict with verb" started?"
No, this is typical New Labour spin. The effort already existed under another name. I, and others, was talking to the CNI people years ago about, among other things, the vulnerability that Telehouse North presents. These discussions started well before 9/11; we've had the IRA for years.
This is something I can speak with some authority about as I've been plumbing bits of the UK Internet since '96. Telehouse North represents something close to a critical failure point for the UK internet. The area it is in, London Docklands, *is* a critical failure point for the UK Internet. Ninety percent or more of the UK colocation space is within 1.4 miles of Telehouse North (THN is at the NE extreme of this area).
However, many people have a presence in Telehouse North and it's the de-facto 'meet me' colo for London and the UK. Also many providers have much less redundancy than they'd like to admit to and many do have a critical reliance on Telehouse North. This is an open secret in the UK Internet industry.
Telehouse North actually represents one of the more physically resilient targets of the colos in the area. It was originally bespoke constructed as a mainframe disaster recovery site and was literally designed to withstand a plane strike gracefully. Other colos in the area have been adapted from ordinary office buildings.
Actually, for disruption potential there are other buildings in London that would have a much greater impact on communications infrastructure if they were targeted. Much of what passes through Telehouse will have first passed through BT's principal SDH nodes, as will broadband tails, phone circuits, carrier interconnects etc. Locating these is left as an exercise for the student.
@Frank: "That the loss of a major peering point woudl harm the internet?"
The vast majority of peering in the UK happens across the LINX. The LINX infrastructure is distributed across seven different colos using two redundant networks. It was designed this way *exactly* to avoid the Telehouse North single point of failure. (The very original LINX infrastructure was a single Ethernet switch in Telehouse North.)
Disclosure: I used to be a Director of the LINX.
From the Times article: "The Telehouse hub is nicknamed CTU after the counter-terrorist headquarters in the American television series 24. It is designed to provide back-up power for all Britain’s vital network services in the event of a large-scale terrorist attack elsewhere."
I can assure you that entire paragraph is, as our North America cousins put it so colourfully, pure Bull Puckey.
So, how did they get the AQ folks to squeal? Did Jack Bauer go all Dracula on one of their more squamish associates?
Talk about 'security theatre' - not even Tom Clancy could write Bull Puckey this good.
Why release this information now? Any terror-related votes due in the Commons?
Be vewwy vewwy qwiet--we're hunting tewwowists.
We outsourced one of our operations to Logica, who were offering a live-live hosting solution. One set of boxes lived in Telehouse in Docklands, the other at the Hatton Cross data centre, which is (more or less) at the end of runway one at Heathrow.
Both locations have had very real terrorist operations target them (the IRA, not AQ) so eyebrows were raised, but then lowered when the RFQs came in.
There seems to be some confusion about the nature of this "hub". See the section on "About collocation" [sic, the spelling varies around their Web site] on Telehouse's site here:
It appears to be a data center, aimed at customers whodon't want to have to run their own data centers. I can't find anything in there about redundancy-- so yes, it does seem to be a single point of failure. It also mentions that for some customers, it's their only presence in the country, so we're talking about a single point of failure for some number of businesses outside the UK as well.
"It appears to be a data center, aimed at customers who don't want to have to run their own data centers."
I'm shaking in fear for those businesses. Next they'll be painting mustaches on billboards...where will it end!
>Disabling any large commercial colo center would cause quite a bit of inconvenience. Even assuming everyone had disaster recovery plans, it would not necessarily be painless.
Al Qaeda's old mottos:
-- Destroying the Great Satan.
-- Jihad brings death to infidels.
Al Qaeda's new mottos:
-- Inconveniencing the Great Satan.
-- Jihad brings not necessarily painlessness to infidels.
Sounds like Ontario, except replace THN with 151 Front St. W. Bonus points for almost all of Canada's international telephony (and a good chunk of domestic and local) being routed through a CO that's maybe an entire 1/4 mile away if we're lucky, which is another "open secret" in the local tech industry.
@ J Random Infidel
I get your point, but I've always assumed that terrorists' immediate goal was terror, not necessarily death. To get terror, you need visibility. My point was that this would be visible. Not disasterous (except for those people in the building), but very visible.
When the Great Satan reacts as violently to inconvenience as to death, inconvenience is a good way to divert its attention and resources away from stopping you from actually killing it.
I mean isn't that a large part of what the various security critiques are about; conserving resources (including citizens' tolerance for sacrifice) for actual credible threats?
