Amazon Atlas: The “Highly Confidential” locations of Amazon's data centers
wikileaks.orgHow come WikiLeaks is distributing this? I don't see any meaningful connection to government transparency or even corporate transparency... this has nothing to do with abuse of power, it is completely normal and rightful for a company to keep its infrastructure locations secret. Some of this could be found through public records, etc. and that fine to post, but internal operating procedures are not.
Sure, it's fun to look at. But the only people who will really benefit from this being leaked are AWS competitors and malicious actors intending to disrupt international communications.
Amazon is making local governments to compete against each others for data center locations, so it's in the public interest to know the locations. For example, you can compare at the location, electricity cost, infrastructure, tax schemes and tax revenue etc. in local level and see how important they are for Amazon and maybe even estimate the benefit of having Amazon.
The location of Amazon data centers is not hidden from it's large competitors, or any adversary.
Another perhaps less known aspect of these tax giveaways is that the details are kept secret. They are often embarrassingly huge giveaways, that's one of the reasons they aren't public [1]. I wish we could stop corporate giveaways. I love the software work that amazon is pioneering, they are pushing the envelope, doing great work, enabling companies to grow and do new things. But they are one of the richest companies in the world, they shouldn't get tax credits, imho. I don't think this location info should make it risky.
[1] https://www.businessinsider.com/amazon-hq2-candidates-keep-p...
I absolutely agree. Essentially, corporations with huge revenue streams get major tax advantages that are not available to local companies in exchange for "creating jobs".
It turns out that each of those jobs is so costly to taxpayers that the only real benefit is for the politicians that announce the "partnerships" (and the receiving company, obviously).
Here's a couple of interesting articles on the matter:
- https://www.nytimes.com/2012/12/02/us/how-local-taxpayers-ba...
- https://www.theguardian.com/cities/ng-interactive/2018/jul/0...
Then shouldn’t they publish the documents showing those giveaways instead which surely makes more sense, doesn’t put AWS customers at potential risk and holds local governments accountable?
The simple thing is to put anything you get your hands on online under the opaque umbrella of public interest. The responsible thing to do is to run with it, find the local governments in those areas and file requests for the records of any transactions to be made public. That would be in public interest. Dumping anything that has a SECRET written on it is not always a good thing.
> AWS customers at potential risk
This line of reasoning is the one that powers at be want us to partake in. It normalizes surveillance in preventing some unknown danger.
Putting AWS data centers on a map is not a danger to customers.
I'm not sure why Russian intelligence cares about AWS datacenter locations.
This has largely been an "open secret" for a long time. If you want to know where an AWS datacenter is, ask local taxi drivers and pizza delivery folks. These things are huge, and very hard to hide.
Which assumes that you know the locale. I imagine that there is one in Ashburn, Virginia, maybe an hour's drive from here. But what pizza delivery operation would I ask? I guess I could hail a cab at Dulles and ask to be taken there.
The locale is "the region as announced publicly," and anyone who's in a position to use this information is going to pay more than one person to start digging. It's a crowdsourcing problem.
Doesn't the CIA have a contract with Amazon to use AWS?
Yes, the US government does, but the AWS Cloud for government is mostly (entirely?) not included here. This list is also highly incomplete otherwise unrelated to government as well (us-east-2 region isn't covered at all for example).
So?
That is the connection to government transparency.
The CIA is storing massive amounts of our data somewhere, so shouldn't we have the right to know where?
Why? Why does knowing where it is located a "right"? I feel US citizens have a right to know who is storing the data, and the parameters they must follow. Also you should have a right to know where the data is located, as in "in the USA". But beyond that, isn't having the actual address a security concern?
I don't think the CIA's version of AWS is stored in these datacenters. It's a totally separate region, likely with special physical security measures and oversight rules. https://aws.amazon.com/blogs/publicsector/announcing-the-new...
I don't believe so, not if the risk to the general public is great enough.
The public is far more at risk with the CIA around to begin with, so long as it continues to carry out bullshit interventions around the world that so often come back to bite us. The primary impediment to enumerating these risks is the CIA's lack of transparency.
