

Inside the Fortified, Nuke-Proof Bunker that's Now Hosting Wikileaks - FSecurePal
http://www.technologyreview.com/blog/mimssbits/26095/?ref=rss

======
pigbucket
"...one wonders why Swedish Bahnhof would take on the challenge of hosting a
site that will probably be under permanent attack for the foreseeable future.

Unless it's for the PR value"

That's a good example of allowing one's imagination of possibilities to wander
over very short distances. Is it that inconceivable that a company might be
motivated by something other than the bottom line? Arvinjoar commented earlier
on the principled character of the Bahnhof's founder:
<http://news.ycombinator.com/item?id=1959961>

~~~
potatolicious
Indeed. It's a little depressing that we live in a world where someone driven
by principles instead of profits is regarded as extraordinary.

~~~
Dove
Such a sentiment says more about the speaker than the world.

------
bullseye
As far as articles go, I'm not impressed with this one. Although I'd be
willing to admit that my interest in all things Wikileaks is seriously waning.

That said, there was little to no information about the actual data center,
other than a link to a Forbes article about the first time Wikileaks moved
there. They even embedded the same video from that original article.

Throw in an offhand and speculative comment about Amazon bowing "to political
pressure" and a few Flickr pictures and presto! I almost felt like I was
reading another one of Shaun Gallagher's "I wrote this article with one mouse
click" experiments.

------
rdl
Bahnhof is pretty amazing. They have great interior design too, almost like a
movie set (although I haven't visited in person yet).

While for reasons of principle, hosting controversial content is great, and if
it's legal in your jurisdiction, it is up to you if you want to do it, as a
practical matter, a site getting >10Gbps DDoS while paying presumably close to
nothing is going to potentially impair the usability of other sites in the
datacenter. Even if you don't put profits above principle, you have a
responsibility to your other customers to not fuck them over.

A pure colocation (vs. managed or hosting) facility in a legal to host
jurisdiction, near or at a carrier hotel where you can cheaply buy bandwidth
from a bunch of different providers (on their core networks), and with great
filtering agreements in place with the upstreams, is probably the only way to
go. The colocation facility is just renting you space and power, and it's a
much more arms length relationship; you can rapidly turn up network
connections from other providers within the facility, vs. your own building
somewhere (where running fiber often requires digging up the streets).

Back in 2000 I did this with ~2Gbps of aggregate transit/peering to people
inside London Telehouse, and 4xE1 + WiFi to the hosting location, with VPN
over VSAT as a backup.

You want to be able to put "problem" customers on their own subnets,
potentially on their own routers and even transit connections, to isolate them
from the rest of your customers. Combined with the regulatory constraints,
Stockholm and Amsterdam are probably the best places to do this right now (or
SFBA if it's a customer who will not be a legal problem in the US).

------
cosmicray
Back in the late 1960s, and early 1970s, AT&T built a series of nuke resistant
bunkers. The typical specs were concrete walls 36" thick, self contained
turbine generators, water and air purification, plus rations to last up to 6
months. Some of those facilities are still around and operating (including one
not far from me). I would expect that the switching gear of todays vintage
takes up much less space and power than it did in 1971. Back then the
interconnections were via long-distance coxial cable and microwave. Today
there are fiber huts adjacent to the bunker.

I wonder what AT&T uses all that extra floor space for now.

~~~
pak
I don't think you were referring to these, but there are actually a few
windowless, fortified concrete skyscrapers in New York that were built as
telephone switching centers. Here's one in Lower Manhattan that is 29 stories:

<http://en.wikipedia.org/wiki/33_Thomas_Street>

They were likewise designed to withstand nuclear fallout. Because telephone
switching equipment has shrunken over the years they now rent out some of the
floor space as a hosted ultrasecure datacenter.

