Locating the equipment used for big corporate websites to blow it up...
Or smash it with a hammer. If you wanted to physically destroy their servers or whatever rather than just hacking the website, how would you go about locating all of them and their physical locations? How much backup equipment would they have, and how spread out would the shit be?
Reason for asking is if someone wanted to fuck a website up real good, hacking is really only temporary and won't do nearly as much damage as physical destruction of their equipment. What would you have to destroy in order to make it as difficult as possible for the website to get back online?
EDIT: i realize that targeting the website's members is also a great way to ruin the site itself, if the members fear for their safety or privacy the site is as good as dead.
Reason for asking is if someone wanted to fuck a website up real good, hacking is really only temporary and won't do nearly as much damage as physical destruction of their equipment. What would you have to destroy in order to make it as difficult as possible for the website to get back online?
EDIT: i realize that targeting the website's members is also a great way to ruin the site itself, if the members fear for their safety or privacy the site is as good as dead.
Comments
Can you elaborate? How many buildings would there be? I figured it would require some hacking rather than just a whois... Bad Ideas it is then.
How good would a hacker have to be to fuck up their security system to make entry easier?
This depends on the system they're running and how it all works. Its not like in the movies where you just hack into the "mainframe", bleep bloop, "we're in!". If they run their security using software which runs on a computer then yes, you can hack into it and try to get access if it's connected to the internet. Problem is that these systems shouldn't be connected to the internet at all (because of the threat of this attack), and they're also probably directly connected to law enforcement in some way in case an alarm is raised.
Best bet is to do some social engineering. Dress up as someone (worker, electrician, etc) and basically let them open all the doors to you. Once you're in the right area, make it look like an accident or something which wasn't your fault at all.
Remember - try to avoid cameras, don't give them your real name, change your identity as much as possible.
This doesn't fit very well with the plot of fight club. My other thread does though. If you find out how to illegally erase the debt records, you get free merchandise. As much as you want basically.
As opposed to entering the building in broad daylight, that is.
Oh wait, you're not actually going to do anything you blab about on totse, you just wanna add inches to your internet dick
Well if someone screws up the social engineering, security will be even tighter. Daylight doesn't sound too good but then again most of these buildings are probably huge so it might not make any difference.
Well as remade pointed out, there's going to inevitably be backups. Most hackers are not nearly as good at social engineering as they are at hacking, they're usually awkward in social situations compared to your average joe. Locating these backups would require penetration of their network, or some EXTREMELY good social engineering. Seems like hacking is the only plausible option.
Best bet is to befriend someone at the location.
I promise you won't be bothered by any stinkin' backups if you do just that.
The level of security to actually get in the places is normally more than getting into a prison.
On top of that, the most up to date data may be held at the customer facing locations in the form of a server with back ups. I will guarantee anything like a financal institution will have local and national data centres and the vendor of the software will have one or two backups of very recent data on two seperate servers.
The reason backup data is just not restored right away when something has been hacked (or at least should not) as is the main objective of whoever is responsible for it to find out how securiy was breached, fix it and find anything left or not left behind.
Thats why when we saw the attacks on web sites after the arrest of Julian Assange, the sites were down for some time - they wanted to prevent a problem from re-occuring before restoring things - you would not reuild your house on a crumbling cliff.
No, this is a feat of revolutionary proportions. If Pol Pot had a wet dream, it would be that.
I do believe man survives best as a subsitance and some spare farmer, or as hunter gatherer. Whether or not it does in any way relate to fight club - well, just dont get into debt in the first place and stay away as well as possible from the Ad men and the boys with the expense accounts.
Oh yeah, the racks are numbered, the switches are numbered and only the very few people from anywhere know what is what. As I said, highly prized commercial information is stored as good as or better than government data.
Ah, the things you learn by reading BOFH...
It´s funny that there always seem to be a beancounter around when the Halon system goes off.
BOFH is awsome btw, too bad there are not many new episodes written anymore.
First problem: Access to the data centre, they are very locked down.
Second problem: Automatic failover.