I don't know the answer, but the question works equally well flipped around. If they have it, why not release it? Hiding the information to ward of malicious actors and AWS competitors is security by obscurity, and not reliable. It's nearly impossible to hide a giant data center, so a dedicated person can track most of them down anyway.
I'd be more sympathetic if Amazon weren't holding a competition to see which city would give them the biggest tax breaks. It's only fair that everybody sees what other deals they're getting.
Nothing to hide, nothing to fear and all that.
But also, voters might be interested to know if Amazon has a large mostly-invisible presence in their city.
It's not like you can hide a datacenter from aerial photos or space based photography. Giant air handling units and 1 megawatt+ sized generators are huge. You could theoretically camouflage one, but they're built in a cost-sensitive manner, it would cost millions to actually "hide" a datacenter from IMINT techniques.
From what I've seen Wikileaks releases all kinds of stuff that has nothing to do with the things you mentioned.
As for the AWS information, I'd be hesitant to have my data hosted at the one in Oregon, it's right next to a bombing range! One bombing mishap...
If you follow the AWS best practices you have nothing to worry. Hint: use multiple availability zones and regions
WikiLeaks may not have the mission statement you think it does.
It's from 2015.
It says it right in the article.
> Currently, Amazon is one of the leading contenders for an up to $10 billion contract to build a private cloud for the Department of Defense.
Amazon aims to partner with the DoD, that makes them quasi governmental.
Sure, but I'd have the same question if Wikileaks published the locations of all DoD internal server farms. What possible importance does that information have beyond its potential to compromise security?
> its potential to compromise security?
It's a bingo.
It's a trillion dollar company headed by the wealthiest man in the world with ties to the pentagon and owns the washingtonpost.
Why is it that whenever wikileaks leaks anything, people whine about it?
> AWS competitors benefit
Wikileaks desires a world in which there is high competition between web service providers so none of them gets too powerful. This is consistent with their objectives.
Wikileaks desires whatever putin tells them to desire.
Is there any evidence that Wikileaks works for Russia, as opposed to some other nation state, eg China or Iran?
"Top 10 most boring building in the most boring part of town with no food truck for miles."
https://www.theatlantic.com/technology/archive/2016/01/amazo...
Seriously, besides the DoD contract angle, what's the point in publishing this data?
As a resident of Ashburn, VA the locations are hardly a secret. Just about everyone in the area who cares to know, knows. I drive past the place in the header image of https://www.theatlantic.com/technology/archive/2016/01/amazo... on the way home from the Sterling Wal-Mart. My next door neighbor is an HVAC tech for Amazon, and he's only barely secretive about where they are (to me anyway). Everyone at Old Ox and Crooked Run breweries seems to know, etc.
Agree.
The Google Maps tiles are labeled “Amazon Datacenter Complex” or such on at least one cluster. I don’t mean Wikileak’s pins, I mean the public rendered tiles.
Also an Ashburn resident and I agree. There isn't a much worse kept secret.
The address in Palo Alto is right off University Avenue behind the Walgreens. The one in Luxembourg is an office building as well. I don't see much value unless one wants to destabilize internet infrastructure.
Most of the ones in the Bay Area are, to my knowledge relatively small "retail" colo spaces.
200 Paul, 528 Bryant is PAIX, 11 Great Oaks is Equinix. SV2 got shut down years ago. I don't remember AWS ever being in 3000 Corvin, which is a tiny, poorly powered data center.
As an example of how old this data is, I reported to someone in 2014 time frame that led data center operations for some AWS regions including North America. He told stories of vacating 200 Paul, I'm guessing in the pre-2010 timeframe.
In any case, none of this information is that big of a secret. It's all in the public record. It's pretty hard to build something that size and with that degree of power consumption without others noticing. There's generally plenty of news media about such things:
http://www.eastoregonian.com/eo/local-news/20170317/amazon-k...
I thought the datacenters on Corvin were newer; I've spent a lot of time at the Walsh Ave ones next to Nvidia and Corvin stuff looked new.
I just checked and you are correct. I guess they probably leveled the old building, which was 3030 Corvin. Anyone that was there in the mid 2000s remembers when Facebook heated the place up and they had box fans every where, an extra generator parked in the parking lot, etc.
