Forgot your password?
typodupeerror

RFID Injection Required for Datacenter Access 551

Posted by Zonk
from the one-way-to-make-sure-we're-working dept.
user24 writes "Security focus reports that RFID injections are now required for access to the datacenter of a Cincinnati company. From the article 'In the past, employees accessed the room with an RFID tag which hung from their keychains, however under the new regulations an implantable, glass encapsulated RFID tag from VeriChip must be injected into the bicep to gain access ... although the company does not require the microchips be implanted to maintain employment.'"
This discussion has been archived. No new comments can be posted.

RFID Injection Required for Datacenter Access

Comments Filter:
  • Comrades... (Score:5, Insightful)

    by Bananatree3 (872975) * on Saturday February 11, 2006 @11:32PM (#14697782)

    ...and the Comrades marched rank and file into their working facility, while the Big Brother telescreen carefully scanned each implanted chip...

  • by martinultima (832468) <martinultima@gmail.com> on Saturday February 11, 2006 @11:33PM (#14697796) Homepage Journal
    Back in the good old days, we used to just use duct tape and superglue to keep people from messing with our machines! (And I guess OpenBSD [openbsd.org] doesn't hurt either... ;-)
  • by Statecraftsman (718862) on Saturday February 11, 2006 @11:34PM (#14697801) Homepage
    the part about the VeriChip being sucsceptible to scanning and cloning.

    At least, it doesn't need to be cut out to be used by a sufficiently motivated attacker.

  • by HeavensBlade23 (946140) on Saturday February 11, 2006 @11:37PM (#14697817)
    Isn't this what the Christians have been saying was going to happen for the past 20 years now? Of course, it's not the governing that's forcing the chips on people, but it's only a matter of time.
  • by scotty1024 (584849) on Saturday February 11, 2006 @11:40PM (#14697835)
    But now they want to chip us like dogs too?

    What's next, kibble in the break room vending machines?
  • Why? (Score:5, Insightful)

    by cgenman (325138) on Saturday February 11, 2006 @11:40PM (#14697837) Homepage
    I'm not understanding the point here. If you inject the RFID chip, you can theoretically track your users wherever they go. But you can't ensure that access isn't being granted to someone who has an RFID chip in their wallet. You are making it slightly harder to steal the data, but you're not making it any harder to clone the chip.

    What's the security benefit to injected RFID?

    BTW, this [spychips.com] is the original article.

  • by Shky (703024) <shkyoleary AT gmail DOT com> on Saturday February 11, 2006 @11:41PM (#14697838) Homepage Journal
    Could someone object on the basis of religious discrimination if they believe that RFID implants constitute the "Mark of the Beast"?
  • Re:A milestone (Score:4, Insightful)

    by servognome (738846) on Saturday February 11, 2006 @11:43PM (#14697852)
    Is this the first time civilians have been required to do thing type of thing?

    Lots of stuff has been done to monitor civilian employees: Drug testing, email snooping, time card punching, video monitoring, background/credit checks, etc.
  • Re:The solution... (Score:2, Insightful)

    by spectre_240sx (720999) on Saturday February 11, 2006 @11:44PM (#14697854) Homepage
    Ugh. I hate that site. Besides the fact that the IT section is full of spam telling me how I can work from home and make 3 million dollars a year, the site seems like it's always having troubles. I get runtime errors constantly while working on my resume. To hell with monster.com. Craigslist rules.
  • Re:uh, no. (Score:3, Insightful)

    by netwiz (33291) on Saturday February 11, 2006 @11:45PM (#14697861) Homepage
    Actually, they didn't leave it out, and I did read the article. My comment was a question of the logical extention of this policy. More to the point, if they're only going to allow access to RFID-enabled employees, doesn't it seem kinda necessary that either 1) you will be implanted if your responsibilities include accessing the video library, or 2) you're going to lose that responsibility. I can't see the latter being a positive career move.
  • by zappepcs (820751) on Saturday February 11, 2006 @11:45PM (#14697863) Journal
    This will only last about as long as the Sony rootkit-like DRM lasted. It now has public attention, and when it is pointed out that the scheme has enough security holes in it to act as a noodle strainer, the number of people who will actually allow the implant will be zero, meaning there will be no one to do any maintenance in the datacenter, and thus the rules will have to be changed.

    For less than they paid for the RFID system, they could have hired someone to log people in and out of the data center. Additionally, I question the validity of a system that restricts access to only those with an implant during disaster situations (fire, flood, and worse) where access rights and needs are rather different than in normal situations.

    Good security costs a lot of money, and you cannot replace the human element in the security chain. The RFID schemes won't prevent anyone following an authorized person into the data center, unless there is physical restrictions that would make working in the data center dangerous during emergencies. In this case, the $10/hour guard is more flexible and cheaper than the high-tech answer, and more respectful of humans in general... or at least I think so
  • by cyberjessy (444290) on Saturday February 11, 2006 @11:45PM (#14697866) Homepage
    To me this sounds more like a marketing ploy. So that they could go to potential clients and say, "Look we are so secure and futuristic that we need embedded chips in humans to access our critical datacenter!". Client is left stunned.

    IANA American, but I hope that the goverment would do something if this was forced on the employees working in the datacenter. After all, what can this achieve which cannot be done with a retinal scan, RFID tag combo? If the criminal can pass the retinal scan, can't he also pluck the RFID from the employee and stick into his arm?