Not really so implausible, in so far as TeleHouse is a great target for anyone wanting to cause major disruption in the UK and Europe.
IIRC over 80% of the EU's international PSTN traffic goes through it, a good 75% of the UK's internet traffic, probably 50% or more of the EU's extra-EU internet traffic - you get the idea.
And you can ride in there on a bicycle with a backpack with no problem, just so long as you know the name of a company that colos there (hint, everyone colos at TeleHouse).
Assuming you had some basic ID forging skills and a friend at almost any UK hosting/tech company you could get into one of the suites. If you filled a big Cisco switch chassis with something other than switch blades you'd be all set.
Petrea, it's also the point where most of the big pipes enter the UK for voice and data, so it wouldn't just be a case of a bit of inconvenience. It would have a major disruptive effect on all internet traffic (of course there's redundancy, but we would see the same sort of slowdown as occurred after the recent east Asian earthquake.)
As to inconveniencing the Great Satan, Mr Infidel (I like to think we in the UK therefore qualify as the Small Satan)...weeeell...a cynic might point out that the IRA spent 20 years blowing up soldiers, horses and civilians and got nowhere, but as soon as they mounted a largely casualty-free campaign against the City of London they were invited to negotiate.
I'm sure I remember reading an article in Personal Computer World (PCW) about an occasion when PCW visited a major Internet comms provider in London for an article (sorry, no URL). PCW specifically stated that their journalist was surprised how easy it was to get into the facility and what a risk that was. This was quite a few years ago so perhaps Telehouse have tightened security now.
I don't know much about Internet backbone comms but I suspect that there is a possibility that terrorists could buy a lot of publicity for relatively little effort.
How does the UK improve its backbone resilience? I doubt it will be easy to make a business case and I definitely don't trust the government to do this.
Here's a story from The Register which describes some problems for ISPs caused by a minor electrical failure at Telehouse.
@Ian Mason, I did wonder how the Telehouse wizards had acquired a time machine in order to nickname Telehouse after something entirely irrelevant in a TV series that wouldn't be aired for a decade after Telehouse's construction. I guess they left me in another branch of history when they did it, and took the power beaming devices with them, leaving behind only networking hardware.
@Baron Dave, I'm afraid the net going down does not cause terror to anyone. Even the *power* failing only causes terror to those who need powered life support devices. Water supply, yes. Internet, no. Not even the most net-obsessed geek would find the loss of net connectivity more than (very) annoying, possibly in extremis business-destroying.
I must say the `dozens of servers' stuff had me laughing out loud. At one point I briefly had dozens of servers in my *house*, and I'm fairly sure others here could say the same. That didn't make my house Telehouse, not even slightly. Nor did I have terrorists snooping around, except inasmuch as I was in Southall, so your average terrorist-watching munchkin would get all scared because of all those people wearing different clothes and understanding languages other than English, aren't they all dangerous?
If there were a Doghouse for tech journalism, this article would be in it.
Destroying the Internet in the UK is not the job of Al Qaeda, it is the job of British Telecom.
Sorry guys, but when it comes to ISPs, some only have a couple of co-lo links, let alone sites :-(
I make sure that our 5m+ customers are connected by over a dozen SITES, wih no two transit providers in the same half of the UK.
"I'm paranoid, but am I paranoid enough? " (Quote, "old ISS presentation")
In the May 2007 issue of PC Pro (a UK publication) and which just happened to be delivered today, they have an article entitled "What if the net stopped working?" which centres around the the theoretical impact of a massive virus attack and the effect it might have on the UK.
Sounds like security theater, of the type with the "liquid explosives" from last year. If they don't keep the fear factory running, how they gonna keep us under control?
With Haliburton moving to Dubai, and Dubai becoming the de facto financial center of the planet, does that make it the target of choice with the WTC gone?
More churn on the fear machine...
@Mark Re: "What if the net stopped working?"
Stopped working for how long?
It's an important question, because an appropriate response may be to move or redistribute load and routes, rather than try to bring up a location that's been damaged. It depends on the extent and type of damage.
"Massive virus attack" isn't "stopped working". The network is flooded or overloaded, but the network is still working. If it weren't working, the massive attack wouldn't be massive at all, but would be self-limiting in the extent of damage it can cause.
