Peter Gabriel's Web Server Stolen

miller60 writes "Web servers hosting musician Peter Gabriel's web site have gone missing from their data center. "Our servers were stolen from our ISP's data centre on Sunday night — Monday morning," reads a notice at PeterGabriel.com. The incident is the latest in a series of high-profile equipment thefts in the past year, including armed robberies in data centers in Chicago and London. How secure is your data center?"

Heist!

[warriorpostman]

Wow. It never even occurred to me that people would execute traditional bank-style heists of data servers.

The real question here is...

[StreetStealth]

Did they break in with a sledgehammer?

Re:

[techpawn]

In the most recent incident, "at least two masked intruders entered the suite after cutting into the reinforced walls with a power saw,"

TFA says power saw...

Re:The real question here is...

[Uncle Focker]

Woooooooooosh

EVERYBODY!! EVERYBODY!!

[hobo sapiens]

Stop right here. The rest of this discussion is a mobius strip of really bad jokes using titles of the few Peter Gabriel hits as gags. There are literally more than 50 Shock the Monkey jokes in here.

Don't say you weren't warned before continuing on in this discussion. Run while you can!

Re:

[Forge]

I run parts of 3 separate data centers for my employer. We have several layers of security, Firewalls, Electronic doors, etc...

But the most important security system we have are the armed guys inside the data center and in the parking lot in constant CB contact with each other and their headquarters with it's armed response teem (Think SG1 going offworld. Heavy on the muscles, body armor and ammunition, light on the PhDs.) less than 4 minutes away.

Re:

[NoxNoctis]

I really hate to do it, but I'm calling shenanigans. If you seriously have all that, I don't want my hardware there. No amount of your sales people promising my hardware wouldn't be swiss cheese after an incident could convince me otherwise.

Your armed response team is not the police, not even close, so they have to play by a slightly different set of rules. Laws regarding deadly force are pretty much the same (in California) for police and private citizens, but the repercussions are different. Shoot som

Re:The real question here is...

[GreggBz]

Did they break in with a sledgehammer?

Yea, big time.

Re:

[porkchop_d_clown]

I heard the crime was committed by an Intruder.

Re:

[cabazorro]

And they used a yellow plastic shoobeedoo.

Re:The real question here is...

[vmxeo]

Did they break in with a sledgehammer?

Yea, big time.

Oh sure, maybe in your eyes this was a big break-in...

Re:

[Foofoobar]

Regardless, I hope they shock the monkey that did this...

Re:

[Opie812]

I wonder what the genesis of this crime was.

Re:

[bmajik]

You win the internet.

Re:

[greg1104]

Didn't have to; they know something about opening windows and doors, and how to move quietly to creep across creaky wooden floors.

Re:

[zotz]

See, that was my immediate thought.

Is this a case of great minds think alike or one of fools seldom differ? You can choose... ~;-)

all the best,

drew

Re:

[sammy baby]

Did they break in with a sledgehammer?

Nah - the intruder [mp3lyrics.org] knows something about opening windows and doors. Unfortunately, when asked for comment, the security agency responsible for protecting these assets responded that they "had no memory of anything, anything at all [mp3lyrics.org]."

A visibly angered spokesman for Gabriel issued a statement directly to the thieves, saying, "This time, you've gone too far [mp3lyrics.org]."

Re:

[RLiegh]

Too heavy and obvious, they probably decided to go with The Knife...

Re:

[vimh42]

Hopefully people will start to become aware of this issue more. I've read similar stories where people show up dressed as IT staff and just walk off with servers and witnesses simply assumed they were legit and just doing maintenance.

Re:

[Necrobruiser]

people show up dressed as IT staff

What? Wearing jeans, Chuck Taylors, and a tshirt [thinkgeek.com]?

Re:

[nurb432]

Why wouldn't they? All that user data, credit card info.. etc.

Lot easier then trying to 'hack' in.

Re:Heist!

[JCSoRocks]

What blows my mind is the article that talks about a group of guys cutting through reinforced walls with a powersaw... what the!? the techs didn't hear an insanely loud noise and think - maybe I should investigate? Then after having realized a bunch of whack jobs are coming in just call the cops and hide someplace? The place has already been robbed 4 times. They can't come up with some better security? geez. You might as well be hosting your stuff at 7-11. At least there you might get a feisty old timer with a shotgun or a bat to fend criminals off.

