Skip to content

Serco Switch Silliness

27/09/2011
By mike in Blog, Fail, Rant, Work stuff

11 Comments

I have thought long and hard about actually posting this live on the Internet, but in the vain hope that disclosing data is more sensible than retaining it have decided I may as well. As you may or may not know, Xiphos Research Labs are a start up which has the considerable deficit of not allowing us to purchase shiny new tin from vendors (all about cost savings). As a result we regularly pillage eBay for second hand kit we can adapt to our purposes. As part of that process we recently purchased a couple of ‘new’ servers and a Cisco Catalyst switch from a UK based eBay seller. So far, so unremarkable. I’ve recently been doing some research on the security (or otherwise) of Critical National Infrastructure, and the likelihood of successful mass scale attacks. As part of that research I have been investigating NATS (National Air Traffic Services, the UK main air traffic control and navigation provider). Again so far, so unremarkable. Well, after waiting for the courier to arrive we got a very nasty shock. I noticed that the beautifully packed second hand Cisco switch had a shiny NATS logo on the back, and decided, just on the off chance to do some digging. I really wish I hadn’t.

The switch instance was fully loaded, and had retained the previous configuration data which was associated with Serco, and NATS Prestwick. Prestwick Air Traffic control handles more traffic than any other European ATC, and is responsible for the majority of trans-Atlantic flights. Overall it handles, according to the data I’ve been able to glean, about 900,000 flights a year (and growing). The switch we acquired quite legitimately from eBay was from this facility (managed by Serco) and contained a wealth of data. As well as details of the full VLANs in use, and associated services, we were also able to extricate full VTP trunking data, device management accounts, Read and Write SNMP community strings, and full details of upstream switching. It was not good. The password policies associated with the device are simple (I’m not providing pasword details in an open forum, but it’s a Cisco device so have a guess eh?) and it really was an absolute treasure trove of data no older than 18 months old (yes, we did get the last power cycle data). Basically for 20 UK pounds we  acquired all the data necessary to plug in our own rogue switch instance, and thus monkey with Prestwick ATC switched networking. That’s not the truly scary part though. The seller we bought this device from had thirteen switches (which I am assuming all came from the same place, e.g. the back room of Serco). I don’t know what was on these devices, and I don’t know where they ended up. Like the ocassionally responsible adult I am, I contacted Serco direct. I have yet to hear back. NATS have been in touch, and are currently kicking rear, but this is genuinely scary.

From what we could establish, the password policies in place on networked devices at busiest ATC in the EU are simple. the naming conventions for SNMP community strings are trivial, and the data destruction processes are clearly not being applied. I knew all this when flying over the Atlantic, and I have never been so bloody concerned. Of greater concern is that their are 12 other devices (which I assume have also be liberated or liquidated from Prestwick ATC) out there that may be as loaded with data as this one. I have also yet to get a response from Serco (who presumably have bigger things to worry about like forcing invalids off the dole).

The point of this post is not to rip on a particular company (after all the devices in question could well be stolen goods for all I know – which does sadly beg the question, of how they got stolen from a supposedly ‘secure’ facility?) but to highlight the absolute necessity for sensible data destruction (how hard is it to erase Flash memory on a switch? Not very) especially when handling data which if misused could have very serious consequences.

It really is amazing the bargains you can find…

PS: The screenshot is from the switch in question, which does make me wonder what advanced capabilities Serco have for monitoring my network…

