Amazon’s Data Centers Are Located in US Spy Country

Uploaded on 2016-01-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Virginia is located on the Atlantic coast along the line that divides the northern and southern states.

Once in a while—not quite often enough to be a crisis, but just often enough to be a trope—people in the United States will freak out because a huge number of highly popular websites and services have suddenly gone down. For an interminable period of torture (usually about 1-3 hours, tops) there is no Instagram to browse, no Tinder to swipe, no Github to push to, no Netflix to And Chill.

When this happens, it usually means that Amazon Web Services is having a technical problem, most likely in their US-East region. What that actually means is that something is broken in northern Virginia. Of all the places where Amazon operates data centers, northern Virginia is one of the most significant, in part because it’s where AWS first set up shop in 2006. It seemed appropriate that this vision quest to see The Cloud across America, which began at the ostensible birthplace of the Internet should end at the place that’s often to blame when large parts of the US Internet dies.

Northern Virginia is a pretty convenient place to start a cloud-services business: for reasons we’ll get into later, it’s a central region for Internet backbone. For the notoriously economical and utilitarian Amazon, this meant that it could quickly set up shop with minimal overhead in the area, leasing or buying older data centers rather than building new ones from scratch.

The ease with which AWS was able to get off the ground by leasing colocation space in northern Virginia in 2006 is the same reason that US-East is the most fragile molecule of the AWS cloud: it’s old, and it’s running on old equipment in old buildings.

Or, that’s what one might conclude from spending a day driving around looking for and at these data centers. When I contacted AWS to ask specific questions about the data-center region, how they ended up there, and the process of deciding between building data centers from scratch versus leasing existing ones, they declined to comment.

Unlike Google and Facebook, AWS doesn’t aggressively brand or call attention to their data centers. They absolutely don’t give tours, and their website offers only rough approximations of the locations of their data centers, which are divided into “regions.” Within a region lies at minimum two “availability zones” and within the availability zones there are a handful of data centers.

Google’s web crawlers don’t particularly care about AWS’ preference of staying below the radar, and searching for Vadata, Inc. sometimes pulls up addresses that probably first appeared on some deeply buried municipal paperwork and were added to Google Maps by a robot. It’s also not too hard to go straight to those original municipal documents with addresses and other cool information, like fines from utility companies and documentation of tax arrangements made specifically for AWS. (Pro tip for the rookie data-center mapper: if you’re looking for the data centers of other major companies, Foursquare check-ins are also a surprisingly rich resource). My weird hack research methods returned a handful of Vadata addresses scattered throughout the area: Ashburn, Sterling, Haymarket, Manassas, Chantilly.

The fact that northern Virginia is home to major intelligence operations and to major nodes of network infrastructure isn’t exactly a sign of government conspiracy so much as a confluence of histories (best documented by Paul Ceruzzi in his criminally under-read history Internet Alley: High Technology In Tysons Corner, 1945-2005). To explain why a region surrounded mostly by farmland and a scattering of American Civil War monuments is a central point of Internet infrastructure, we have to go back to where a lot of significant moments in Internet history take place: the Cold War.

Postwar suburbanization and the expansion of transportation networks are occasionally overlooked, but weirdly crucial facets of the military-industrial complex. While suburbs were largely marketed to the public via barely concealed racism and the appeal of manicured “natural” landscapes, suburban sprawl’s dispersal of populations also meant increased likelihood of survival in the case of nuclear attack. Highways both facilitated suburbs and supported the movement of ground troops across the continental United States, should they need to defend it (lest we forget that the legislation that funded much of the US highway system was called the National Interstate and Defense Highways Act of 1956).

But databases alone are not archives any more than data centers are libraries, and the rhetorical promise of The Cloud is as fragile as the strands of fiber-optic cable upon which its physical infrastructure rests. The Internet is a beautiful, terrible, fraught project of human civilization.
 
While I make light of language like “pilgrim” to describe this cross-country journey, at the end of the day it has been an affirmation of a kind of faith: faith in the humanity of that beautiful, terrible, fraught project, and in the possibility of being able to see ourselves in all that beautiful, terrible, fraught truth.

DefenseOne

« EU General Data Protection: A Milestone Of The Digital Age
Russian Hackers Warn EU Trains Are Vulnerable to Hijack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

Alliance for Cyber Security (ACS)

Alliance for Cyber Security (ACS)

An alliance of all major players in the field of cyber security in Germany with a mission to strengthen Germany’s resistance to cyber-attacks.

ICTSecurity Portal - Austria

ICTSecurity Portal - Austria

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

National Cybersecurity Student Association (NCSA) - USA

National Cybersecurity Student Association (NCSA) - USA

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Ryan Financial Lines

Ryan Financial Lines

Ryan Financial Lines Cyber provides risk transfer solutions for complex cyber and technology exposures, globally.

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia is responsible for implementing public policies in the field of cybersecurity and developing the cybersecurity strategy of the Generalitat de Catalunya.

Gray Tier Technologies (GTT)

Gray Tier Technologies (GTT)

Gray Tier is an advanced security company that focuses on developing technical solutions to the toughest cyber security challenges facing our customers.