Amazon’s Data Centers Are Located in US Spy Country

Uploaded on 2016-01-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Virginia is located on the Atlantic coast along the line that divides the northern and southern states.

Once in a while—not quite often enough to be a crisis, but just often enough to be a trope—people in the United States will freak out because a huge number of highly popular websites and services have suddenly gone down. For an interminable period of torture (usually about 1-3 hours, tops) there is no Instagram to browse, no Tinder to swipe, no Github to push to, no Netflix to And Chill.

When this happens, it usually means that Amazon Web Services is having a technical problem, most likely in their US-East region. What that actually means is that something is broken in northern Virginia. Of all the places where Amazon operates data centers, northern Virginia is one of the most significant, in part because it’s where AWS first set up shop in 2006. It seemed appropriate that this vision quest to see The Cloud across America, which began at the ostensible birthplace of the Internet should end at the place that’s often to blame when large parts of the US Internet dies.

Northern Virginia is a pretty convenient place to start a cloud-services business: for reasons we’ll get into later, it’s a central region for Internet backbone. For the notoriously economical and utilitarian Amazon, this meant that it could quickly set up shop with minimal overhead in the area, leasing or buying older data centers rather than building new ones from scratch.

The ease with which AWS was able to get off the ground by leasing colocation space in northern Virginia in 2006 is the same reason that US-East is the most fragile molecule of the AWS cloud: it’s old, and it’s running on old equipment in old buildings.

Or, that’s what one might conclude from spending a day driving around looking for and at these data centers. When I contacted AWS to ask specific questions about the data-center region, how they ended up there, and the process of deciding between building data centers from scratch versus leasing existing ones, they declined to comment.

Unlike Google and Facebook, AWS doesn’t aggressively brand or call attention to their data centers. They absolutely don’t give tours, and their website offers only rough approximations of the locations of their data centers, which are divided into “regions.” Within a region lies at minimum two “availability zones” and within the availability zones there are a handful of data centers.

Google’s web crawlers don’t particularly care about AWS’ preference of staying below the radar, and searching for Vadata, Inc. sometimes pulls up addresses that probably first appeared on some deeply buried municipal paperwork and were added to Google Maps by a robot. It’s also not too hard to go straight to those original municipal documents with addresses and other cool information, like fines from utility companies and documentation of tax arrangements made specifically for AWS. (Pro tip for the rookie data-center mapper: if you’re looking for the data centers of other major companies, Foursquare check-ins are also a surprisingly rich resource). My weird hack research methods returned a handful of Vadata addresses scattered throughout the area: Ashburn, Sterling, Haymarket, Manassas, Chantilly.

The fact that northern Virginia is home to major intelligence operations and to major nodes of network infrastructure isn’t exactly a sign of government conspiracy so much as a confluence of histories (best documented by Paul Ceruzzi in his criminally under-read history Internet Alley: High Technology In Tysons Corner, 1945-2005). To explain why a region surrounded mostly by farmland and a scattering of American Civil War monuments is a central point of Internet infrastructure, we have to go back to where a lot of significant moments in Internet history take place: the Cold War.

Postwar suburbanization and the expansion of transportation networks are occasionally overlooked, but weirdly crucial facets of the military-industrial complex. While suburbs were largely marketed to the public via barely concealed racism and the appeal of manicured “natural” landscapes, suburban sprawl’s dispersal of populations also meant increased likelihood of survival in the case of nuclear attack. Highways both facilitated suburbs and supported the movement of ground troops across the continental United States, should they need to defend it (lest we forget that the legislation that funded much of the US highway system was called the National Interstate and Defense Highways Act of 1956).

But databases alone are not archives any more than data centers are libraries, and the rhetorical promise of The Cloud is as fragile as the strands of fiber-optic cable upon which its physical infrastructure rests. The Internet is a beautiful, terrible, fraught project of human civilization.
 
While I make light of language like “pilgrim” to describe this cross-country journey, at the end of the day it has been an affirmation of a kind of faith: faith in the humanity of that beautiful, terrible, fraught project, and in the possibility of being able to see ourselves in all that beautiful, terrible, fraught truth.

DefenseOne

« EU General Data Protection: A Milestone Of The Digital Age
Russian Hackers Warn EU Trains Are Vulnerable to Hijack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Magic Software Enterprises

Magic Software Enterprises

Magic provide Mobile Device Management (MDM) for Secure Enterprise Mobility. Magic MDM overcomes the challenges of mobile device management security by protecting all of your devices, data and content

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Ezenta

Ezenta

Ezenta is a Danish IT security consulting firm.

Nation-E

Nation-E

Nation-E offers innovative cyber security solutions for industrial installations, critical infrastructure and smart grids.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Pivot Point Security

Pivot Point Security

Pivot Point Security is a trusted leader in information security consulting. We help clients master their information security management systems.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.