Amazon’s Data Centers Are Located in US Spy Country

Uploaded on 2016-01-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Virginia is located on the Atlantic coast along the line that divides the northern and southern states.

Once in a while—not quite often enough to be a crisis, but just often enough to be a trope—people in the United States will freak out because a huge number of highly popular websites and services have suddenly gone down. For an interminable period of torture (usually about 1-3 hours, tops) there is no Instagram to browse, no Tinder to swipe, no Github to push to, no Netflix to And Chill.

When this happens, it usually means that Amazon Web Services is having a technical problem, most likely in their US-East region. What that actually means is that something is broken in northern Virginia. Of all the places where Amazon operates data centers, northern Virginia is one of the most significant, in part because it’s where AWS first set up shop in 2006. It seemed appropriate that this vision quest to see The Cloud across America, which began at the ostensible birthplace of the Internet should end at the place that’s often to blame when large parts of the US Internet dies.

Northern Virginia is a pretty convenient place to start a cloud-services business: for reasons we’ll get into later, it’s a central region for Internet backbone. For the notoriously economical and utilitarian Amazon, this meant that it could quickly set up shop with minimal overhead in the area, leasing or buying older data centers rather than building new ones from scratch.

The ease with which AWS was able to get off the ground by leasing colocation space in northern Virginia in 2006 is the same reason that US-East is the most fragile molecule of the AWS cloud: it’s old, and it’s running on old equipment in old buildings.

Or, that’s what one might conclude from spending a day driving around looking for and at these data centers. When I contacted AWS to ask specific questions about the data-center region, how they ended up there, and the process of deciding between building data centers from scratch versus leasing existing ones, they declined to comment.

Unlike Google and Facebook, AWS doesn’t aggressively brand or call attention to their data centers. They absolutely don’t give tours, and their website offers only rough approximations of the locations of their data centers, which are divided into “regions.” Within a region lies at minimum two “availability zones” and within the availability zones there are a handful of data centers.

Google’s web crawlers don’t particularly care about AWS’ preference of staying below the radar, and searching for Vadata, Inc. sometimes pulls up addresses that probably first appeared on some deeply buried municipal paperwork and were added to Google Maps by a robot. It’s also not too hard to go straight to those original municipal documents with addresses and other cool information, like fines from utility companies and documentation of tax arrangements made specifically for AWS. (Pro tip for the rookie data-center mapper: if you’re looking for the data centers of other major companies, Foursquare check-ins are also a surprisingly rich resource). My weird hack research methods returned a handful of Vadata addresses scattered throughout the area: Ashburn, Sterling, Haymarket, Manassas, Chantilly.

The fact that northern Virginia is home to major intelligence operations and to major nodes of network infrastructure isn’t exactly a sign of government conspiracy so much as a confluence of histories (best documented by Paul Ceruzzi in his criminally under-read history Internet Alley: High Technology In Tysons Corner, 1945-2005). To explain why a region surrounded mostly by farmland and a scattering of American Civil War monuments is a central point of Internet infrastructure, we have to go back to where a lot of significant moments in Internet history take place: the Cold War.

Postwar suburbanization and the expansion of transportation networks are occasionally overlooked, but weirdly crucial facets of the military-industrial complex. While suburbs were largely marketed to the public via barely concealed racism and the appeal of manicured “natural” landscapes, suburban sprawl’s dispersal of populations also meant increased likelihood of survival in the case of nuclear attack. Highways both facilitated suburbs and supported the movement of ground troops across the continental United States, should they need to defend it (lest we forget that the legislation that funded much of the US highway system was called the National Interstate and Defense Highways Act of 1956).

But databases alone are not archives any more than data centers are libraries, and the rhetorical promise of The Cloud is as fragile as the strands of fiber-optic cable upon which its physical infrastructure rests. The Internet is a beautiful, terrible, fraught project of human civilization.
 
While I make light of language like “pilgrim” to describe this cross-country journey, at the end of the day it has been an affirmation of a kind of faith: faith in the humanity of that beautiful, terrible, fraught project, and in the possibility of being able to see ourselves in all that beautiful, terrible, fraught truth.

DefenseOne

« EU General Data Protection: A Milestone Of The Digital Age
Russian Hackers Warn EU Trains Are Vulnerable to Hijack »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Cyber Security Academy - University of Southampton

Cyber Security Academy - University of Southampton

An industry/University partnership established to advance cyber security through world class research, teaching excellence, industrial expertise and training capacity.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Cytenna

Cytenna

Cytenna Signal is a suite of SaaS (Software-as-a-Service) products that use AI and machine learning to automatically aggregate the latest information about software vulnerabilities.

Hudson Cybertec

Hudson Cybertec

Hudson Cybertec are an internationally recognized Subject Matter Expert for cyber security in the Industrial Automation & Control Systems (IACS) domain.

Dynamic Quest

Dynamic Quest

Dynamic Quest is a managed IT, cloud and security services companies, providing a comprehensive range of technology services including cybersecurity, backup and disaster recovery.

Fortiedge

Fortiedge

Fortiedge is an IT Security solution provider specializing in Cyber Security practices and solutions for our clients.

Randaemon

Randaemon

RANDAEMON’s mission is to create True Random Number Generators (TRNG) that are hardware-based and integrated into System-on-Chip.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

Inoxoft

Inoxoft

Inoxoft delivers IT security consulting, assessment, and protection services to help businesses secure their infrastructure, applications, and sensitive data.

Concentrix

Concentrix

Concentrix - the intelligent transformation partner. We help the world’s leading organisations to modernise technology, transform experiences, and solve their toughest business challenges.