Comment by ChuckMcM
9 days ago
Article comments aside, it is entirely unclear to me whether or not there was no backups. Certainly no "external" backups, but potentially "internal" backups. My thinking is that not actually allowing backups and forcing all data there creates a prime target for the PRK folks right? I've been in low level national defense meetings about security where things like "you cannot backup off site" are discussed but there are often fire vaults[1] on site which are designed to withstand destruction of the facility by explosive force (aka a bomb) or fire or flood Etc.
That said, people do make bad calls, and this would be an epically bad one, if they really don't have any form of backup.
[1] These days creating such a facility for archiving an exabyte of essentially write mostly data are quite feasible. See this paper from nearly 20 years ago: https://research.ibm.com/publications/ibm-intelligent-bricks...
> there are often fire vaults[
Many years ago I was Unix sysadmin responsible for backups and that is exactly what we did. Once a week we rotated the backup tapes taking the oldest out of the fire safe and putting the newest in. The fire safe was in a different building.
I thought that this was quite a normal practice.
They did have backups. But the backups were also destroyed in the same fire.
Then it's just incompetence. Even I have my backup server 100 km away from the master one.
> My thinking is that not actually allowing backups and forcing all data there creates a prime target for the PRK folks right?
It's funny that you mention that...
https://phrack.org/issues/72/7_md#article
Ouch