Field notes

27/09/2011
By mike in Blog, Conferences, Procastination

No Comments

Right then, I am back (vaguely). I know it’s been an abolsute age, but I finally have gond to updating this here self publicisng nonsense. Life has been incredibly fraught of late, and it’s all gone a bit insane. We recently took on a new starter (who lasted all of three weeks before getting hacked off with the commute), and we have a lot of work on, which in a global financial clusterfuck (or ‘recession’) is I suppose a moderately good thing. As well as life and work, I was recently at GrrCon over in Grand Rapids Michigan, and although it was the first year out for the guys, I have no hesitation in claiming it was one of the best cons I have had the pleasure of presenting at. I think that largely stems from the impetus of the con, which was not about making money for the organisers (although they just about came out in profit) but getting students and unemployed graduates in contact with employers (which is actually a fairly lovely thing to do). The crowd themselves were lovely, and with regards the organisers, they treat speakers like the deliate little flowers we are (e.g. they got me drunk and wasted, and giggled at my accent). All in all it was a bloody good time. The same can not be said of c0c0n (to be held in Kochi, India next month). I’m sure the conference itself will be lovely, the minor problem I am having at the moment is getting there. For those of you unfamiliar with UK travel to India, like I was, getting a Visa is the most difficult process in the world, and seems to have been organised by the Vogons (thankyou Mr Adams). I’ve been to the Visa centre twice now, and my docuements are still not in order (they need passport numbers, and letters of intruduction, and I also must claim that I am able to afford the subsistence costs for a 2.5. day trip where everything is covered anyway). Long story short, it’s a bloody farce (especially considering that as far as I know India does not have a major problem with Brits working on the black out there). Still, that’s government for you. Anyway, I have another post to write today which I promise will be a lot more fun, but this was just a quickie to let anyone who actually reads this bilge that I am mostly alive and well….

Cons, con-artists, and movements

23/06/2011
By mike in Uncategorized

No Comments

So, I’m back. I’ve been a bit busy lately. I thoroughly enjoyed the last public PH-Neutral (or what I can remember of it). My memory is somewhat foggy, but I managed to break two Americans who were foolhardy enough to pretend they could drink (I think maybe turning up back from the bar with a bottle of whisky may have intimidated them), and caught up with a number of most excellent people I’ve not seen for a while. I also had an awesome time at Ninjacon / BsidesVienna where my talk was well received (which is surprising given that I had managed all of about 1.5 hours sleep in the 26 hours before I gave it). As usual Astera put on an amazing event, this time able assisted by Chris John Riley, and a bloody good time was had by all. I also had an amazing time at AthCon (more details on that one later though…)

Other than travelling around the face of Europe, I’ve been busy. XRL are about to go live with a couple of new web services (more details when the US get off their arse an actually get it live), and client work has been a bit intense of late. That said, it’s all money through the door, so I am definitely not whinging about it. I also harassed Channel 4 today. They ran an interview with none other than Greg Evans (I refuse to link it) in which he claimed (with his usual understatement) that hackers are worse than terrorists. Needless to say, as soon as I actually discovered that nugget, I phoned up the journo responsible, and let her know her “expert” was anything but (I suspect using the word “tool” may not have been my most professional moment, but I stand by the accuracy of that statement). Other than harassing the meja, I’ve also been working on some other stuff. I’m trying to find the head space to write a few more articles, and have already aborted two white papers (I may resurrect one depending what happens with some research we have on at the moment), in addition to creating a couple of trouble causing tools. As usual I’ve had my fun at cons, and now am back to a clusterfuck of work… meh…

Anyway, I said I’d mention AthCon so I will. My talk went down really well over there (I suspect becuase the Greeks are really pissed at governments at the moment), and I stayed over there for a few days afterwards to enjoy the sunshine in the Med. After seeing the protests in Syntagma square (e.g. people actually getting off there arse and doing something rather than watching Pop Idol and whining) and enjoying food, cheap cigarettes and beer, and weather, the GF and I have decided that we are going. What really solidified that for me was flying back into the UK (from Ninjacon) to be surrounded by fat, ridicuolously sunburnt, loud people wearing silly hats (sombreros wtf??), and then getting “questioned” by immigration (in tandem with the lovely police you see wearing suits at airports no less). My very sane conclusion is thus, that the UK can go and fuck itself. Yes, I know the Greek economy is in the crap. Yes, I know capitalism is collapsing over there. Yes, I know people are getting irate and taking to the streets. You know what, that’s part of the charm. I’m currently trying to find a flat (not easy given that the Greeks are only used to renting to non-Greeks on a short term holiday basis) and once that is done, and a few other things taken care (e.g. making sure the intern, and clients are happy), I am gone. The scary thing is it is actually cheaper for me to fly from Athens to London for work related stuff, than to catch the train from Birmingham to London. Bearing that in mind, and the huge boost to standard of living (nasty wine is only 3 Euros per 1.5 litres) combined with the fact that the UK has steadily pissed me off for the last decade, and the fact that remote work can pretty much be done from anywhere, and you begin to see why I am getting off this soggy little isle before the whole shithouse goes up in flames.