Re:

[Jellybob]

I'll let them off for not hearing - most of the data centers I've been in have been so noisy you'd be lucky to hear a JCB driving through the walls. Our main one is loud enough that we're legally required to wear ear-defenders now.

There's no excuse for being robbed 4 times though. If I had any hardware there, I'd certainly be moving it.

Cleary

[hansraj]

It's a handiwork of music pirates!

Re:

[MightyMartian]

Shock the monkey!

Re:

[Hoi Polloi]

The "intruder" used a "sledgehammer" to break in and has hidden it at "Solsbury Hill". A ransom note was sent "through the wire".

Re:

[PlatyPaul]

Benevolent music pirates.

Because, really, have you heard his music?

Re:

[MightyMartian]

His stuff with Genesis was pretty good, and his solo stuff wasn't too bad, up until recently. Now he's just another self-important pretentious fart like Sting, Bono and Bob Geldoff. That's what I like about guys like the Stones, they may do the odd charity gig, but it's all about the rock and roll, and not about albums designed to educate us. I certainly don't need Gabriel forming some Amnesty International knock-off and then using his records to push it and show us all his social conscience.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Musicians seem to have crappy luck

[MightyMartian]

Jimmy Page had all his tapes for Outrider stolen, and was forced to rerecord the entire album from scratch. In that case I expect the theft was targeted, while in this case, I imagine it's just guys busting into a data center to steal equipment.

Re:

[Monkey Angst]

Jimmy Page had all his tapes for Outrider stolen, and was forced to rerecord the entire album from scratch. In that case I expect the theft was targeted, while in this case, I imagine it's just guys busting into a data center to steal equipment.

This has also happened to, ironically, Thievery Corporation.

Re:

[sokoban]

Or what about Sonic Youth. They had every single piece of their gear stolen just about. Especially bad was the fact that many of their instruments were prepared in some way to get special tones.

Re:Musicians seem to have crappy luck

[clem]

Especially bad was the fact that many of their instruments were prepared in some way to get special tones.

It's called "tuning".

Re:

[MsGeek]

No, the Sonic Youth guitars in question had physical modifications done to them. It wasn't just weird tunings. This was a major setback for the band.

Re:

[afidel]

Probably special windings, possibly a different style of bridge than is normal for that model. Those are the most common modifications for guitars.

Re:

[Chris Pimlott]

Electronic artist Matthew Dear had an external HD stolen in the middle of a set [brooklynvegan.com]!

Re:

[mlts]

On gigs, its not uncommon for people to try to rip off the USB dongles which are used as license keys for VST plugins and various music software. This sucks because it might cause a band not to be able to complete their set if they don't have backup tracks.

Protecting VST keys for desktop or rackmounts is fairly easy -- you have a USB card with an internal port and plug your VST license dongle into that, leaving that inside the machine. However, for laptops its harder and quite easy for someone to walk up,

Re:

[afidel]

Yet another case where the legit customers get shafted while the pirates have no problem running the software. I remember playing with Cubase back is college and thinking it wasn't all that hot. If I had my dongle stolen for something like that I would download a crack in a heartbeat and have zero moral problems running it.

Re:

[geekoid]

Yes, that thief is a prick, and I feel bad for the victims.

That said, Off site back-up people.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Macrat]

First time I've ever heard of them.

Re:Musicians seem to have crappy luck

[twistedsymphony]

"Charted" where? Amazon does not count.

I know BT made #1 on the US Dance charts TWICE. I don't know enough about Hybrid to comment on them.

BT has had more music used in movies, commercials, and remixed by other artists than you've had hot dinners. Just because it's a genre you don't listen to doesn't make it irrelevant, and if it is a genre you listen to them you must be living under a rock.

Re:

[Amouth]

humm BT isn't an Obscure band.. infact you might reconize their work.. but just not know that it is them.

you would be supprised at people who "have never heard of someone" know there music and yet don't realize it

Re:

[Klaus_1250]

There is more than just "sales" of "albums". Movies, tv-shows, games, commercials, etc need music as well and it is not uncommon that music is specifically written for them.

Re:

[LWATCDR]

Hey I have heard of BT and I am not that big of a music fan.
BT has charted on the Dance charts and does a lot of remixes.
Not as well known as Brittany Spears but then BT only makes music and not tabloid fodder.

You know what they say about hacking...

[MozeeToby]

If at first you don't succeed... buy a gun and go there in person.

Re:

[Nullav]

The bank I use has laughable security. An armed individual could easily gain entry.

