Following the recent arrest of a man who was allegedly plotting to blow up an AWS data center, operators of computing facilities – and other digital infrastructure – are facing an important question. Was this a beginning of a trend, which would require a reaction on their part, or was it an isolated freak incident, in which case everybody can carry on as usual?
Several industry experts DCK has talked to believe that carrying on as usual isn’t an option. At a minimum, operators should review their security posture, emergency action plans, and disaster recovery plans. Beyond those basics, the foiled data center bombing plot can be used as impetus for investing in things like vehicle access control or monitoring corners of the internet where the conspiracy-minded congregate.
Earlier this month, the US Department of Justice arrested and charged Seth Aaron Pendley of Texas with malicious attempt to destroy a building with an explosive. According to authorities, he was planning to blow up an AWS data center in Virginia with C-4 in an attempt (in his words) to “kill off about 70 percent of the internet” and bring down “the oligarchy.”
Pendley had previously boasted online about being at the US Capitol on January 6, when an angry mob of Donald Trump’s supporters broke into and vandalized the Capitol Building – a riot that led to multiple deaths. Congress later impeached the former president for “incitement of insurrection.”
Following the riot, AWS discontinued services to Parler, for months shutting down the social network that was said to have been a primary platform used to plan the riot. When its decision became public, a comment by a Parler user suggesting “someone with explosives training” could “pay a visit to some AWS data centers,” prompting Amazon management to put its data center staff on high alert and postpone big changes or updates to services for several days.