I've been reloading the page all morning waiting for this to appear...

.....for BT to be robbed by someone. Re-arrange these words into a popular phrase: of taste medicine own a their....

and we have been told that service will be restored this morning... I am not convinced!

Go straight to jail, if you pass go do not collect £200...

Mines the one with the tiny metal top hat in the pocket !

So - are we meant to believe this has nothing to do with the date it has happened on then?

"We were only borrowing the equipment so that we can advertise to BT better. As soon as we have a look at what types of network equipment they usually buy, we will be in a better position to sell them something they dont want to buy in the first place. Had BT opted out, none of this would have happened. Our opt-out notice is clearly displayed under the left front tyre of Mr Samson's car who lives in Green Oaks drive in lower East West London. Our methods bring better value to our customers - BT - and lots and lots of money to us. This was a legal trial - we asked our mate Joe at the pub, and he reckoned it was a great idea so long as we dont get caught."

Mine's the one that lost its Phorm because it got wet.

I hate September 11th. Only 5 sites down with around 1600 users affected. Ho hum. At least BT are being pretty proactive with their updates.

Somehow I don't think this stuff will end up on ebay. Or alternatively it's someone who has finally had enough of BT's level of "Service".

What are they going to do with it?

Perhaps upgrade their own local rural exchange?

LOL

Coat because: Is that a router in your pocket?

Now if they had read my book on Data Centre Security this would have never happened. I suppose I must get round to writing that book one day!

That's the problem with these new fangled routers - they are light enough for a single person to lift. Bring back thermionic valves style electronics I say!

If you knew about it why were you waiting for it to appear on this site? Lack of a life?

Who on earth nicks that?

Maybe Virgin are finally going to increase the coverage of their cable network.

Although the incident does give a rough indication of BTs fault detection system. Alarms go off in another building, note left for engineers to investigate in the morning. Night shift go back to sleep again.

..what.. the 10th September 2008...?

Mines the one with the Nostrodamus Calendar in the pocket.

You'd think there would BT would have a backup plan for this type of incident? What if a bomb went of near an exchange?

Forget your piddly efforts by hackers et al. A good old fashioned swag bag is how London does it !

The Met doesn't know what to say.. ??

http://stores.ebay.com/SwitchXchange_Cisco-MGX-8000_W0QQcolZ4QQdirZ1QQfsubZ2QQftidZ2QQtZkm

the response we had from BT contained the following line in it...

"At 20:15 GMT on 10th September, the BT IP node site in Mayfair, London experienced a breach of security involving physical break in. This breach resulted in the removal of 38 network cards and caused service failures for our customers using UK VPN platform services. The cards were unlawfully extracted from live equipment racks and removed from site. In the process, extensive damage was also caused to BT fibres, cards and other equipment. "

"The police were alerted and this immediately became the subject of a police investigation and the police team were on site during the night, engaged with BT’s security experts. "

BT security experts.. huh??? experts... if they knew anything about security they wouldnt have let someone break into a datacentre and steel 38 line cards.. I mean how long does it take to remove 38 line cards..??!!??!??

We're back up and working, hopefully its a permanent fix, rather than a 'get you working and we'll sort it out later' fix.

I imagine the equipment in that exchange was of a much higher quality.

None of the shite you would get in an exchange in Peckham

What sort of underground market is there for commercial-grade routers and other exchange equipment? Obviously there's the BOFHs of the world, but really, what end-users would need to build their own exchange for several thousand users?

Is it just my office that's down or is anyone else having problems with it? According to MS it's up: http://messenger.msn.com/Status.aspx

Cheers! That's awesome. I'm just glad that we won't face anything like that over here in the U... what? Oh, never mind.

Paris, getting deep packet inspected in the USA.

Maybe the BofH needs new hardware?

So close to the City of London. Where the Police are investigating BT's relationship with one of their suppliers, and their use of routers, network cards and fibre kit to spy on their customers.

Or you might also suppose a supplier with a serious cash flow problem would want to recover the routers, network cards and fibre kit they had gifted to BT... particularly so if BT hadn't kept their part of the bargain.

:o)

Check eBay and craigslist... they might even find exactly what they need, fibre included!!!

See how BT like it when someone steals THEIR stuff!

"The theft was small scale and technical in nature and as no forensic evidence was left, it would have been difficult to frame any advice to BT about the burglary operation, and obtain any relevant consents for the removal of network equipment, with a wording that would have any resonance at all for theory victim"

It depends on how many people you have pulling the cards. An organised gang of four or five people should be able to pull that number of cards and pack them away in under 5 minutes. That's probably less than the SLA that BT have for a physical security response.

Where was phorm's equipment sited?

Anyone know for sure?