Re:

[Thyamine]

I'd say most places would fall into that description, so I can't say that it's surprising.I can think of very few places that really have the security to prevent an armed individual. Add the tiniest bit of social engineering and they are that much more 'successful'.

Stop the Madness!

[Anonymous Coward]

Peter Gabriel's Web Server Stolen

This is, this is just utterly devastating.

The repercussions of this show what kind of destruction something like this can bring ... Wikipedia's page on Gabriel is grinding to a halt as millions of confused people log on to figure out who he was ... tens, maybe even hundreds, of people are rushing to change their credit card number after they realize that they purchased something through that website ... and on top of all that, this sudden rush back into the spotlight just might cause Gabriel to release another album, possibly setting popular music back decades again.

Re:Stop the Madness!

[edraven]

Yeah, if music was set back maybe 4 decades, that'd be pretty cool.

Re:

[geekoid]

Please don't start the flame war.

Personally I find it apalling that someone would write of a whole genre of music, as opposed to individual songs. To each their own.

That just means more MS Frontalot for me..wait.

Stole it himself

[WilyCoder]

Gabriel stole it from himself. He's jealous of Rick Astley's recent fame. He wants an internet Peter-roll using "Sledgehammer"...

Peter-roll

[Comboman]

You could be right, I was just reading about that here. [youtube.com]

Servercams?

[mikael]

For the amount of money that is invested in server equipment, I'm amazed that they don't have a server cam for security (sending high-res images of the room to a remote server via wireless or cable).

They did...

[Anonymous Coward]

But that server was stolen, too. Unfortunately, the servercam on that one pointed to another server... which was also stolen. That one didn't have a camera, however.

Re:

[magarity]

Not to worry, the people responsible have been sacked.

Re:

[jimicus]

For the amount of money that is invested in server equipment, I'm amazed that they don't have a server cam for security (sending high-res images of the room to a remote server via wireless or cable).

90% of CCTV systems out there produce such appallingly poor images that all you'll know is "the intruder was an amorphous grey blob" - and that just helps you find the intruder at a later date, not necessarily recover your equipment. They certainly don't deter criminals, if that's what you were expecting.

It'd be cheaper and more effective to keep offsite backups of important data.

layer 1 hijacking

[flynt]

A similar method of attack, layer 1 hijacking [packetstormsecurity.org] has been around at least 10 years now.

And then....

[ehaggis]

There were three...

Was I the only one?

[neokushan]

Did anyone else read the title and, quite literally, laugh out loud?

Just me, then?

I'll just go stand over in the corner where I belong, then....

Re:

[rickb928]

Move over...

bahahaha... BAHAHAHAHAHAHA!!!!!!!!

*snicker*

Sheesh. It really is funny in a way. Which reminds me, I wonder if my absent-minded co-admin bothered to lock the door to the server shack last time he was in. Oh damn. Gotta go.

Probably not very

[KeithIrwin]

There was a talk at ACM CCS a couple of years ago by a guy who specialized in physical security. He runs a company which works as site security testers. He told of being hired to check how secure a client's computers were in a "secure" data-center. The servers were in a floor-to-ceiling cage with a padlock and security cameras. All they had to do was to fake some passes to get into the data center and then either go under the floor or over the ceiling. In this data center, as in most, there was about a 2-foot crawlspace below the floor and another one above the ceiling. Floor-to-ceiling cages don't mean much if you can just go around them, and that's how many "secure" data-centers are set up. Likewise, the security cameras are only useful if someone is watching them, and in the places he tested, no one was. Since he was only testing, he didn't actually steal the machines, but he did put stickers on them to prove that he'd been there.

So, how secure is your data center: probably not very.

Re:Probably not very

[eln]

It blows my mind that people who have a raised floor, and presumably go down into the raised floor all the time in order to run cable or whatever, wouldn't realize that people could get under a cage through the same mechanism.

At the data center where I work, all of the cages are extended beyond the raised floor down to the concrete. Sure, if you had a heavy enough set of bolt cutters you could get through, but the metal detectors and security guards should keep you from getting something like that into the building. Plus, the fact that you would have disappeared under the raised floor for several minutes while you cut through the cage should be noticed.

Granted, I work in a Tier IV data center (getting through security is like going to the airport every morning) and don't expect such a high level of security everywhere, but I would think extending the cages beyond the raised floors (and dropped ceilings if present) would be a no-brainer and would be done at very little cost. In addition, I would think at the very least having cameras on and recording 24/7 shouldn't be that big of an expense.