Makes sense, I never visited that area until a job I started in 2011.
So, basically, it's at PAIX/Equinix.
Those have been vacated by AWS for quite a while.
The Luxembourg ones are perfectly well-known data centres.
1 day of destabilization = 10 years in jail. It will quickly recover, you however will not.
It is somewhat humorous you would assume a determined attacker would be apprehended, or dissuaded by jail time. Poor threat modeling. It's difficult enough to defend against wild backhoes.
You give actors too much credit
Great! Now I'll know where to go when I need to restart my EC2 instance.
The timing on the release of this information is very _interesting_, considering:
"Currently, Amazon is one of the leading contenders for an up to $10 billion contract to build a private cloud for the Department of Defense. [...] Bids on this contract are due tomorrow."
>"In some cases, Amazon uses pseudonyms to obscure its presence. For example, at its IAD77 data center, the document states that “Amazon is known as ‘Vandalay Industries’ on badges and all correspondence with building manager”."
This made me laugh. Vandalay Industries is a reference to a very funny Seinfeld episode. Someone at AWS has a good sense of humor:
Seems like using ‘Vandalay Industries’ is a terrible idea. Doesn't everyone* know that anything called ‘Vandalay Industries’ is an obvious fake?
* Maybe anyone over a certain age? Do people under... I dunno, 40? 30?... watch much Seinfeld? Seems like TV shows are largely generational things... I'm aware of MASH and Dick Van Dyke, but I wouldn't get the semi obscure jokes from those shows since they were on when I was super young.
I'd guess the goal is more to keep this list from coming up in public records searches than to serve as a truly effective disguise. I can't imagine the datacenter employees are expected to lie to everyone about where they work.
Which reminds me of the article on HN a few months/years back about how you could identify most spies because they all appeared the same way in embassy listings (which was all public information).
With a lot of things like this, you're really squatting at a particular point in the effort-reward curve. You're not going to make something of this scale absolutely secret; there are hundreds of people involved, deliveries of material over years, and ongoing services. It's not like Amazon can bury the workers on site after they finish their work, like people always claim the pharaohs of old did but probably didn't.
But being a little secret might solve some problems, so if there are low-effort ways to make it a little secret, you go ahead and do those. You make a shell company, even if it has a stupid name. You don't tell contractors or delivery people who the real owner is. You don't drive up to the building in a car that says "AMAZON1" on the license plate.
It's not going to keep the place totally secret, but if it makes a few things easier - you get fewer break-ins, you have fewer troubles with the local planning boards, whatever - it's probably worth the tiny bit of effort.
(Also, did you know that Dick Van Dyke is still alive and active? He's in the new Mary Poppins.)
I didn't even know there was a new Mary Poppins!
>"Which reminds me of the article on HN a few months/years back about how you could identify most spies because they all appeared the same way in embassy listings (which was all public information)."
Might you have a link to this post?
"How to Spot a Spook": https://news.ycombinator.com/item?id=14335310
> Seems like using ‘Vandalay Industries’ is a terrible idea.
I think it's more of a joke instead of a serious attempt at keeping the ownership hidden.
>"Seems like using ‘Vandalay Industries’ is a terrible idea."
It's obviously meant to be a joke.
>" Maybe anyone over a certain age? Do people under... I dunno, 40? 30?... watch much Seinfeld?"
Seinfeld is one of the most syndicated shows in television history and has been since the show ended. In some markets its on multiple times a day, it's also on Hulu. It's not really a generational thing.
I'm 31 and pretty much all my friends near my age have watched Seinfeld as some point.
The ones who would get that "Vandalay" reference? Probably <5% of them.
Seems to be outdated. One of the folks named in the document as responsible for a China site is not working for Amazon since a few years ago and is now at Google Cloud, according to his linkedin.
Again you can clearly see WikiLeaka mission: Randomly attacking and potentially damaging businesse.
Their justification for releasing this is crap.
But they made a 'game' of it! /s
Like others, I'm confused to the reasoning of the leak. What public good does it promote? What can anyone do with this information that is productive?