Anyway I should be working now (waiting on report data) rather than harassing journos and plotting my escape, so I’m off back to…

PS: As you are doubtless aware, LulzSec have been making all kinds of noise at the moment. Part of me is deeply amused….

My utterly fantastic life

18/05/2011
By mike in Uncategorized

No Comments

So, yet again it’s been a while since I actually updated this crap, so to that end, I am now doing so. Life (as you may have guessed from the title) has been a little bit fraught lately. The office ADSL connection is not working, and hasn’t been properly for three weeks. This has led to a lot of paying client work having to slide (in a power animal style) and many, many ahrried phone calls with BT. As I suspected several weeks ago, their crappy ‘business’ router can’t cope with traffic demands (yay for unintential DoS) so they are now having to spend two hundred quid buying me a commercial grade bit of tin (and I want compensation too!). Talking of commercial tin, becuase of recent client work, I had to go and purchase an iPad (app testing) and it has to be the most redundant piece of technology ever. Without Flash it is about as useful as a chocolate fireguard, and I for one can’t actually understand what Jobs&Co hope to achieve with it (other than attempting to force devs to embrace a standard they never will). In other (cr)apple news, I took the plunge and purchased a 2nd hand MacBook Air the other day. It seems ridiculously underpowered, and I wouldn’t trust it to cope with the demands of the day job, but for toting around giving presentations it seems to do what it says on the tin (and as I paid about a fifth of what they are new by using fleabay, I don’t really mind). There’s definitely a couple of things pissing me off with it though. Firstly, it has a French keyboard which is just a tad confusing, and secondly, (cr)apple in their ultimate wisdom decided to remove the # key (making using Terminal a slight chore) and make the only way of accessing it ALT+3, which doesn’t exactly seem bloody intuitive.

Talking of presentations, I gave my “cyber” terror talk at an ISSA event in Bletchley Park the other day, which was a very odd little experience. Firstly, I was talking on the same event as David Litchfield Jnr (who used to be my boss, or one of them, back at NGS). Secondly, most of the audience seemed to find my rantings amusing, apart from a few dissenting voices. I take the criticisms leveled on board (e.g. the talk could give some people a false sense of security, with some of the conclusions I have drawn from the known existing technical competancies of terrrorist attackers) and am now working on the ‘dark’ / much more political / amusing version to present at AthCon and Nuit du Hack. I’m also potentially going somewhere very glamourous, and if that comes off, I probably shouldn’t mention it, but I will as it has the potential to be frigging hilarious.

Talking of hilarity, work is still progressing at a glacial pace. In the next week or so we should be going live with a new web resource (not saying what, but it has to do with vulns), and after much twatting around we should also have a corporate blog (where I doubt I will be able to swear so freely) and CLI email back up. As to rest of our efforts, well they are still boiling away in the background and should be spilling over soon.

In other more exciting news, I’ll finally be going to PH-Neutral (if only, as it’s the last ‘proper’ one this year) this year, so that has the potentail to do lasting and significant damage to my liver. As to all else, I am as is ususal, stressed, harried, and possibly on the verge of a slight mental collapse. Other than that, all is still, as ever, fantastic (if not sadly, fantastical)….

Osama Bin Laden: Autopsy photos released

02/05/2011
By mike in Blog, Fraud

No Comments

There are no photos here. That said, there could have been. There could also have been all manner of malware. Stop following blind links eh?

A Life Entire

26/04/2011
By mike in Blog, Fail, Procastination

No Comments

I know, I know. It’s been a bloody age since I have posted anything here (even longer since I have posted anything of value). To make things simple below is a list of stuff I have been up to lately:

1 – I have been attempting to write two presentations at the same time (both on the subject of CNI and weaknesses therein). I will be talking a nuit du hack (in Paris) and AthCon (in Athens) for definite, with more stuff potentially in the pipeline…

2 – I will be going to PH this year, provided I can actually raise the air fare between then and now

3 – XRL will shortly be going live with two new webservices

4 – We’re also deeply embroiled in forensics and malware research, which has the potential to be very sexy (in as much as forensics can ever be sexy)

5 – I may shortly be at liberty to disclose another super secret research project, which if nothing else will piss off a number of people

6 – Talking of pissing people off, various people at C-level and in UK .gov departments hate me (or at the very least think I’m a dick) because of my drunken antics

7 – Because of circumstances beyond my control, I have learnt some fascinating lessons about proper incident response, which I will be jabber on about provided I find time, and some way around a fairly formidable NDA

9 – Client work has forced me to invest in Crapple products (iPad and Air). The former is perhaps the most redundant piece of tech I have ever encountered, and the latter is actually useful (provided you can deal with the lack of basic comm ports)

10 – I have been insanely busy with all of the above (plus another couple of ‘personal’ projects) hence no ranting for a bit. Rest assured, normal service will at some point be restored, and I may yet have something useful to share, other than idiocy and lists validating my lack of postings….

The Doctor will see you now…

21/02/2011
By mike in Blog, Fail

No Comments

I am beginning to question the validity of my career choices. Maybe it’s bad whisky or something. Maybe it’s the spirit of Dr Gonzo stalking through my consciousness again. Maybe it’s nothing palpable I can put my finger on. Maybe it’s too many bad gigs for clients that don’t care. Maybe it’s because I am losing a part of something I wanted once to be and never had the balls to become. I don’t actually know. It’d like imagining purple rather than red, or forests rather than streams. It is all odd. And yet, still not weird enough for me.

Technology has the ability to be many things to many people. For some it is merely art. For others a means to a comfortable, two level, end of days living. For other still a way to reinforce their utter lack of self worth. I always imagined it had the potential for seeds of revolt. I don’t know now, and I don’t care. I am feeling strained, worn, and harried. I can hear the drunks banging on the drums, and the sound of KPIs and objectives spooling into oblivion. I can see reports that don’t get read, and recommendations that never get acted upon. I can feel the heat closing in.

You see there are times that it all becomes so much sound and fury signifying nothing. Welcome to the modern febrile age. Full of instaneous, action packed, emptiness. I don’t know what project managers do. Do they contribute as much as a poet or a mage? Can you still get off if you live like a whore? I’m drunk, and I don’t really know what to do anymore. Sleep. Dream. Write reports about SQLi and XSS.

Not Quite Dead Yet

31/12/2010
By mike in Blog, Rant

5 Comments

Well it’s nearly 2011. Exciting no? As this year draws to a close, I have time to reflect (if only as my old faithful insomnia has returned) which is always a worrying proposition. I’ll rant about that a bit later, but for now, I feel moved to witter on about a subject close to my heart, namely penetration testing. A couple of years ago (almost, as it was in 2009) I read an article by Brian Chess predicting the death of pen testing (linky here). Later in 2010, Chris Nickerson predicted its demise at B-Sides Atlanta, and tonight I have just read yet another article (this time courtesy of Carnal 0wnage, here) predicting both obsolescence and death. Personally, I call bollocks.

Now all the authors and oracles of doom, are right about one thing, namely that penetration testing is rapidly evolving. In the early days (pre SATAN) you had to know about things like network protocols, and if you are as old as sadly I am, you cut your teeth on slow baud modems, and the X25 stack. Penetration testers (who weren’t even called that back in the day) soon got Nmap and Nessus thrown in the mix, and it was perversely only fairly recently that attack frameworks like Metasploit came over the horizon, and later still that we ended up with ubiquitous live distros like BackTrack. Obviously tools are advancing at an exponential rate, and yes pretty soon, automated software will be able to cherry pick the low hanging fruit and plug in nicely to whatever is the compliance flavour of the month (at the moment it’s PCI, but it is arguably only a matter of time before a major retailer tells Visa and Mastercard to piss off, and then that party may well be over).What makes me say that? Well there are already products aimed at ‘dumbing down’ the pen test process, and Xiphos Research Labs have been working on one too (in our own coding language set I hasten to add) for three years (we’ll be hopefully pushing it out against the bigger boys in Q1 2011). Yes, it is probably inevitable that as the tools get easier to use, client in-house teams will take over (many large corporates already have in-house capabilities, albeit ones that they are charging out) and the traditionally perceived skills barriers will be lowered (that’s what we are aiming for). And you know what? That is actually a bloody good thing (as it may well get rid of some of the cowboys in the industry that think performing a light weight VA is the same as performing a no holds barred pen test).

Before we all go out and buy lilies for the funeral, it should be noted that pen testing is not dying. It is not becoming obsolete. It has not shuffled off this mortal coil. Allow me if you will, to provide a few examples. Our first gig in the new year at XRL (other than finishing off client reports we didn’t get around to in December) is for a UK based financial. They want a pen test funnily enough. We won’t be turning up on site, running Nessus, and then slinking off with the check. We’ve already started doing info gathering for social engineering (yes Mr COO, I do know what your wife and children are called). We’ve spent the last two weeks putting together some USB malware which as well as auto-executing on both XP SP3 and Win7 (about more later at some point, perhaps) also self destructs after dialing home once, leaving no tangible proof of wrong doing. I’ve also dug out my lock gun and shove knife for when we do the physical intrusion. Funnily enough, although this may be outside the remit of what most people think of when they think of a ‘pen test’ (e.g. slightly dubious looking individual armed with a laptop in a DC) I reckon it is actually a better picture. One of the drivers behind XRL was to move towards a more holistic approach (ugh, I do so hate that phrase) of what pen testing is. A web application pen test is more than a w3af session, and should include a formal code review / investigation of weak third party relationships, and code. A network pen test is more than just Nessus, and should actually seek to play with weird protocols that sometimes present themselves (not forgetting the joy that is telephony of course). A pen test should encompass both SE and physical security (an attacker will almost certainly engage in this, as people are the weakest link, and companies still throw away an inordinate amount of interesting stuff). In all of the above, an automated tool cannot accomplish this. An employee who isn’t aware of pre-texting can’t do social engineering. You can’t kill this with shiny tin in the server room.

So why do people keep bleating on about the death of pen testing? Well, it’s simple, in as much as firstly it’s fashionable (just as concepts like cyberwar come around with regularity) but also from a certain perspective, they are right. Organisations are getting increasingly fed up with paying large day rates to ‘consultants’ (their is a clue as to the true nature of that profession in the first syllable) to attend (or not, if it’s a remote job) their sites, run automated tools, before buggering off into the sunset and delivering reports that are cut and paste results from the automated tools (on that subject a client presented me with a report by their previous testers the other day, which was 4000 pages long – most of which were just automated results – ensuring that nobody would ever read it all the way through, other than me as I am a nosy masochist weirdly enough). Of course, some clients want the bare minimum, but clients like that have always existed. If you are hired by an IT manager that is in a deeply political environment, they may well want to cover their arse, and obviously will not be best pleased if you actually find problems they should have fixed (and in some cases say they have). Guess what though? If you are a professional, you don’t do the bare minimum, you do your job. If as a result of that the client hates you, deal with it. It’s what you get paid for (regardless of the media image, everyone hates pen testers as we make problems, not actually fix them). Because of these issues, there is a move to ‘compliance’ friendly solutions. The ASV market is saturated with solutions that offer a check box approach to security, but this is not the job of a pen tester. To steal from Jaron Lanier, a pen tester is not a gadget. As humans we are blessed with talents that no code can ever possess. Quite apart from creativity, we also have the ability to adapt to our surroundings, and also think and act like crooked fuckers. It’s that ability that will allow ‘proper’ pen testing to flourish. Yes, automated software will kill off large chunks of the industry, but this is a good thing. It’s called selection, and it gets rid of the fraudsters, the pseudo-experts, and the bullshit artists. Like I have been saying for three years internally, if we develop software that allows anyone to be a pen tester, if you are currently a pen tester you’d better be good at your job, if that is, you want to keep it. So, to conclude, pen testing will never be obsolete (appliances can not commit physical intrusions) it’ll just evolve. It won’t die, it’ll change. That change will be painful for some, but for those that know their craft, it can in the long run, only be considered a good thing.

