Information Age: News, analysis & insight for IT & business leaders

Grey market demand for high-end telecommunications equipment means organised criminal gangs are targeting data centres

In the small hours of Monday 28 February this year, a white van pulled off the A339 in Basingstoke, passing the BP garage and Mercedes car showroom before turning in to the deserted industrial estate on Hamilton Close.

The sledgehammer-wielding crooks in the van might have been tempted to hit the fine-wine warehouse or the furnishings distribution centre. Instead, the van pulled up to an unassuming, unmarked building at the south-east corner of estate and the thieves set about their work.

By the time the police arrived at the scene several hours later, any early risers that live around the M4 corridor may have already been alerted to the consequences of the break-in – especially if their mobile contract was with Vodafone. The thieves had targeted one of Vodafone’s technical facilities, which housed essential mobile telephony equipment, crippling parts of the mobile giant’s network. It took more than a day to fully restore services.

As the initial police investigation got under way, detective sergeant Lee McClellan confirmed they were working on the presumption that this was “a targeted attack”. The raiders evidently knew what they would find inside the unmarked building and had come prepared to move the hefty equipment. Opportunist crooks would have looked for easier pickings.

This was far from an isolated case. In May, rival mobile operator O2 had equipment stolen from its east London data centre, which interrupted service to customers in the region. As was the case with the raid on Vodafone, this was
“a well organised theft”, O2 confirmed.

In 2007, in an elaborate attack on a London data centre owned by Verizon Business, a group of thieves dressed up as policemen and conned their way into the building before tying up staff and stealing computer equipment. Other firms, such as Cable & Wireless, have been hit too.

So what’s behind these attacks on data centres? According to Simon Neal, chief operating officer at secure data centre operator The Bunker, thieves are often just looking for copper. As copper prices have spiked on global commodity markets, theft of copper cables has increased.

But the price of copper does not justify the elaborate, targeted operations that are sometimes launched against data centres. In these cases, thieves are looking for high-end telecommunications equipment.

In April, three men from Ilford were convicted of stealing millions of pounds’ worth of Cisco kit from a bank-owned facility in London’s Square Mile. According to detective chief inspector Dave Evans of City of London police, this was an “organised, well-equipped and determined” gang, that used a lock-up in east London to store the goods. The police seized hardware with a value of more than £2 million, along with a £70,000 Porsche bought with money from the sale of some of the stolen kit.

Incidents such as this raise the question, where does demand for stolen telecommunications equipment come from? Finding a fence for stolen copper is relatively easy; finding a handler for carrier-grade telecoms equipment does not happen by chance.

According to one source, who spoke on the condition of anonymity, most of the stolen equipment ends up abroad, resold to often unsuspecting businesses.

This is largely made possible by the existence of the legitimate secondary market for data centre equipment, in which bona fide businesses strip data centres of obsolete infrastructure – either because the kit is being upgraded or because the firm has stopped trading – and offer it for resale.

Between the legitimate secondary market and the criminal cartels, there is a grey market. Here, resellers abuse the channel incentives put in place by technology vendors. Equipment that is subject to promotion and discounts in one country is then sold with a big mark-up elsewhere. According to the consultancy firm Deloitte, this grey market is worth $1.4 billion a year.

The Metropolitan Police Service’s long-running Operation Grafton was set up to tackle serious and organised crime around Heathrow Airport, with a specific focus on freight crime for amounts above £10,000. One criminal group fitting into this category was arrested in 2007 following investigations into multiple data centre burglaries in which Cisco hardware was once again targeted.

According to the Met, investigations carried out in conjunction with Operation Grafton have demonstrated a clear link between hijack and robbery offences relating to computer equipment and multimillion-pound carousel frauds – a type of VAT-related fraud with strong links to the grey market.

The cartels behind these crimes have connections across Europe, Africa, the Americas and the Far East: wherever there is demand for cheap, powerful data centre kit, they can supply it. Typically, the stolen goods go through several traders before being sold on as legitimate equipment.

NEXT>> The illicit data centre trade's KGB roots