Data Center Security Takes On A New Meaning

Posted inSecurity, Technology

Cybersecurity has been at the forefront of technology discussions for the last year. An arrest in Texas last week shows that physical data center security matters, too.

Over the last year, we have seen an increased focus on cybersecurity. A rise in attacks during the coronavirus pandemic is largely to blame for this, but we’ve also seen a rise in vulnerabilities discovered by ethical hackers. Businesses around the world have tightened down the hatches on securing technology, moving business processes and storage solutions to the cloud. Cloud service providers have some of the tightest security available for users, but what about their physical data centers? Last week, the FBI arrested a man for allegedly plotting to blow up AWS data centers.

After the attack on the Capitol on January 6, AWS removed hosting access for the so-called “free speech” app, Parler. It was then that Seth Pendley, under the handle “Dionysus,” posted on the MyMilitia.com message board. He said he would, “happily die a young man knowing that I didn’t allow the evils in this world to continue unjustly treating my fellow Americans so disrespectfully.” Over the next few months, it became clear that Pendley chose AWS to bear the brunt of his anger.

According to Wired, “Pendley’s posts came at a time when Amazon was under intense scrutiny from the far right. The company announced on January 9 that it would cut ties with Parler, the “free-speech” social network that had become a haven for harassment and extremism and hosted many participants in the January 6 attack. “Sounds like war,” wrote one Parler member in a post spotted by Buzzfeed News editor John Paczkowski. “It would be a pity if someone with explosives training were to pay a visit to some AWS data centers – the locations of which are public knowledge.””

Two days after that, it was reported that AWS employees were notified via memo from an executive. The memo encouraged employees to be on the lookout for anything out of the ordinary, that they should remain vigilant in the wake of the Parler ban, nothing should be considered too small.

From January until March, the FBI investigated Pendley, eventually arresting him on April 8 after selling him fake C-4 to be used to blow up the Norther Vriginia AWS Data Center.

“We would like to thank the FBI for their work in this investigation,” an Amazon spokesperson said in a statement. “We take the safety and security of our staff and customer data incredibly seriously, and constantly review various vectors for any potential threats. We will continue to retain this vigilance about our employees and customers.”

While big tech companies like Amazon, Facebook, Google and Microsoft have come under fire recently for a variety of reasons, this incident is likely a one-off. However, even with outliers, businesses need to prepare. It used to be a running joke in the tech industry, that you didn’t need to worry about AWS really going down because if Amazon Data Centers have blown up in 2 regions, we have bigger problems. Unfortunately, we now have to look at security from more than a cybersecurity perspective. We have to look at it as more than just threat actors coming after sensitive data and mining compute. We have to look at this as a real, physical threat to literally destroy data.

Do these big tech companies have backup after backup after backup? Sure, but if the server hosting your business’ operations is blown up, are you prepared to function without the cloud? Are the backups you have in place sufficient to keep your business running smoothly in the event of a horrific incident? Data centers may not have a lot of people on site, but any explosion is likely to result in fatalities. The owners of those data centers will take steps to ensure your business information is safe and secure, but it will not be their primary objective immediately following such an attack.

Seth Pendley has been charged with a malicious attempt to destroy a building with an explosive. If convicted, he faces up to 20 years in prison.

About the Author

PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY