Apr 16, 2021

The AWS bomb plot: How has it impacted data centre security?

datacenter
Cloud
Security
analysis
Sam Steers
3 min
Following a failed attempt to bomb an Amazon Web Services data centre in the United States, how has the event impacted data centre security moving forward?

On 6 January 2021, the Capitol Building in Washington DC was stormed by a large group of protestors against the U.S. Congress, but this was not the only major event that happened, as an Amazon Web Services data centre in Virginia became the target of a bomb plot just days later.

Prosecutors in court said that a man who was also involved in the Capitol Building riot concocted a plot to blow up the data centre with C-4 plastic explosives.

Seth Pendley, 28, a far-right extremist from Texas, USA, told the FBI he wanted to "kill off about 70 per cent of the internet" and was arrested after allegedly trying to "obtain explosives from an undercover agent," the FBI claimed.

He was arrested after concealing the explosive as an inert device inside his car, prosecutors said.

At the time of his arrest, Pendley admitted to orchestrating the plan, documents from the court stated.

The plot started with Pendley leaving a message on the message board of MyMilitia.com, which alerted the authorities.

The court also heard that he used an encrypted messaging service to communicate his plan and met up with the aforementioned FBI agent who posed as an explosives provider.

The attempted attack came at the same time as Amazon being scrutinised from the far-right of the U.S political Spectrum, with the company making an announcement on 9 January that it would no longer have ties to Parler, a social network promoting extremism and harassment.
 

What consequences would an event of this type have on data centres and data centre security if it had been successful?
 

The thwarted attack on the AWS centre does beg the question of what would have happened and how it would have affected the security of data centres in the future if it had been successful. To examine this more closely, let's take a look at a fire at OVH, a cloud services firm in France, as an example.

Millions of websites were offline in the country following a fire which broke out at the French cloud services firm, disrupting government agencies' banks, shops, and news websites, including destroying part of the. FR webspace.

The fire started just after midnight on 10 March 2021 with no immediate reason for it, but what was clear was the damage it had caused to the building and the surrounding area.

The data centre was one of four in Strasbourg, eastern France, and OVH reportedly told their clients including the French government to "activate their disaster recovery plans."

Founder and Chairman of OVH, Octave Klaba, said at the time on Twitter: "Firefighters were immediately on the scene but could not control the fire in the affected data centre," stating that the next steps for the organisation's recovery were to rebuild the centre's equipment and check fibre optic connections.

OVH or 'OVHcloud' was founded by Klaba more than two decades ago in 1999, and is a competitor of Amazon Web Services, as well as Microsoft Corp's Azure, and Alphabet Inc's Google Cloud.

It's clear that a disastrous event, whether it's a fire or an attempted terrorist attack, can have severe implications for data centres; not only in terms of the physical damage they cause, but also how they affect the organisation as a whole, including their level of security.

As a result of these events, data centres will need to update their security protecting them from both terror attacks and other major incidents to ensure the likelihood of a recurrence is minimised as much as possible.

Share article