Anyway back to the reflection I was talking about earlier. This new year sees the end of the first year of the existence of XRL as a corporate entity (we’ve been going longer than that but that was in the early code gestation stages) and what have I learnt? Well, not that much. Sales people are liars and mostly dicks (I knew that already). Taxes are expensive and hard to pay (damn you all to hell alcohol). Staff are hard to manage (and good ones are hard to find). Good clients are hard to get. One thing I didn’t know going in was how much work it would require. Yes there have been days where I have sat at home and done nothing other than watch bad movies, but they have been as rare as water in a desert. For the last year all I have done is work, and sadly it has yet to reap dividends (that said, I’ll hopefully be going on a tropical holiday and buying a MacBook Air in Jan, so it’s sort of paying off). I know they’ll come though, as Q1 & 2 we’ll be launching some shiny new software solutions, which should help stabilise things a bit, and save us from the current feast and famine economic model. Because of the day job, my time for research last year was sod all. I managed to get some stuff on North Korea down on paper, but the POS stuff died a death (I hope to get the point of sale / pile of shit stuff together early on in the year). I’m currently obsessing about the likelihood of actual, proper computer mediated terrorism, but if I know me, I’ll probably have got bored/distracted in a week or so and that will drop by the wayside (that said, I do have an awesome talk title, and I hate to waste those). This was also the year that the mass media heard of DDoS, and Australian citizens were reminded that thinking with their dicks may lead to government fit ups (something we all need remember should we piss off the gov’mint). Students in the UK tried to revolt (and made a pretty crap job of it), and the UK government continued to be full of self serving pernicious shits ruling over a vast collection of reality watching dullards in shitty weather. Generally life continues, as pen testing will continue.

This post needs to stop continuing now however, as it’s drifted into rambling (ah, thanks again insomnia), but to any readers that aren’t bots have a new year filled with adventure and joy. See you in 2012 (when if Nostradamus is right, we are royally fucked).

Wikileaks Latest, or Tell me something I don’t know…

06/12/2010
By mike in Blog, Fail, Infowar, Rant, Venom

1 Comment

As some of you may have noticed, I’ve not been around much lately. This is for a couple of reasons. Firstly, I was insanely busy in Sept/Oct preparing for and then enjoying HackFest and SecTor in Canada. Both cons were awesome in their own way, and I will at some point get around to writing up some impressions. Secondly, I have been insanely busy latey, with client work quite literally spewing forth from every available orifice. Finally, and much more fun, I have been doing a lot of research. I think debunking North Korea (and their cyberwarfare capabilities in particular) has set me off, and I’ve been doing some digging on ‘cyber’terror (crappy phrase that it is). I’ve also been investigating POS (Point Of Sale) systems and how crap they are, but that is a different story. Anyway, back to ‘cyber’terror (or if you like, digital freedom fighting). I’ve been investigating the effectiveness of various attack vectors, and what should loom into view like a big sweaty behemoth than Mr.Assanges’ latest attempt to piss off the US, namely, the State department memo: 09STATE15113, REQUEST FOR INFORMATION:CRITICAL FOREIGN DEPENDENCIES (CRITICAL INFRASTRUCTURE AND KEY RESOURCES LOCATED ABROAD). Now predictably enough everyone is throwing their toys out of the pram, even though the assets listed are virtually a year old, in some cases wrong, and in most cases deprecated. It seems as well that terrorists are too dumb to realise that munitions manufacturers, and comm links would make viable targets. Call me demented if you will, but I am pretty sure that if you are a foreign or domestic terrorist, you may have realised that BAE Systems may make a viable target, and this is strangely not the earth shattering news various politicians and media agencies claim. Which brings me back to my research on much easier potential targets which is still gestating in my head (*cough* hospitals *cough* payment providers *cough*). Anyway, now courtesy of wikileaks and Bradley Manning, neo-cons and meja types have something else to get their panties in a bunch about. Which rather neatly brings me to the point of this post. What I wanted to do was investigate, what if anything this leak actually meant in terms of security, and also what if anything a terrorist type could get up to with the data here in the UK. So, here goes…

Target One: Teleports

Teleports are not as you may be thinking magic. They are not actual teleports as shown in ‘The Fly’, rather they are earth stations for satellites. Basically all the metal shiny stuff in the sky is controlled via teleports via radio waves. Basically they are comms hubs that control sputniks. Funnily enough here in the UK most of them are controlled by BT (with a view notable exceptions) and a few according to the US State Department are vital to their interests (ironic in and of itself as they are on British soil, and controlled allegedly by UK companies). Anyway, the targets are as follows:

Goonhilly Teleport

The Goonhilly Teleport is located on the Goonhilly Downs in Cornwall, and controlled by BT. It used to be open to the public but has now shut up shop, however if you really wanted to badger people into letting you in you could harass some of the contacts listed here (well provided they weren’t contractors culled by BT). Thanks to the Internet, however you can avoid having to visit Cornwall (always good considering the floods and weird accents) and can readily find pictures of the place, such as:

If you really want to go to town, and plan your amazing cyber attack (TM), BT have very nicely put together the some specs of the installation, that are available here. For those of you obsessed with Google Earth (now if that isn’t a terrorist tool I don’t know what is – incidentally neophyte terrorists be warned it will kill computers with low specs) a birds eye view of the postcode TR12 6LQ (the Goonhilly site) is available below (click to embiggen of course):

Madley Teleport

Next on the US list of viable targets is the Madley teleport. Situated funnily enough in Madley, Herefordshire, this again is a teleport controlled by BT. Pictures such as the one below are readily available online:

Again, for the Google Earth obsessives, a quick look up of the post code associated with the site, HR2 9NH, reveals the following (as you can see it’s a lot more exciting and shows dishes and stuff):

Rather embarrassingly from a national security perspective, this Youtube video shows the inside of the building (including racks with identifiable components) as well as engineers clambering up towers and stuff. Now call me a cynic if you will, but you would have thought GCHQ or DISA would have noticed that and removed it were this facility so important (unless of course it’s double bluff and it’s not the facility at all…)

Martelsham Teleport

The Martelsham teleport is located in Ipswich, Suffolk (that hotbed of international terrorism), and unlike the others is controlled by Arqiva (who control a lot of other teleports too).  Handily enough, whilst looking for images of this teleport, I drifted across the following (showing the recently updated control room, which at the time of the photo was for reasons beyond my mere mortal understanding, being used to watch bowls):

Also whilst searching for more details on the teleport instance, I came across the following paper from Plymouth uni detailing the BT approach to satellite comms (it’s from 2003, and so old they didn’t even have a fancy logo yet, but what’s the betting given the legacy nature of comms, it’s still kind of current?) and a very pretty overview (with teleports mentioned for all) e.g.:

Again for the Google earth types, I have saved you the trouble of using the worlds most bloated app (outside of the AV world) and below find a view for the location post code of IP5 3RE (no dishes, so my guess is it’s actually just the corporate offices of Arqiva):

Target Two: Undersea Cables

Funnily enough, the US State Department values the strategic importance of underseas cable that allow the intertubes to function. As anyone with even a slight clue knows these circle the globe and someone with a submarine and cutting gear could cause all sorts of chaos (I’m looking at you, The Beatles). I am a lazy bastard, as many will already know, and I have no wish to repeat others work, which is why if you are going diving I suggest a quick read of the fascinating Crytome resource (Cryptome is like wikileaks for non-media studies students) which details APOLLO undersea cable landing Bude, the United Kingdom Atlantic Crossing-1 (AC-1) undersea cable landing Whitesands Bay, FA-1 undersea cable landing Skewjack, Cornwall, the Hibernia Atlantic undersea cable landing Southport, the TAT-14 undersea cable landing Bude, the Tyco Transatlantic undersea cable landing, Highbridge and Pottington, and the Yellow/Atlantic Crossing-2  (AC-2)  undersea cable landing  Bude (and has done for years to no consternation of former home secretaries, or FOX news affiliates).

Target Three: Munitions and other babykilling stuff

United Kingdom Foot and Mouth Disease Vaccine finishing BAE Systems

One thing reading the leaked memo shows is that US State Department do not know how to spell Preston (listed as Presont for some reason). Regardless of their inability to spell, the BAE facility in Lancashire (PR4 1AX) is listed as being of critical national importance (which is weird given that it is supposedly geared up towards foot and mouth vaccinations). For those intestested the front gate looks like this (thanks Lancashire County Council):

Now this is where it gets weird. Allegedly this is a facility dedicated to foot and mouth curatives, however the satellite photo is odd, i.e.:

Do you spot something amiss here? Try a closer look:

Yup it’s a plane next to a runway. Now, I know what you’re thinking, it’s probably there just for show, well scrolling to the left a bit, reveals the following:

More planes. Loading and offloading cargo of some type. Maybe it’s foot and mouth vaccines. Alternatively it could just be extraordinary rendition flights or something. Whatever. Probably nothing important….