~~~
nkassis
That building looks like something right out of blade runner.

~~~
Devilboy
The article calls it 'extreme brutalism'

[http://maps.google.com.au/maps?f=q&source=s_q&hl=en&...](http://maps.google.com.au/maps?f=q&source=s_q&hl=en&geocode=&q=33+Thomas+Street,+manhattan&sll=-33.886413,151.118261&sspn=0.022836,0.016201&g=33+Thomas+Street&ie=UTF8&hq=&hnear=33+Thomas+St,+New+York,+10007,+United+States&ll=40.716799,-74.00565&spn=0.000966,0.001523&t=h&z=20&layer=c&cbll=40.716799,-74.00565&panoid=kxOcRk6jH3sMR-4XaNyn1w&cbp=12,208.86,,0,-36.67)

------
patrickgzill
Is this a black eye for Amazon, or do they get a pass due to the pressure that
we assume was applied to them as a company domiciled in the USA?

~~~
ergo98
They get an easy pass. The idea of this ever going to Amazon in the first
place just seems extraordinarily ill-conceived: There was no way it was going
to stay up.

Wikileaks is pursuing a remarkably old-school method of releasing these, with
the whole centralized distribution point.

They should release the entire set via P2P with collections symmetrically
encrypted. They could then -- via the most rudimentary methods -- release
individual keys at chosen intervals to still obtain the same throttled
response. And one day when the feds are kicking in the doors, just drop the
entire key collection.

~~~
glhaynes
I wonder why they're not doing that.

~~~
sliverstorm
It's far less visible to normal, ordinary people, who they need to reach. The
success of WikiLeaks depends in part on being highly visible and accessible by
anyone and everyone- ironically, much the same as terrorism. (Not that I
believe they are a terrorist organization, but they definitely function kind
of like one, at least superficially)

I imagine the day somebody figures out how to make a HTTP-compatible P2P
network that allows you to browse web pages hosted on bittorrent will be the
day WikiLeaks moves to P2P.

~~~
ars
> It's far less visible to normal, ordinary people, who they need to reach.

There's no reason they can't do both.

~~~
eneveu
I think there is more to it than a desire to space the releases to get better
PR.

They may want to verify the authenticity of the documents to avoid fake leaks.
They may also want to edit some documents to remove data that would put
individual persons at risk, like they did with Cablegate.

Doing this takes time, and may not be short-circuited easily.

They can't simply encrypt the files, release them using P2P, and _then_ edit
them / check them for authenticity. I guess it would be useful as an
insurance, though.

------
tlack
Can anyone with more technical knowledge comment on this facility's
connectivity to the internet, and how damage-resistant that is? If someone
were to forcibly take Wikileaks offline, I would think internet connectivity
would be the easiest attack vector, especially if they're located in a remote
bunker which probably limits their options.

~~~
JoachimSchipper
We're not quite at the level where anyone is going to risk war by throwing
cruise missiles into a major metropolis just to shut down Wikileaks...

------
arethuza
No bunker is really completely nuke-proof - even Cheyenne mountain had
multiple SS-18s with single 25 _megaton_ warheads targeted at it - it would
not have survived.

You might survive a near miss or fallout in a bunker - but in the age of
precision delivered and/or high yield bombs nowhere is 100% safe.

~~~
ANH
Yes, the author of the article must not have watched the video he linked to.
The CEO of Bahnhof himself jocularly admits it wouldn't survive a direct hit.

------
woadwarrior01
More pictures of the Bahnhof datacenter, from the pingdom blog.
[http://royal.pingdom.com/2008/11/14/the-worlds-most-super-
de...](http://royal.pingdom.com/2008/11/14/the-worlds-most-super-designed-
data-center-fit-for-a-james-bond-villain/)

------
davidedicillo
This is a 360 tour of the place <http://www.bahnhof.se/panorama/>

~~~
nkassis
I found the Tintin moon rocket in the conference room quite awesome ;p

------
chrislloyd
I think now is an appropriate time to mention "When Sysadmins Ruled the
Earth": [http://baens-
universe.com/articles/when_sysadmins_ruled_the_...](http://baens-
universe.com/articles/when_sysadmins_ruled_the_earth)

------
mkramlich
Crypt anyone?

Just finished Stephenson's masterpiece last week.

I bet that's Randy in that last pic. ;)

------
gravaint
Looks like a place that Jack Bauer would break into.

------
die_sekte
Utterly insane. Neat. Holy shit. I don't know what to think.

