Failure Happens: Taser-wielding thieves steal servers, attack staff, and cause outages at Chicago colocation facility
Dan Goodin at The Register reports that C I Hosts' Chicago facility was robbed last month for the third time... fourth time... second time (the other two times were merely "break-ins where things were stolen")
In the most recent incident, "at least two masked intruders entered the suite after cutting into the reinforced walls with a power saw," according to a letter C I Host officials sent customers. "During the robbery, C I Host's night manager was repeatedly tazered and struck with a blunt instrument. After violently attacking the manager, the intruders stole equipment belonging to C I Host and its customers." At least 20 data servers were stolen, said Patrick Camden, deputy director of news affairs for the Chicago Police Department.
The Chicago location has been hit by similar breaches in the past, according to police reports. One report detailing an occurrence on September 23, 2005, recounts a "hole cut through the wall coming out onto the hallway of third floor." During a September 20, 2006 incident, an intruder "placed a silver + blk handgun to [victim's] head and stated 'lay down on the floor.'" The victim, a C I Host employee, was then blindfolded, bound with black tape and struck on the head with a weapon, according to the report.
Wow... I hope that everybody is now okay. There is some interesting discussion by affected customers over on the WebHostingTalk forums.
I'll be doing a post-incident report using the Simple Availability Report format I introduced last week. (If you would like to contribute please post in the comments or email me directly jesse AT oreilly.com)
Updated: Anastasia Tubanos (theWHIR.com) has posted her interview and followup with James Eckles, chief corporate counsel for CI Host. (link)
"There's no resolution really," he says. "We're dealing with the situation on a customer-by-customer basis. We've got nothing to hide, even though people have been saying otherwise online. The forums have been a bed of misinformation - extortion compounded with defamation. One of the biggest mistakes is that people are talking about four robberies. A robbery means than property has been seized through violence or intimidation. C I Host has technically only been robbed twice in two years. The other two were break-ins where things were stolen, but not robberies."
Technorati Tags: crime, downtime, facilities, failurehappens, infrastructure, operations, outages, procurement, security, web20, webhosting
tags:
| comments: 7
| Sphere It
submit: 
0 TrackBacks
TrackBack URL for this entry: http://orm3.managed.sonic.net/mt/mt-tb.cgi/7246
Comments: 7
[11.03.07 10:30 PM]
Excellent reason to encrypt your databases. If somebody is determined enough to cut through walls and use guns to steal your servers it's hard to stop them. Gotta make sure if they walk off with your hard drives they don't p0wn your customers' identities.
[11.04.07 01:21 AM]
Some customers on that forum are starting to theorize that it must be an inside job.
What is hard to understand is why will all that electronic security and history of annual robberies - are there no Armed Guards on floors where the Data Servers are located?
They would have to bring the servers out the building and onto the vehicles they are using to transport them. So wouldn't having either remote surveillance or even inside surveillance CATCH the activity, and security could then call 911.
Hi tech motion surveillance can even sends alarms to sources when unusual motion is detected.
Even if the Night Manager or other employees were attacked - a Guard in another room or location should be able to monitor the activity via surveillance cameras. You can now even outsource remote central monitoring if you do not want to have an internal staff.
Also, why were the servers not in steel cages if the facility had been robbed before - making it harder to transport them.
Hopefully, the company did use some sort of frequent REMOTE backup using an IP or Fiber based SAN.
You want to give people the benefit of the doubt and you want to wait until all the facts are in, but if companies are not using common sense security measure and allowing the same things to happen repeatedly - you have to wonder what type of politics, atmosphere and morale exists among their employees.
[11.04.07 05:31 PM]
You get what you pay for?
CIHost is a budget hosting company. When you're haphazardly throwing the lifeline of your business into the cheapest datacenter du jour, it makes a statement. That statement is not "I'm doing the best by my customers".
There are half a dozen good places online where you can solicit anecdotes about the operational quality for any given datacenter. Touring the facility should be enough to trigger your fight or flight response when warranted.
Companies hit by these problems are the types of companies who think they should be able to run 60 amps of power in a cabinet for $750/month with 10mb/s of bandwidth included on a gigabit uplink.
My eyes aren't welling up with tears.
[11.04.07 08:40 PM]
Russian hackers allied with Russian mob. Dangerous bunch of criminals. I think I'll host my own databases from now on...
[11.05.07 12:05 PM]
They evidently don't hold their customers in high esteem.
[11.18.07 02:48 AM]
Illinois Security Services(ISS) was supplying 24/7 on site security but CiHost decided not to pay them. So they pulled out of the center leaving it empty during certain hours. This was interesting to hear from the owner of ISS because if CiHost paid the bill and the center was still robbed ISS would of cover the losses.
In my opinion a company that has been around for so long has a lot of growing up to do. Take responsibility for your actions and care about your reputation not just $$$.
14.4 million in sales and they cant refund loyal customers for losses screams financial problems. I would not be surprised to see the headlines CiHost files Chapter.
But that is just my opinion.
Post A Comment:
Radar RSS feed
Ross Stapleton-Gray [11.03.07 08:40 PM]
There have got to be easier ways to steal stuff to fence; I'd presume this was a theft of data, if not targeting a specific company's databases.
But data theft is a less examined aspect of this whole "information age." Imagine, for example, that an employee of one of the telcos walked out with a month's worth of call record data... I suspect they could live off that for a lifetime, between insider trading, blackmail, and cons.