BAE Systems Operations Ltd., Southway

Next up is the BAE System facility in Plymouth. Now, I’m guessing in Plymouth this is somehow related to the sea (as that’s the only thing I know about Plymouth). Oddly whilst searching around for it, I came across the following XLS document, which seems to details parts in use at the facility or something. Now call me odd, but I’m guessing this probably shouldn’t be in the public arena (and will probably really piss of the State Department). A quick Google Earth check of the postcode,  PL6 6DE, reveals pretty much nothing of any interest:

BAE Systems Royal Ordinance Defense, Chorley

Located in Chorley Lancashire, this facility used to make munitions. It also used to belong to BAE, and probably shouldn’t have been on the memo. How do I know this, well wikipedia told me, so it must be true. A Google Earth check of the associated postcode of PR7 6AQ, reveals a somewhat battle scarred landscape next to the facility. I don’t think this has anything to do with testing new babykilling equipment, but just looks that way as it is in Chorley, and Chorley alwyas looks like that…

MacTaggart Scott, Loanhead, Edinburgh

The final entry on the things the US would rather you didn’t blow up, is MacTaggart Scott. Founded in 1898, MacTaggart Scott have got a brass band, and make hydraulics for submarines (presumambly not just for the periscopes). They don’t have an address listed other than a PO Box, and a quick Google Earth view brings up what appears to be a residential street, which probably has nothing to do with them:

For all the James Bond like addresses though, they very nicely have an interface to their webmail system online, which I would guess might present an attractive window of attack should someone be so inclined:

Now, not meaning to state the bloody obvious, but if you make parts for nuclear submarines, and if you are important enough to a foriegn government to be listed as critical infrastructure, maybe you should have a more secure mechanism for getting at email (*cough* VPN *cough*). Just a thought…

So, what have we learned?

Oddly, nothing new. The US State Department values munitions manufactures, and comm links. Who knew? Terrrorists for sure. The Internet can trivially be used to get information about critical infrastructure. Wikileaks is only doing what Cryptome has done for years. The only difference seems to be the levels of invective (on both pro, and con wikipedia sides of the debate) floating around.  Additionally to jump to my defence before anyone starts, their is no ‘classified’ information in this post. Anyone (even me) can find out this data in a matter of minutes. Maybe that is the issue. Or maybe neo-cons and the like need to worry less about how terrorists *may* attack, and more about what drives them to commit ideologically inspired acts of complete bloody idiocy in the first place.

Update 07/12/10
Assange has today been arrested. Hopefully this post goes some way to explaining why the critical infrastructure list (at least here in the UK) is actually anything but new knowledge (especially as he was arrested over here). My guess, extradition to Sweden, then the US to follow….

“Our demands most moderate are – We only want the earth!”

25/08/2010
By mike in Blog, Fail, Procastination, Rant

No Comments

I’ve been thinking lately. As is usual for me when I try doing that, I inevitably end up getting depressed. Why so? Well think about it. We are now living in a corporate dominated hegemony of a planet. That’s moderately depressing. International volunteers fought and died in the thirties in Spain to stop the forces of fascism (unsupported it should be noted by the governments of many countries, including the UK), and you know what, it’s won. If we live in a world where there is an illusion of democracy, perhaps the only magic trick is to try and get some back in your own life. This neatly beings me on to my next point. XRL was my attempt to do just that. The goal was to step outside of the corporate rat race that has been driving me insane since I was capable of seeing what it was (I think I was eight or so at the time), define my own rules, and help other people define their own, all whilst wresting control from corporate entities and kicking them in the balls at the same time. Another company (who has largely been paying our bills by being our biggest client) wants to hire me away from XRL, and take some of our people with me. Realistically, I probably can’t turn the offer down, but the downside is I would have (albeit only some of the time) a ‘boss’. This is depressing. I can’t help but wonder what Abbie Hoffman would have done (he probably wouldn’t have got himself in this state), and where this sits with my Proudhon insprired view of the world. I don’t know what to do, and frankly it is scaring the shit out of me. I suppose it could be worse, I could have the courage of my convictions, cease being co-opted and go and live on a beach (the major drawback to that being a practical one, of where would I put my books and cats in the dunes?). As well as client work, and conference gigs, I now need to put on my thinking cap. The personal is political as ever….