A few days ago, a client’s data center (well, actually a server room) "vanished" overnight. My monitoring showed that all devices were unreachable. Not even the ISP routers responded, so I assumed a sudden connectivity drop. The strange part? Not even via 4G.
I then suspected a power failure, but the UPS should have sent an alert.
The office was closed for the holidays, but I contacted the IT manager anyway. He was home sick with a serious family issue, but he got moving.
To make a long story short: the company deals in gold and precious metals. They have an underground bunker with two-meter thick walls. They were targeted by a professional gang. They used a tactic seen in similar hits: they identify the main power line, tamper with it at night, and send a massive voltage spike through it.
The goal is to fry all alarm and surveillance systems. Even if battery-backed, they rarely survive a surge like that. Thieves count on the fact that during holidays, owners are away and fried systems can't send alerts. Monitoring companies often have reduced staff and might not notice the "silence" immediately.
That is exactly what happened here. But there is a "but": they didn't account for my Uptime Kuma instance monitoring their MikroTik router, installed just weeks ago. Since it is an external check, it flagged the lack of response from all IPs without needing an internal alert to be triggered from the inside.
The team rushed to the site and found the mess. Luckily, they found an emergency electrical crew to bypass the damage and restore the cameras and alarms. They swapped the fried server UPS with a spare and everything came back up.
The police warned that the chances of the crew returning the next night to "finish" the job were high, though seeing the systems back online would likely make them move on. They also warned that thieves sometimes break in just to destroy servers to wipe any video evidence.
Nothing happened in the end. But in the meantime, I had to sync all their data off-site (thankfully they have dual 1Gbps FTTH), set up an emergency cluster, and ensure everything was redundant.
Never rely only on internal monitoring. Never.
Anban Govender likes this.
reshared this
EnigmaRotor
in reply to Stefano Marinelli • • •EnigmaRotor
Unknown parent • • •Stefano Jones P.A. a very noir series.
EnigmaRotor
Unknown parent • • •Johan Sköld
in reply to Stefano Marinelli • • •that advice also applies to monitoring scheduled backup jobs (or any other automated process). I use a service that emails me if I don't hit a specific URL roughly every 24 hours, and I hit that at the end of my backup job if it was successful.
Better than finding out the hard way at some point in the future that something happened with my backup job, preventing it from running for the last month.
James Seward
in reply to Johan Sköld • • •Johan Sköld
in reply to James Seward • • •EnigmaRotor
Unknown parent • • •Marios E
in reply to EnigmaRotor • • •@EnigmaRotor
I am quite keen to look into Uptime Kuma. Our current monitor is antiquated.
On a side note, you guys are hilarious! I genuinely had a good laugh at your comments.
Marios E
Unknown parent • • •Utarg of Utarg 🔬🇪🇺🇸🇪🇬🇧🇺🇦
Unknown parent • • •Elena ``of Valhalla''
in reply to Stefano Marinelli • •like this
Stefano Marinelli, Luca Sironi, Simon Willcocks, Tom, Leonardo Taccari, johnn_bunyan, J. Steven York e kasperd like this.
Luca Sironi
Unknown parent • • •Wulfy—Speaker to the machines
in reply to Stefano Marinelli • • •Kev
in reply to Stefano Marinelli • • •stux⚡️
in reply to Stefano Marinelli • • •Great job!
This is why is always run up time on different servers in other places!
Perfect!
ozoned
Unknown parent • • •Hugo Mills
in reply to Stefano Marinelli • • •About 15 years ago, the place I worked had a supercomputer. One night, the aircon in the machine room failed. The machine kept computing, and the temperature rose. It rose *quite a lot*.
Sadly, the first thing to fail from the heat was the core switch for the room. You know, the one that handles all of the network for everything in the room. Including the temperature alerts.
It was finally spotted about 8am when the security patrol wondered why the door shutters were so hot.