Re:

[geekoid]

You see shit like that all the time.

I've seen security windows ahve the frames installed backwards(screws on the outside), I've seen cash rooms in a casino that open up into a walkway in the attic, I've seen a touch screen access pad hooked to a computer that was exposed to the interior network.

A lot of stupid crap.

Re:

[gclef]

Yeah, and don't expect that even the high-priority data centers are all paying attention. At one of the high-profile data centers where I used to work (didn't tier I used to be what people bragged about?), there was a guy sleeping under the raised floor for a few months before people finally caught on. He had a sleeping bag, food, etc down there....as long as he only went down there after regular business hours, his odds of bumping into someone were pretty low.

Re:

[Critical Facilities]

ll of the cages are extended beyond the raised floor down to the concrete

A good method, although a cheaper and easier method would be to use the raised floor tiles that screw down to the pedestals at all 4 corners. Just a thought ;-).

Re:

[yakumo.unr]

I'd have thought whoever was asked to install a 'cage' should take that to mean 6 metal sides. 4 walls, a top and bottom.

Clearly in my mind I'm not doing it right.

Re:

[eln]

Sure, and we have multiple layers of security with armed guards posted both outside of the gated parking lot and outside and inside the building itself. That would stop most armed robbers, although if you had a Die Hard type of situation with a whole gang of highly sophisticated thieves, I doubt you could do a whole lot to stop them, short of having Bruce Willis on speed dial.

When they catch the thieves

[ArhcAngel]

They will throw them in the BIG HOUSE!

Hey, RIAA scumbags.

[Anonymous Coward]

That is stolen music.

Now you can tell the difference.

Re:

[jez9999]

I'm not normally this anal, but...

music is an abstract concept that can't be 'stolen'. That was copy(ies)of music.

Locks and guards

[techpawn]

Our data centre is behind three locked doors and on the middle floor. I love telling people when I remote into a server "yeah, I'm rebooting a box 16 miles away, behind locked doors and guards..."

Re:Locks and guards

[Anonymous Coward]

That line never fails to get the ladies.

Re:

[techpawn]

This just means that their social engineering is working.

I'm sure the giant yellow "CAUTION! Keep door shut at all times!" sign does not help matters any.

Re:

[MightyMartian]

'm sure the giant yellow "CAUTION! Keep door shut at all times!" sign does not help matters any.

Particularly when it's taped to the zipper of his pants.

You also need to pay the guards more then the Min.

[Joe The Dragon]

You also need to pay the guards more then the Minimum Wage like the Chicago data center was willing to pay with then say that being able bring your own gun being a big plus in the job posting.

I said it before...

[Thelasko]

with these new containerized data centers you don't have to worry about hackers (crackers, whatever); you have to worry about somebody with one of these. [wikimedia.org]

Re:

[Dr. Eggman]

I can see the conversation now...

Admin: He's getting away with our IBM iDataPlex! Quick, to the IBMobile!
Intern: Um, I'm sorry but the marketing department borrowed the golf cart for their golf outing today.
Admin: Well, then come on; it can't be moving more than 5mph anyways...

Re:

[Thelasko]

What's the bandwidth of one of those?

Please answer in terms of car loads of encyclopedias or 747s full of CD-ROMs.

Interesting (yet scary) anecdote...

[halivar]

I have a friend whose co-located server went down. The Linux partition was screwed, and it needed a reinstall something fierce. I couldn't reach him (he was on vacation), so I drove down to the provider to grab the box. They did not so much as ask for my name; they just let me in, said, "go on in the machine room and grab it." This perturbed me a bit (because the machine clearly had a label that said "Property of [not me]. Do not touch."), but I went in, took it, brought it home, and fixed it up. When I brought it back (with a new install of SuSe and the then newly-released 2.6 stable), the techs remarked that the owner's roommate showed up to see what was wrong with the server. Having been told that an unnamed individual was allowed to make off with the server, he threatened to call the police. The service provider's response to him was, (and I quote), "fuck off."

Re:Interesting (yet scary) anecdote...

[Amouth]

that is a crap provider.. one thing to learn is that the lower the cost the lower the care that is taken by the hosting facility.

some times you do get just what you pay for..

This feels so unnatural...

[ascii]

To quote a favourite band [vampireweekend.com] of mine:

"But this feels so unnatural
Peter Gabriel too"

Need to encrypt those account email addresses

[sugarmotor]

Really need to get to work on encrypting those email addresses stored in the user's table.