I'm backing up Ian's comments about Telehouse. I used to run a few colo suites in some of the DC's in the docklands. I don't know if it's changed cause I don't live in London anymore, but back at the turn of the century it used to be the case that there was a single road going out from that specific location which had nearly all the fibre to Europe under it. As one of the DC's Global telco managers said to me once "just imagine Tim McVeigh with his truck going off right there" (pointing to the specific part of the road). "It would probably knock England off the Internet".
Aside from that delightful scenario, the sad reality in my experience is that most DR plans are largely untested, and rarely kick into action as planned.
Anyone who thinks that the loss of the Internet would be just an inconvenience isn't looking at it seriously. Most first-world cities would slow to a crawl without either power *or* the Internet. The longer either of those utilities is unavailable, the worse it gets. Hospitals, food supply, water, etc.
It's easy to laugh off talk of terrorists now, because the Intelligence people are doing a pretty good job of stopping plots - and they don't brag about their biggest wins.
The fact that most people quickly forget is that AQ actually do want to destroy us and everything we count as our way of life, and they will do it one cut at a time if they have to. The only reason they're not doing it right now is for lack of either resources and/or opportunity.
It's not about terror, fear is just a byproduct. These people are first rate sociopaths; they want to destroy our society. That plot is not implausible.
Terrorists are PLOTTING to CRASH your WEB!!!
Do not forget to pay taxes and submit to random full body-cavity searches.
Kill people, people rally behind the flag and stand behind their Government.
Inconvience people, people get really pissed off at their Government.
The ultimate expression of that was the initial global reaction supporting the U.S. after 9-11.
Would have the sympathy or support been as strong had the attack been limited to an obviously military target (Pentagon) combined with attacks on strategic resources like oil refineries, eletrical transmission grids, or peering points?
How many days or weeks could've a small team of four people with pre-positioned supplies and pre-planned targets be active dynamiting wooden electrical transmission towers causing repetetive, major wide area blackouts?
I'm just saying if I was out to screw with a major Western government like Britain or the U.S. I do it in a way that reveals the emperor wears no clothes ;)
>> "Last year MI5 uncovered intelligence which suggested that Islamic terrorist suspects had carried out reconnaissance of the huge Bacton complex of gas terminals on the Norfolk coast. The threat led to the deployment of armed guards around the plant."
> So there were no guards before?!?!?!
Believe it. Rest assured that in your town, there are heaping gunks of terrorist targets which are guarded, if at all, by an alarm system that causes an answering service to place a message on someone's work voicemail.
Generally, guards are placed to prevent crime. Stealing propane by the truckload is problematic. Stealing chlorine by the ton, equally so. Trains don't move unless you're knowing what you're doing -- and pretty much by definition, former train crew would frown on stealing a locomotive. Joyriding, maybe, but neither stealing nor endangering public safety.
Common criminals and crime syndicates, even the murderous sort, frown on large numbers of dead people. Draws too much attention, very bad for business.
So rest assured that someone who knew what they were doing, with materials that you can buy from any garden supply or hardware store, can kill hundreds if not thousands of people through adroit application of basic chemistry, physics and utter ruthlessness.
Any time they want. An armed guard more or less isn't going to make much difference.
The good news is that they don't. The kind of damaged, broken people who would wantonly kill large numbers of innocent people typically fail somewhere between acquire materials and plant device, mainly by talking to the wrong person about it.
The other 99.99999 percent of humanity is getting sick and tired of being told by our governments that we can't be trusted because of the 0.00001 percenters.
As for data centers, yep, they're a bit vulnerable. But I flat guarantee they're Roach Motels for a dedicated intruder. By the time you've done enough damage that it can't be easily fixed, the SWAT team is gearing up in the parking lot.
That which does not kill me only makes me stronger.
Go ahead Al-Qaeda & kill the Internet, I'll read a book.
Sounds like: "Hey we got terrorists over here! Give me money to defend them!"
@J Random Infidel:
"Al Qaeda's new mottos:
-- Inconveniencing the Great Satan.
-- Jihad brings not necessarily painlessness to infidels."
Mr Pratchett? Is that you?
We can read any other day in the news that the terrorists are using the Internet for their communication, to build their networks of terror and to effectively make and spread their evil plans. Thus we must forbid cryptography, surveil, censor, control, shut down any little chat room and website on the planet to stop the terrorists. In Germany, they are currently even discussing a "Bundestrojaner" - an official trojan horse to infect home PCs to do undetected online searchings.
Now they want to tell us that the terrorists are going to destroy their own most effective weapon of today -- a worldwide communication network? WTF?