Hugo Mills
Unknown parent • • •Fortunately, the only thing that did fail after the aircon was the switch. (And a pair of ear muffs which had been hanging on a metal rail -- they'd melted).
The fire brigade turned up, checked everything, and ran some big positive pressure fans to get airflow through the room from one door to the other to cool everything down.
Lasse Leegaard
in reply to Stefano Marinelli • • •rasteri
in reply to Stefano Marinelli • • •EnigmaRotor
Unknown parent • • •penguin42
in reply to Stefano Marinelli • • •Space flip-flops
in reply to Stefano Marinelli • • •First off, as a Ukrainian, I know that powerlines can survive "the spikes" by just cutting the power at the very input. No damage to equipment behind the input electric circuit breaker, nope. You just get damaged input.
Next, I used to work in a bank. And here we had a clear requirement for data storage center: more than one power input -- is a must.
Space flip-flops
in reply to Space flip-flops • • •Fourth, if there is a power spike and cut off, it won't go unnoticed by those who control power lines. They will be the first on site to see what happened.
Conny Nasch
in reply to Stefano Marinelli • • •gbsills
in reply to Stefano Marinelli • • •William Weber Berrutti
in reply to Stefano Marinelli • • •The Gaffer
in reply to Stefano Marinelli • • •This immediately brought to mind coming into the office after a holiday weekend in 2005 and finding “my” computer room dark. I found our infrastructure manager, who told me that they had an unexpected power outage over the weekend. Confused, I said “But how is that possible? We have multiple feeds and a huge uninterruptible power supply!”
I will never forget his response, delivered in his thick Scottish brogue: “Yes, we do. But it doesn’t do much good when the UPS catches fire.” 😳
javensbukan
in reply to The Gaffer • • •@thegaffer That reminds me of an incident that happened at work. We have multiple sources of electricity and generators, but none of that matters if the room with the UPS and power controller where all the power sources meet floods from an overflowing toilet a floor above 🙃😅
Whoopsie daisy!
I just finished bypassing all the network switches in the closets from that circuit when they managed to bypass it and catastrophe averted.
That was a fun night! /s
Saupreiss #Präparat500 🗽
Unknown parent • • •That sounds like a hell of a yell for an official port…
@marios @EnigmaRotor
Pedro Bufulin
in reply to Stefano Marinelli • • •indyradio
in reply to Stefano Marinelli • • •You have shared many useful items in a thoughtful way. I appreciate it, and am glad to let you know. 😀
indyradio
Unknown parent • • •Since 9/11 there are a few new spooky things, and one is modulating the power with pulses
Jim
in reply to Stefano Marinelli • • •itthinx
in reply to Stefano Marinelli • • •Ondrej Zizka
in reply to Stefano Marinelli • • •Pedro Bufulin
Unknown parent • • •Dan 🌻
in reply to Stefano Marinelli • • •The true horror part of this story:
> The office was closed for the holidays, but I contacted the IT manager anyway. He was home sick with a serious family issue, but he got moving.
Home for the holidays, sick, serious family issue?? Who cares! You know what's more important?? Keeping that data center up and running!
Glory to sacrificing yourself for the system!!
Or maybe get someone else next time.
miki
in reply to Stefano Marinelli • • •pedernal
Unknown parent • • •lorenzo
in reply to Stefano Marinelli • • •Andreas (82MHz)
in reply to lorenzo • • •I think Stefano, the mild mannered barista of the BSD Cafe who posts pictures of sunsets and from his walks in nature is just a cover, and in reality he is a tough-as-nails secret military agent who's chasing cybercriminals around the globe.
See also his comment to my blog post about "just telling people to call the Barista" to make them crap their pants... this Barista has a secret! 🕵️
James Scholes
in reply to Stefano Marinelli • • •xinqu
in reply to Stefano Marinelli • • •lorenzo
Unknown parent • • •💙
CC: @82mhz@bsd.cafe
Uriel Fanelli
in reply to Stefano Marinelli • • •Dianora (Diane Bruce)
in reply to Stefano Marinelli • • •You know this but it bears repeating!
