Uncategorized

WikiLeaks claims to publish confidential AWS data centre location information

WikiLeaks has published what it claims is a 'highly confidential' document outlining the addresses and operational details of Amazon Web Services (AWS) data centres.

The whistle-blowing organisation claims to have published the document, originating from late 2015, as an attempt to shed light on the 'largely hidden' nature of cloud infrastructure locations.

"While one of the benefits of the cloud is the potential to increase reliability through geographic distribution of computing resources, cloud infrastructure is remarkably centralised in terms of legal control," the company wrote in a statement. "Until now, this cloud infrastructure controlled by Amazon was largely hidden, with only the general geographic regions of the data centres publicised."

AWS' global infrastructure page outlines geographical locations in terms of 'regions'; for instance, US East has six in North Virginia and three in Ohio, while Europe has presence in Frankfurt, Ireland, London and Paris – with three zones, or data centres, each. 

This is common practice – and compared with some others can be more information than usual. For instance, Oracle only put together a public-facing map of its cloud regions late last year; when this publication enquired for a list of its cloud data centre regions in mid-2017, reply came that there wasn't one available.

WikiLeaks claims there are elements of obfuscation revealed in the document. On page seven, regarding the IAD77 data centre unit in Virginia, the document states that Amazon 'is known as Vandalay Industries on badges and all correspondence with building manager'; the latter does not appear to exist outside of reference as a fictional company in the US sitcom Seinfeld. WikiLeaks has also issued an updated map of AWS' regions with addresses, notes and contact numbers.

The timing of the disclosure has also been influenced with regards to the upcoming $10 billion cloud contract for the US Department of Defense. As this publication reported in March when the tender was opened up, the government's search for a 'coordinated enterprise-level approach to cloud infrastructure' meant they were looking for a single vendor – arguing multi-cloud was too complex – to fulfil the work. Earlier this week, it was reported that Google had dropped out of the race, while Microsoft employees had protested about the ethical complications of winning the contract.

AWS and WikiLeaks have locked horns previously. In 2010, the former kicked the latter off its platform having previously been a customer, saying it did not own or otherwise control the rights to the classified content it was disclosing. 

"[We] have hundreds of thousands of customers storing all kinds of data on AWS. Some of this data is controversial, and that's perfectly fine," the company said in a statement at the time. "But when companies or people go about securing and storing large quantities of data that isn't rightfully theirs, and publishing this data without ensuring it won't injure others, it's a violation of our terms of service, and folks need to go operate elsewhere."

You can take a look at the WikiLeaks document here.