Your in the data centre somehow with your sledge hammer. What do you hit? It's not like the machines have a big sign "XXX's website". Loads can be dynamically assigned, one moment the VM could be running on one machine, as load picks up it moves to a more powerful machine.
Somehow you have figured out what machine the load is running on, and then smash it. Mission accomplished? No. A host has just dropped of the network, any VM's running on the host would be moved to another host. What? You don't think a big hosting outfit would cover them self in the event of a hardware failure?
Ok, can't kill the machine so you will go after the data then, you find a SAN and go at it. Fuck, website is still up and running, well you didn't really think they were going to trust everyone's data to one array did you?
Fuck all this redundancy you say, after planting a bomb and diving out of the building in slow mo with an explosion closely following. At this point a lot of sites would go down, but anyone who is serious has more redundancy than that. In the blink of an eye (or 10-15 seconds) the DNS servers for the web page realised that one of the sites is now off line, no worries, they now just direct traffic to another site, possibly in a different country and no one notices a difference, except for maybe the site running a bit slower than normal.
Even if you some how manage to knock a site out, restoring from backups is always an option.
Now I know what you might be saying, why would a company go to this much effort? Anyone with money to loose! You think a company like Dell could risk their site going off line for a couple of hours? They could loose millions in sales, suddenly that 50million a year hosting bill doesn't look so bad.
Have a read about how google does it, multiple DC's all around the world, everything is dynamic. Loads are constantly shifted around the world automatically to increase response time, make use of cheaper power, make use of cold air (at night/cold locations), protect from disaster, save power, maintenance etc.
NOTE:
Yes I know there are many other ways you could bring the place down without a bomb, electrical supply, cooling, connectivity etc. But any modern facility should have all of these backed up.
You're real problem is that most major sites don't run from one server, multiple servers are used for load balancing, and each of these have raid-arrays of hot-swappable drives, and backed up regularly offsite. I've also been down inside a former salt mine used as a data storage facility. Nuclear war can't even touch these, that data is preserved forever. Major corporate Web sites like amazon.com or eBay or the like are housed in their OWN datacenters, making it virtually impossible to destroy their hardware.
One form of destructive hacking is to alter their backup routine, say a site only keeps backups for 2 weeks, so for 2 weeks you allow them to only backup garbage or change the destination server for the backup - then after you've ensured their backup copies are no good you hack their site and delete databases. They have nothing to restore thanks to your earlier hacks. Most forums run on small hosting accounts and they're lazy or follow bad practice by keeping their backup db's on the same server as their Web site, so if you have root access, you can delete these backups.
Ultimately destroying hardware is pointless, it's the backups and databases you have to destroy.
Is that the place which also stores movie reels and millions of other things? I saw that on TV the other day :thumbsup:
I've never seen it in the news, this one is located near Erie PA, and is actually beneath Lake Erie. After 9/11, they put it to good use storing financial records from Wall Street. It gets advertised among the really big banks and financial centers as THE secure offsite backup facility - can't get much more offsite than this. I helped wire the place up, but now that they have their servers in, security is insanely high, I could never qualify for clearance. If you wanted to obliterate something like Bank of America you would have to take out all their backup facilities like this one (just finding them would be a challenge), then their data centers and offices. Short of a nuclear war, it's not feasible.
I think in order to take down a big company you have to start at the top and work your way down. You begin by "removing" the CEO, then Executive Management, the Board of Directors, etc. You continue removing all replacement leadership and that will cause some serious disruptions. Eventually no Executive in his right mind will want to work there out of fear.
Long Answer:You can't do it. As many people have stated before, they will have plenty of backups, there is no way you could get access to the servers and destroy them and even if you did, you could not get a way with it. It's as simple as that.
I wouldn't say impossible, but definitely improbable. The only way to really pulll it off would be to get insiders in there in relatively high positions. CIOs/CTOs, and lots of insider network admins. It would take years to get everything in place. There would need to be a long period of falsified backup records, while in reality nothing is backed up. For large corporations, even a loss of the last 7 days of data could be devastating. Not easy to pull off...