I agree with many of the others. I don't see how this information could be useful for anything except someone with malicious intent.
The leaked document is from October 2015.
It’s missing new regions in Ohio, Mumbai, Seoul, Canada, Paris, and GovCloud.
This release shows how desperate wikileaks is. Very old and outdated data that is far from secret. We should all simply ignore them nowedays, thank them for what they did in the past and tell them to move on. The only reason I see why they published is: get some new media attention because tomorrow they might get a contract with Y who we dont like blabla.
Wikileaks, if you leak everything indiscriminately like this you’re like that gossipy person no one likes or trusts.
The most shocking thing in this release is that amazon internally uses Twiki. Happy hacking, black hats!
The metadata of the PDF doesn't seem to include a date, but it's not particularly new. It doesn't have the London or Paris availability zones listed.
Doesn't it say late 2015 in the article?
..geo-awareness fail? or faith in bombing range containment?
Amazon competitors, like Google and Microsoft, already study these things through their mapping products. <yawn>
Interesting. A company which wants my real name as a customer is using fake company names to hide away.
This looks old. It doesn’t include their Columbus data centers for example.
Would it be possible to find the general location by checking ping times?
Not the most exciting, or revealing of leaks. Less interesting, then, say, their leaks of Turkish dessert recipes[0]. Great attempt at clickbait though!
Compare the locations with https://www.internetexchangemap.com/ and you'll see that most of these are just the natural locations for datacenters. Most of these locations are within a few kilometers, sometimes within a few hundred meters, of other commercial datacenters.
They generally fall within: Close to major population and finance centers with affordable power, abundant fiber, and local/state governments willing to give subsidies... like every other datacenter.
A lot of the locations look more like POPs, not data centers. The multiple in Brazil are just coloc and meet-me sites run by local companies (UOL, Algar, TIVIT).
What a shitty service, WikiLeaks...
This in no way harms Amazon in terms of security, though it may have a PR implication or possibly allow others to take Amazon to task in some way.
Security by obscurity cannot be relied upon.
Well, Amazon had a very deliberate policy of keeping this stuff secret, and went to some lengths to keep it that way.
I agree it's hardly a death-knell for them, it's more of a hiccup, but they didn't want this to happen.
I’ve lost all respect for Wikileaks. How about actually leaking documents on day, I dunno, how the Chinese government is trying to brainwash Uighurs and erase their culture and religion? Instead, it’s always the US that’s been the bad guy, and now it’s not even really the government directly. There’s no cultural suppression or a larger public benefit from knowing where amazon data centers are located.
What a joke.
You're assuming that anyone with these sorts of documents:
1) wants to leak them (most of the Chinese people who I've met in China, especially those who work in a government or military capacity, will bend over backwards to defend China from any level of perceived foreign criticism)
2) has the capability to leak them (most Chinese people are unlikely to know much about Wikileaks)
Pretty safe to assume wikileaks will not show up in Google Dragonfly searches.
> How about actually leaking documents on day, I dunno, how the Chinese government is trying to brainwash Uighurs and erase their culture and religion?
Wikileaks legitimately may not be in a position to acquire such documents to leak. My understanding is that they mainly distribute documents provided to them by others, and has never exercised much editorial discretion. If Wikileaks is best known in the US/Western Europe, it'll likely only acquire documents related to those regions.
For a Chinese person to leak documents about Xinjiang to Wikileaks, that person must first know about them, then be able to contact them, then be able to send the documents to them. I wouldn't be surprised if Wikileaks itself is blocked by the Great Firewall, and that its typical communication channels for leakers are blocked and/or difficult to use from the PRC, which makes the whole process doubtful.
We'll never know how much "editorial discretion" they exercise by just not releasing things that don't suit the narrative they're building. And I'm guessing it's actually a whole lot. During the 2016 US election, they implied often on twitter that they were sitting on more information about all parties, constantly hyping up more bombshells and then only releasing some one-sided nothingness. It was such an obvious attempt to destabilize the discourse, it's hard to imagine their motives were driven by anything other than the interests of a certain foreign government.
If you give those to wikileaks, they will publish them, I’m sure. So go ahead!