At approximately 5pm Sunday San Francisco-time, there was a break-in at
Best Internet. Best Internet is the San Francisco-based ISP with which
the SRS is colocated. Two machines that are part of the SRS have been
stolen.
The police and FBI have been notified that a felony has occurred.
It appears to be a professional burglary - no other cages or hardware
appear to have been compromised.
The theives appear to have waited until a shift ended at 3:45 pm and
struck a short-time afterwards. The shift-replacement was ill,
discovered the break-in remotely shortly after 6pm and arrived at the
site at 7pm.
The two machines stolen were the front-end machine acting as part of the
firewall and the back-end machine containing the database. A slightly
out-of-date copy of the SRS source code was on the back-end machine.
Early indications are that very little else from the SRS cage was
removed.
Copies of the SRS source code have since been distributed to at least
two widely separated geographical locations and are maintained securely.
The SRS key has been compromised but no CORE keys were compromised. No
passphrases for CORE keys are kept online.
Emergent have been working like demons to configure short-term
replacement machines to allow registrar testing of SRS-clients to
continue. The replacement machines at the SRS went live a few minutes
ago. Total down-time was 29 hours.
The security audit folks we hired post-Washington made a preliminary
inspection of the site some nine days ago but had not finished working
on a preliminary report. We expect to work closely with them to
consider improvements to the site-security at Best and to evaluate
whether an alternate location will be necessary.
The hardware was insured and CORE will bear no cost for the replacement
hardware. There was a suggestion that in view of the current
uncertainties, CORE might be able to save some money by replacing the
stolen hardware with scaled-down versions. excom considered this and
concluded that this had the potential to delay the repurchase, and that
such a risk did not outwiegh the potential financial benefits.
core-excom met an emergency teleconference at 2230GMT yesterday with
Greg Hurst and Tom Gable in attendance. CORE's official response is to
issue a press release but otherwise downplay the incident. Tom Gable
has drafted a press release that contains more details (attached). This
release will go out on the wires tomorrow.
Sorry folks, I wish it was a joke -
Leni.
############
SAN FRANCISCO - Thieves broke into a co-location server facility
here over
the weekend, cut a lock off a steel cage and made off with two 200-pound
computer servers being used to test the Shared Registry System for the
Internet Council of Registrars.
The theft occurred between 5 p.m. and 6 p.m. on Sunday at the
Best
Internet Communications facility when it was temporarily unguarded. A
worker who was scheduled to be there had called in ill. The theft was
discovered when CORE registrars from around the world reported they were
unable to carry out routine testing of the Shared Registry System (SRS),
which will be used to administer the registration of names when new
generic
Top Level Domains (gTLDs) are introduced in the future.
"CORE has been conducting acceptance testing of the SRS for
three weeks to
ensure that it is capable of meeting anticipated demand for new names,"
said Leni Mayo, chairman of the CORE SRS working group, whose Internet
registration company is based in Melbourne, Australia. "This had zero
impact on our Domain Name Service, which is deployed on five separate
systems throughout the world."
The SRS servers - two Sun Enterprise 450 servers - and the
additional
memory and storage were valued at over $70,000. The hardware was housed
in
a locked steel cage in the colocation facility, which rents space and
high-speed Internet connections to many companies. Representatives from
Emergent Corp., contracted by CORE to operate the SRS, were at the
colocation facility in downtown San Francisco by 7 p.m. to work with
police
to determine the loss, plus begin planning for replacement equipment and
resumption of testing of the SRS by Tuesday morning.
Since the SRS is in the testing phase, no consumer accounts were
impacted.
If the theft had occurred during full operation, there would have been
a
delay of some 32 hours in modifying existing names in the database or
adding new ones. All other Internet activities would have continued
normally.
In addition to the CORE hardware, the thieves made off with a
copy of the
SRS software used to run the registry. Mayo said it was an earlier
version
of the software and Emergent would be loading the newest version on
Tuesday
on new machines. CORE isn't concerned about the software loss since it
has
always had the intention of putting the software into the public domain
to
encourage others to use and improve it. The hardware is insured.
Mayo said the police are contacting other tenants of the
colocation
facility to see what else might be missing. Investigators believed
professionals with technical expertise and knowledge of the colocation
site
committed the crime. The Federal Bureau of Investigation is being
notified, as is CERT, the Computer Emergency Response Team.
CORE hired two outside security consultants Feb. 1 to begin
their analysis
coincident with increased activity from acceptance testing. A formal
report on the SRS and other aspects of the CORE operation is anticipated
later this month.
ABOUT CORE
CORE is a non-profit corporation created to administer the registration
of
new generic Top Level Domains (gTLDs), including .firm, .shop, .web,
.arts,
.rec, .info, and .nom, supplementing the current familiar .com, .org,
.net.
It operates under a global constitution and set of standards, and
currently
lists 88 registrars in 23 countries, including 25 U.S. registrars with a
presence in 103 American cities. To better serve a global constituency
and
the future growth of the Internet, the CORE secretariat is based in
Geneva,
Switzerland, near the birthplace of the World Wide Web, at CERN, the
European Laboratory for Particle Physics (www.cern.ch). CORE retains
technology, legal, accounting, marketing and other counsel in the U.S.
It
operates Domain Name Servers in five countries through the world.
###
-----End of forwarded message-----
-- Kent Crispin, PAB Chair "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html