Stephan

Too expensive systems

[leandrod]

Fact is, due to inefficient software (and I am not talking about proprietary systems only) we are stuck with expensive machines. I wonder if more efficient systems such as Plan 9, not to mention Lisp and/or relational operating systems and machines, wouldn't enable us to have cheaper, and therefore less attractive to criminals, systems.

Re:

[geekoid]

No, because then the cheaper machines wuld ru everything fine, and be just as valuable.

Now, host on a mainframe and it isn't likely to be stolen.
Or, have competent security and have a team of security argents do an audit once in a while.

Re:

[leandrod]

the cheaper machines wuld ru everything fine, and be just as valuable.

But not nearly as expensive.

Get a better DataCenter

[noc007]

The company I work for has all of its servers in a secure colo. The place offers secured cabinets, secured cages with racks, and even does walled off areas of the datacenter floor with a secured door for high paying customers like Google. The facility is manned 24/7 with cameras all over outside and in. The rear of the facility is fenced and gated.

If you're on the roster for your company with floor access this is the process you have to go through to even get to your server:
-If it's at night, you have to use your RFID badge to get in the front door
-Check in with security and sign out for your key if the door is not a combo lock
-Security needs to buzz you through the first door
-RFID badge and finger print through two or three doors
-Iris scan in the man-trap to get to the datacenter floor
-Combo or the checked-out key to get in to the cabinet or cage

On regular intervals they check the people on the floor to make sure that you're suppose to be there.

I'm not saying this place is a fortified facility that can handle a team of insurgents. However, I'd feel that my equipment is safe from the theft I've been hearing about at some datacenters. For a cabinet with a 1Mbps commit data rate with an actual 10Mbps internet connection and IPs, it's about the same cost of having a T1 to the office.

For those that want to know who we use, it's Quality Tech.

any scrap metal value?

[peter303]

Virtual everything around here is being stolen for scrap metal value: irrigation pipes, public statutes, road rails, roof flashing, etc.

How secure my data center was

[SendBot]

Sorry to reply with a personal story, but I once had a server in a secured facility in the downtown of a major city. I signed up with the place because on their web site it said "you get 24 hour secured access to your server". Amongst the many false advertisements, they couldn't offer me this because they didn't want commoners such as their paying customers to run amok in the data center.

So I take off on one columbus day weekend for a 3-day holiday. That friday night (midnight on a saturday), they power dow

Wrong Server!

[cashman73]

Dammit, CowboyNeal! I told you to steal Rick Astley's web server [rickastley.com]!

Phil Collins Strikes Again!

[Bushido Hacks]

In this Land of Confusion, only one man could be so evil to steal Peter Gabriel's hard drive: Phil Collins. Peter could probably fell it coming in the air tonight. (Oh! Lord!) But Seriously, (gotcha!) we'll see his true colors shining when the cops catch Phil throwing it all away. No son of mine would get away with that!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[sokoban]

Weren't backups kept at the Solisbury Hill data center?

Either way, this is getting a lot of Exposure. Maybe his next server will be entirely D.I.Y.

Re:

[d3ac0n]

Mr. Gabriel was reportedly quite Steamed about the theft.

Re:

[geekoid]

Clearly this was done by Moribund The Burgermeister

Re:

[ShaunC]

Be on the lookout for a young man

No, no, this is Peter Gabriel, not Pete Townshend...

Re:

[beef curtains]

You shouldn't have posted as AC...you should take credit for a comment this great!

I'm picturing John Cusack standing in the rain, serenading Ione Skye with the fan-whirring and hard drive-clicking of a blade server held over his head.

Re:Maybe they shouldn't have been dataslumming it

[geekoid]

No he didn't.
No one deserves to be the victim of a thief.
That kind of thinking was spawned from insurance companies.

If they had a 99.999 uptime contract, then they have every right to bitch.

Re:

[jimicus]

So his hosting company was the side-project of a prepaid cellphone company? He got what he deserved.

They're a pretty major mobile phone company in the UK, and remarkably adept at forming subsidiaries and acquiring companies.

They're not particularly adept at customer service when things go wrong, but I don't know any organisation that sells mobile phones that is.

Re:

[JorDan Clock]

I haven't slept in two days, and I still got that reference. Nobody did any hacking in Hackers, though. They just randomly typed things while colors swirled around the screen and text shot around.