Thats still no fucking excuse, 5 guys bowel up to my data centre with big rain coats, horn rimed glasses, and dodgy looking porn star mustaches and their goign to get told to fuck off.. or did the 80yr old half dead security gard not see them rolling in the sack barrow???

Okay.. so they get into the car park, through all the security barriers and manage to get to the main datacentre door. where there asked to wipe their muddy chav reebok classics. They then manage to get through into the datacentre itsself, and some how also into the racks that contain major routing points for UK VPN platform services and remove 38 cards and In the process, cause extensive damage to BT fibres and other equipment.

Fuck the SLA and any other soposed security procedures.. thats sheer and utter Incompetence.

I'm surpised that Guy Richies Snatch knocked nearly 8000 circuits off. I wonder if thats why there's all those rumours about her Madgesty.

Oh, and a point of note, we've not been advised that Fibre has been stolen, merely damaged (I suspect cut/pulled/broken to quickly release the cards).

BT was STILL blaming it on the end users equipment being the cause of the fault.....

... there goes my companies DR link... raises an interesting question - where *is/was* BT's disaster recovery plan. Hmmmm none maybe? Oh the fun....

Those guys were pretty damn fast, could hire them for moving servers and telecomms, they know their stuff.... Damn let get those guys on a payroll...

Irish telecom monopoly eircom announces a major upgrade to its dublin exchange......

You have a cotton picking, darn-dastardly, good point there!

We hear about DR this, and DR that, but even the 'big cheese' of British communications didn't have a DR plan or BC policy...

Shocking!

But a damn good point, well highlighted.

@AC RE: Steve Evans"

Poor fella, now get back to work, you! ;o)

Well it took me 3 phone calls this morning to find out about this...

Got told originally that it was a fault with our equipment, then they couldnt find my Company on the system, then they insisted they couldnt help as I didnt have the "S" number...

3rd call was the lucky one, where they actually couldnt of been more helpful... apart from maybe having a Disaster Recovery Plan...!

Still not up and working here.

They probally wanted all the metal from the racks, well thats if they took the racks hehe..

cant see them sellnig the equipment in this country tho.

Aren't these pics in breach of the OSA 1911 Section 3?

==

3.Definition of prohibited place.

For the purposes of this Act, the expression "prohibited place" means--

[F1 (a)

any work of defence, arsenal, naval or air force establishment or station, factory, dockyard, mine, minefield, camp, ship, or aircraft belonging to or occupied by or on behalf of His Majesty, or any telegraph, telephone, wireless or signal station, <snip>

==

More at http://spyblog.org.uk/2008/06/restrictions-on-photography-in-public-where-are-the-prohibited-places-designated.html

br -d

Actually Ive helped dissassemble an Exchange with older equipment,

Give someone 10minutes with the line-card rack and you would be looking

at somewhere between 10 to 20 cards removed,

depending on how quick the person got used to card removal...

so all up maybe 30-40 minutes to strip the equipment into a sack and leg it...

speaking of which I can personally strip down either of my own machines

and rebuild it (including PSU removal from the case with everything else)

in about that time if I am *really* in a hurry or totally wired up on sugar :)

<< Icon is Tux because my systems are all set to something I can use

without needing to deal with a lawyer first :)

DO you think any one was sober enough to notice ??

We had six sites down this morning (Oddly one didnt report the lack of connectivity until 13:00 today!!) .

All are back up and running now. I'm relieved.

DR questions aside, BT did a good job getting it all back up and running.

"Stolen To Order?

By Rick LeemingPosted Thursday 11th September 2008 10:26 GMT Somehow I don't think this stuff will end up on ebay. Or alternatively it's someone who has finally had enough of BT's level of "Service".

"

i dont know about to order but IF therewas any Phorm DPI/layer7 kit taken then THAT WOULD EB WERTH A LOY OF MONEY to some blackhat or criminal gang as it will have all their custom code in it...

as i understand it, it you have access to this then it makes it far simpler to find and exploit any 0day options later....

neologic, I take it you've never done any work in a telephone exchange!

These places are not typically manned out of hours, if manned at all. The last exchange I worked in the physical security consisted of the usual stuff (swipe cards, that sort of thing) and a video camera; the door locks were released remotely after you'd phoned the security people and they'd clocked you on the video cameras.

Telephone exchanges are a long way from being 'data centres', even in this day and age.

Given that your modern high-tech thief's idea of a wiring tool is a set of bolt cutters, I'm quite sure they could be in and out well before plod or anyone else was on the scene.

I dont here about thefts from telco centers in countries like Germany, France, Canada. Just in the UK ???

Given the high concentration of foreign diplomatic posts in Mayfair, it wouldn't be surprising if some of the line cards at that particular exchange were in some way "special".

