In a digital age plagued with rogue data breaches and attacks, the need for better online security and secure web hosting options is growing dire. Securing data online is often left to massive data centers hosting massive servers. Any time data is accessed through any website on the internet, it is stored remotely on a server somewhere around the world.
There are quite literally thousands of different server hosts in the world available to serve any and all web content. Clients rent space from server centers, and it falls to the host to secure the data and keep it away from prying eyes. Securing user data within a server center can be done through a variety of techniques, such as digitally securing the network via firewalls and other authentication services, and through physical security.
It should be mentioned that even servers secured in the most physically secure locations are still vulnerable to cyber attacks, and likewise, in the inverse. It is difficult to gauge the logical security of a server; It depends on a variety of factors and multiple levels of security and authentication. Most servers are quite digitally secure, and while many offer satisfactory physical security, most systems pale in comparison to the physical security of CyberBunker - an Internet Service Provider who bases their operations out of nuclear bunkers.
Most servers opt for logical based security - security which consists of software safeguards such as user identification and password access, as well as authentication, restricted access rights, and varying authority levels. If an attempt is made to breach a server center, typically the attack is executed virtually. For the most part, such logical security systems are sufficient enough to prevent blackhat hackers from accessing potentially confidential or restricted data.
But every now and then a server’s physical security measures are also put to the test. Raids are executed on servers or data centers, ceasing all remote access to the data within.
Earlier this year, Uganda’s largest telecom Mobile Telephone Network (MTN) was raided by government security personnel. The alleged assailants broke into the data center and disconnected four of its servers while stealing.
While the company maintained a strict protocol to secure their servers digitally, a physical vulnerability left the telecom company entirely at the whim of the attackers. In the raid, two employees were kidnapped and were forced to grant access to the data center, as well as were made to disconnect four of the companies servers.
“We are yet to determine the extent of interruption to our network activities and the financial impact. It is also possible that some data have been tampered with or illegally accessed and taken from the premise,” reads a letter addressed by the telecom company.
Very few servers and data centers are independently hosted. For the most part, massive centers host a majority of web content and subsequent web traffic. But even the most digitally secure centers are vulnerable to physical attacks.
Naturally, deterrents like CCTV surveillance and security guards discourage potential attackers. However, if a government agency feels a server or data center is hosting data that is illegal or not in the interest of the government body, they will take every measure to shut down the host center.
CyberBunker - Securing Data Inside Nuclear Bunkers
Raids are a threat to most server and data hosts and will comply to threats made by powerful entities - unless their data is secured in a nuclear bunker, as is CyberBunker.
CyberBunker is one of the few independent internet providers (ISPs) operating around the world. The company was founded in 1998 and has since pioneered the hosting industry by containing data in virtually impenetrable ISP facilities.
It should be mentioned that even servers secured in the most physically secure locations are still vulnerable to cyber attacks, and likewise, in the inverse. It is difficult to gauge the logical security of a server; It depends on a variety of factors and multiple levels of security and authentication. Nevertheless, the company still boasts one of the most secure server centers in the world.
“Operating from a Cold War-era government command bunker that was purpose-built by the military to house sensitive electronic gear, CyberBunker combines the best of modern commercial technology with military-grade reliability and military construction to provide the most secure and reliable solution for people and equipment,” claims CyberBunker.
The nuclear bunker was constructed in 1995 and is designed to withstand a 20-megaton blast from a mere 5 kilometers away. Workers from within can be totally cut-off from the outside world, yet could continue to operate the facility for 10 years. The bunker features a range of security and survival, including;
- Fully redundant air handling/cooling systems.
- The entire complex is equipped with airlocks for an independent atmosphere.
- Airtight rooms.
- Electro Magnetic Pulse (EMP) shielding to military standards.
- Up to 5 meters thick reinforced concrete subterranean construction.
- Redundant 2 MW diesel generators.
- (Classified) liters of diesel fuel reserves.
- 10 000 liters freshwater reserve tank.
- 240 000 liters freshwater reserve stored in a remote backup bunker.
- All critical equipment shock-mounted on isolation pads.
- Nuclear/Biological/Chemical (NBC) air filtration.
Proven Security Against SWAT
Effectively, the bunker is impenetrable, and its security has proven itself before. All previous attempts to breach the facility have been foiled, even to the likes of SWAT raids, as what happened in the early morning in April, a full SWAT team was dispatched to execute a search warrant on CyberBunker's property.
“Most of the staff inside were still asleep, while others were watching a movie. Surveillance cameras covering the fenced-in area of the property recorded the entire event. It is apparent in the video that armed SWAT police, wearing black bulletproof vests and white helmets, forced entry to the property by cutting through the outer fence of the property. Once they gained entry, they began to quietly approach the bunker.” says a report on CyberBunker.
Upon reaching the bunker’s blast doors, the SWAT team announced their presence with a knock. Typically, the facility is equipped with an advanced intruder detection system. But the system had been tested the day before and was accidentally left in an inactive mode. The detection system failed, and the officers approached the bunker still concealed in the dark of the early morning.
“[After knocking,] two SWAT officers are seen to hit the blast door of the bunker with a battering ram. It must not have occurred to the officers that the blast doors were designed to withstand a 20 megaton nuclear explosion from close range. When the SWAT team realized that the door was not being opened for them, they throw flashbangs and take other actions to draw attention. The surveillance footage shows quite a lot of activity at this point. On the other side of the blast doors, no one inside the bunker noticed anything unusual. The SWAT team did some further investigating and appears to be making phone calls. Finally, the SWAT team realized what occurred when City Hall attempted to breach the blast doors. Apparently recognizing that they had gone overboard on their raid, the SWAT team decided to go home.” the report continues.
The team slept through the raid and was surprised to learn of the events which unfolded earlier that morning.
“CyberBunker's security was wide-awake to discover that the motion detection system had been tripped. They were in fact astounded to learn what had taken place by replaying the footage. In an attempt to learn exactly what happened, CyberBunker's general manager Jordan Robson, decided to call the police. Unfortunately, the police department claimed that they were not aware of the raid. They insisted that no SWAT team had been sent to the property.”
Upon being questioned of the event, police maintained that while there were police dispatched, it was “routine” and “nothing out of the ordinary had taken place”. However, once they came to learn their raid was recorded, the police department quickly offered compensation to repair the damage caused to the fence surrounding the facility.
“After paying € 8088.- euros to CyberBunker, nothing further was heard from the SWAT team. The search was most likely another futile attempt to find something illegal. None of CyberBunker's security or staff have a clue as to what the raid might have been about.” concludes the report.
While CyberBunker may have taken advantage of an already incredibly secure facility, it is the ingenuity of the idea which stands to be remarkably impressive. Where most companies would have caved and complied to government request - CybeBunker vows that no organization will jeopardize their server centers so long as it does not link to terrorist activities or child pornography.
In an era under threat of internet freedom, it is imperative that civilians stand for the freedom of unfiltered and unobstructed access to the internet. Companies like CyberSecure are the epitome of the free web, and through their efforts, the internet has remained a little more free from the grasps of blackhat hackers - and government hands.