Uriel Fanelli
Unknown parent • • •Peter Sommerlad
in reply to Stefano Marinelli • • •J. Steven York
in reply to Stefano Marinelli • • •zako
in reply to Stefano Marinelli • • •Krafting
in reply to Stefano Marinelli • • •Dianora (Diane Bruce)
Unknown parent • • •EnigmaRotor
Unknown parent • • •Also note that Stefano’s story does not mention (yet) an overexcited systemd. I don’t see plagiarism in this. Let’s expect an hommage at some point, in pure Hans Zimmer style. /* insert big brass sound sample here */
Michael W Lucas
Unknown parent • • •Spiritual guide? Your spirits are gonna go somewhere pretty dang weird, sir.
Dianora (Diane Bruce)
in reply to Michael W Lucas • • •tkr
in reply to Stefano Marinelli • • •Sir Dr Rusty o the Isle 🖤💛❤️
in reply to Stefano Marinelli • • •Michael W Lucas
in reply to Dianora (Diane Bruce) • • •beer is too normal...
Martin Seeger
in reply to Stefano Marinelli • • •ffffennek
in reply to Stefano Marinelli • • •Paul Wilde 😺 (snac2 acct)
in reply to ffffennek • • •Really, if the primary point of call was out of action, it would be up to the business itself to arrange alternatives, allowing the sick person to stay out of action.
EnigmaRotor
Unknown parent • • •@gumnos @mwl @Dianora Both may, for sure, be present at the table. #devicedrivers
Tim Chase
in reply to Michael W Lucas • • •@mwl
beer? clearly the conversation involves *spirits* not beer… 😛
@Dianora @EnigmaRotor @stefano
EnigmaRotor
Unknown parent • • •db
in reply to Stefano Marinelli • • •db
Abdelkader Boudih
in reply to Stefano Marinelli • • •Damn you Stefano.
You just spoiled a future Netflix movie.
Instead of watching in 2027 : `The Power Surge Heist`... we will have `The Uptime` with Stefano as sysadmin.
Following you so i can keep up with all the movies i will be missing.
ffffennek
Unknown parent • • •Ollivier Robert 🇺🇦😷🌈
in reply to Dianora (Diane Bruce) • • •Dianora (Diane Bruce)
in reply to Ollivier Robert 🇺🇦😷🌈 • • •EnigmaRotor
Unknown parent • • •EnigmaRotor
in reply to EnigmaRotor • • •EnigmaRotor
Unknown parent • • •You know the trade offs of emulation, this could lead to a suboptimal experience… thus I might get rid of the icecream and focus on the bottle. (From simplicity comes user satisfaction)
#drunkCipherMachine #veryRandomNumberGenerator
EnigmaRotor
in reply to EnigmaRotor • • •EnigmaRotor
in reply to EnigmaRotor • • •I wish this article would be available in English too, yet it is available in Italian. (For some reason)
nom vernaculaire
Contributeurs aux projets Wikimedia (Fondation Wikimedia, Inc.)EnigmaRotor
Unknown parent • • •#alps
devolute
in reply to Stefano Marinelli • • •I'm upset this didn't turn into a story of how the police laid a trap.
Uptime Kuma is dope tho.
Daniel Berman
in reply to Stefano Marinelli • • •Ondrej Zizka
Unknown parent • • •EnigmaRotor
Unknown parent • • •EnigmaRotor
Unknown parent • • •Stephen Borrill
Unknown parent • • •- YouTube
youtu.beStephen Borrill
Unknown parent • • •Expertenkommision Cyberunfall
in reply to Stefano Marinelli • • •jjesse
in reply to Stefano Marinelli • • •1000millimeter
in reply to Stefano Marinelli • • •