... is next to me! I have access to Mayfair but have never been there. Have been told it has the most MDF work in the country!

AC because I work for Big Thingy!

I always thought these kind of premises, you know, vital to communications and the like, were belled up to the max. And also, wasn't the interweb invented (DARPA) so that no single node knocked out could bring about communication breakdown? (Yeah I like Led Zeppelin too).

And WTF are these people doing nicking highly specialised network cards? Is there an abundance of precious metal in them that can be extracted at Peckham Scrap Metal? (I quite liked the comment about the Irish Exchange announcing an 'upgrade' though).

My flabber is truly ghasted.

the exchange itself is, I believe, on the first and second floors, the rest of them being occupied by some chunk of BT's other operations (I have a feeling it might be wholesale, but I wouldn't swear to it). There are doors into the exchange area served by the main stairwell, which also includes a lift shaft, which comes out at ground level into a teensy reception area directly behind the door into Farm Street, which is next to the pub. The street itself is VERY quiet even in the middle of the day, to the extent that there's a sign on the inside of the door saying something to the effect of "Please don't slam the door, it pisses the neighbours off". I didn't make a detailed survey of the security measures.

Anyway, the upshot of all this is that I would very strongly suspect an inside job: it really wouldn't be that hard to get a few mates in through the front door, set about the hardware, lump it back out to a waiting BT van and make good your escape.

Coat as in helping oneself to the contents...

Obviously, he was part of the original ring. How else would he have known?

Mine's the one with the foil in the pocket.

>I would very strongly suspect an inside job

Couldnt agree more, smacks of someone getting an OBASS card as a contractor and hanging on to it for use at a later date.

Oh and all those snotty sods on the proverbial high horse about how their datacentre has armed guards, starving rotties, minefields etc. for security, please consider this: Its an exchange NOT a datacentre.

By law BT have to give equal access to ALL CP's and their contractors, anything less and OFCOM would be jumping on throats. This means that security can never be as tight as everybody would like.

This is a serious incident but small beer compared to the thefts that are being made of cable throughout the network, copper fetches a good price and its being ripped out of the ground almost daily.

the exchange affected a lot of businesses that connect into london including government. I work on a servicedesk for gov dept and we were mostly out of business until about 3pm. w couldnt get into systems and remote offices could not connect to london.

re kit stolen , what are they going to do with it ?? I think it will leave country. theives maybe have ££ in eyes and dont know that if connected will be seen and if sold abroad it is throw away as cisco will want ££ for support and they know who they sold it to !!

Imagine buying a stolen porsche abd the first time it breaks down being told that thay wont give you the parts or help !! (and the local fuzz come knocking on your door )

This stuff seems to be all local Final Mile routing stuff, so if there was any redundancy it was probably in the same building and stolen too. Despite all of the talk of the internet being redundant to route around failure, every residential node has ONE final connection to the rest of the network, and that's what they took - the entire exchange's worth of final connections.

Hard to blame BT for this, or even accuse them of incompetence - sometimes the cost of preventing any and all crime costs a lot more than the crime itself would be worth...

No!! It's a private Company

Give me my 12 miles of open countryside any day. Our phone exchange is a wooden hut over in the next village (near the duck pond, and across the road from the thatched cottage).

Wooden hut, you say? Hmm...

/goes to buy chainsaw and help self to contents of said hut

@ Chris Williams - the key part of the Spy Blog article is actually the reference to rhe

Communications Act 2003 section Schedule 17 para 2

http://www.opsi.gov.uk/acts/acts2003/ukpga_20030021_en_59

"Official Secrets Act 1911

2 For the purposes of the Official Secrets Act 1911 (c. 28), any electronic communications station or office belonging to, or occupied by, the provider of a public electronic communications service shall be a prohibited place. "

This certainly does cover a BT telephone exchange.

Luckily for you, and for all the tourists who take photos of the BT Tower, the Official Secrets Act 1911 power of arrest was repealed by the Serious Organised Crime and Police Act 2005, along with a dozen or so other obsolete powers of arrest (although the authorities now seem to want to reinstate these), and requires consent for prosecution to be given by the Attorney General.

- BT did have redundancy and contigency in place, an automatic switch over to Ilford took place immediately.

- Only cards were stolen, damage was done by the forced removal of said cards.

- Have a chat with the regulator about not allowing other line operators and their sub-contractors into BT Exchanges?

- Establish all facts before gobbing off?

- Remove foot/feet from mouth if you're an ignoramus talking out of your ar$e.

apart from sharing a name with a men's magazine the exchange does or did something important once however cannot remember what. (Section 5 1989 Act)

AFAIK BT has its Openreach Headquarters on the 4th floor