What will they tell us the next time? All terrorists are now dancing naked with flowers in their beards around a Voodoo puppet of G.W. Bush, so we must showdown all websites about Voodoo?
This is actually a pretty savvy target selection.
Telehouse is located in Docklands which is where most of the UK stock market back office type transactions are processed. I personally know of at least three major players who have primary or hot standby servers in the building (which looked reasonably secure to me last time I was there in 2001).
An attack on Telehouse alone would not bother many organisations, but, in combination with an attack on another concetrated telecoms or data centre could cause considerable disruption.
Whether Al Qiada or other fundimentalist terrorists would recognise this as a good target is another question. They have a different set of values, they do not value stock markets and the western financial infrastructure and so have difficulty is appreciating how much we would value we would place on such disruption.
It's been 'well known' in the UK for some time that to take out the City of London financial institutions you need the first attack within the Square Mile, with the second one a couple of hours later on Telehouse once everyone has relocated to their DR sites in Docklands.
"Telehouse is located in Docklands which is where most of the UK stock market back office type transactions are processed"
Not just Docklands, go South under the river (Thames for those who are not Londoners) and you come to Greenwich / Lewisham.
If you take the train out of Lewisham (Platform 2) you pass some interesting windowless buildings. Atleast one of which is a main Data Center / Repository for an International Bank. A number of people got real gittery just recently as Lewisham Council started re-modeling the Ravensbourne River banks and surounding area that back onto these properties.
Also if you look at older maps (pre WWII) you will see that there are a number of walk through / service tunnels under the river Thames that are not shown on more recent maps.
To my knowledge they all still exist and at least one of them carries a very large amount of cables (actualy shown on Blue Peter many many years ago).
One such tunnel not to far from Tower Bridge was used during WWII to pull power cables through to get around some of the Blitz Bombing damage and subsiquently telecoms cables joined them.
There are also suitable tunnels under the river from Docklands to Greenwich, so I will let you draw your own conclusions...
Oh and after the fire in the Mont Blanc Tunnel between France & Italy in 1999 a few telecoms bods got twitchy. However many more got the hives in 2005 when the Frejus B tunnel had the same problem. The reason for this ill health well quite often telecoms companies put their major trunk cables in open cable trays in such tunnels, and for obvious reasons the are not really redundant to fire earthquake or madman with as little as an axe...
It does bring up a point. It is good PR for MI5 to "uncover" terrorist plots periodically. At the same time, they can keep the salient "details" hidden "in the interest of national security" so they don't have to produce much scrutinizable evidence.
Reminds me of Saddam buying uranium from Nigeria. One badly forged fax is all you need, and you're a hero.
I used to work for an ISP in the UK back in the last century. I visited Telehouse once and was surprised by some of the precautions required to let us into the building.
Having said that, Telehouse is not the only peering point in the UK, even when the LINX was entirely in Telehouse there were other peering points elsewhere in the UK. It was not the case that all transatlantic cables terminate there, or that the entire country would grind to a halt if the building was somehow taken out.
But it would have been a good target then anyway, not so much because of the amount of damage caused but because of the pychological damage that could have been caused.
That article seems to be a deliberate attempt to overblow a minor threat in order to ramp up the Fear... But given that this came from The TImes I'm not surprised.
Heh. What a load of rubbish. This is just the imbeciles in Whitehall scare-mongering again.
i expect they will want to appropriate more money from the taxpayer to fund this latest moronic scheme... Centre for the Protection of National Infrastructure indeed...
Yes lots of unprofessional ISPs have an SPOF in that building. But it wouldnt affect the bigger ones, or any of the carriers. All that would happen is a bigger IP Transit bill.
> "The discovery led Eliza Manningham-Buller, head of MI5, to set up the Centre for the Protection of National Infrastructure last month. It is a special MI5 unit to help to protect “infrastructure��? sites from terrorist attacks, such as telecommunications, the internet and key utilities such as oil, gas installations and nuclear power stations."
> Uhm... they set this up last *month* ?? Have these people been sleeping since the whole "conflict with verb" started?
As has been said this is just spin - as it says on the CPNI website http://www.cpni.gov.uk/
"CPNI has been created by the merger of the National Security Advice Centre (NSAC) and the National Infrastructure Security Co-ordination Centre (NISCC)."
NASC & NISCC had both been around for a while
The Securiteam blog points out that the Telehouse homepage contains quite useful information for anybody who wanted to do a reconnaisance.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.