    Huh..... I would hate it if someone said they are gonna put a chip inside my body. Wait till someone gets hurt and the company gets sued for a million dollars.
  • Re:A milestone (Score:5, Insightful)

    by Jafafa Hots (580169) on Saturday February 11, 2006 @11:50PM (#14697892) Homepage Journal
    Well, there were those number tattoos in the Nazi slave labor camps...
  • Re:From TFA (Score:5, Insightful)

    by Esion Modnar (632431) on Saturday February 11, 2006 @11:51PM (#14697899)
    Although the company does not require the microchips be implanted to maintain employment, anyone without one will not be able to access the datacenter

    And anyone who requires access to the datacenter to do their job, such as operators and sysadmins, cannot DO their job unless they get the implant. And if they cannot do the job, how are they expected to maintain employment?

    I suppose the official reason for termination would be "uncooperative attitude." Certainly not "he refused to get chipped." Or maybe the company will concentrate on ways to make the employee so miserable, he just quits. Problem solved.

  • Re:Why? (Score:5, Insightful)

    by netwiz (33291) on Saturday February 11, 2006 @11:55PM (#14697920) Homepage
    You're not even really improving the security at all. Most of these types of devices get a short burst of RF at the reader which serves two purposes, one to provide raw power for the device (a la crystal radios), and one to signal the device to request it's ID. The device gets just enough power from the input signal to do a lookup and squirt back it's code just before it dies. The trick is, so long as you're willing to wait for someone to use the door, a directional antenna will pick up the conversation nicely. Once you've got a sample of the door's signal (they broadcast continuously), you can use the same directional to trigger the victim's ID unit remotely. Since normal badged users won't have the badge on them at all times, you couldn't get the code by following them in public. The RFID guy on the other hand, well, he's a different story. you could snag codes from him all day by just hanging nearby as he goes in/out of stores, Wal-Mart, etc.

    So in the end, the RFID makes things worse by imcreasing the level of access to the device itself.
  • Re:From TFA (Score:3, Insightful)

    by TykeClone (668449) * <TykeClone@gmail.com> on Sunday February 12, 2006 @12:03AM (#14697966) Homepage Journal
    One last thought, what does the company do if those implanted leave or are fired?

    Maybe revoke the authorization for that particular RFID device?

  • by Anonymous Coward on Sunday February 12, 2006 @12:05AM (#14697972)
    In Soviet Russia, RFID chips employ YOU!
  • Re:A milestone (Score:5, Insightful)

    by JabberWokky (19442) <slashdot.com@timewarp.org> on Sunday February 12, 2006 @12:07AM (#14697985) Homepage Journal
    Godwin's Law does not apply when there is a legitimate historical reference to Nazis. I'd say this one actually is a proper and on-topic reference, as there aren't many other cases of forced permanent identification or serialization. I can think of plenty of "mode of dress" and uniform enforcements, but no other examples of permanent body modifications that mark specific individuals.

    --
    Evan

  • Re:Why? (Score:3, Insightful)

    by killjoe (766577) on Sunday February 12, 2006 @12:07AM (#14697986)
    "What's the security benefit to injected RFID?"

    It probably gets the CIO a bonus. That's the way these things work in corporations. It has nothing to do with whether it's effective or not. It benefits the ruling class and you have no need to know why or how. Do it or hit the road.
  • by gad_zuki! (70830) on Sunday February 12, 2006 @12:09AM (#14698001)
    We all know that this won't increase security, but now this surveillance company can use this in all their advertising and PR. "Sure, you can go with the other company but they arent half as serious as we are. We put bloody implants into our employess! That's serious!"

    Its harmless except for Joe and Jane Datacenter who have to go in for some minor surgery on the weekend to keep their jobs. I hope this "Golden Casino" mentality stops right here after these people get exposed for the dumbasses that they are. Hell, even in the article they did not know the weaknesses of RFID authentication.

    I woulndt doubt if this was 100% publicity stunt. I wonder how many people even have to access the datacenter. Depending on the company size it could just be one or two people. Of course all the executives, security, etc will have the old keycards that will work just fine.
  • Re:Escalation (Score:5, Insightful)

    by tftp (111690) on Sunday February 12, 2006 @12:12AM (#14698016) Homepage
    Don't worry, nobody is going to take your arm (it's too large to carry.) The chip is not that deep, so a small incision with a sharp boxcutter will allow the attacker to pull the capsule out. He only may need to explore a bit (with that knife) around the needle scar :-( Chances are very good that you will survive, especially if the attacker knows how to avoid major blood vessels, and if the knife is clean, and if you don't need that arm that much. Just choose your attackers carefully and check their medical diplomas before they do it to you.
  • by slashname3 (739398) on Sunday February 12, 2006 @12:17AM (#14698033)
    unless there is physical restrictions that would make working in the data center dangerous during emergencies.

    Many datacenters have mantraps installed that permit only one person in at a time to prevent drafting. For emergencies there are doors that will open allowing rapid egress of the facility bypassing the man traps normally used to leave and enter the facility.

    The security team that thought implanting an rfid tag into the employees provided an increased level of security should be fired. About the best that can be claimed for this is elimination of lost access cards.
  • Re:uh, no. (Score:5, Insightful)

    by netwiz (33291) on Sunday February 12, 2006 @12:32AM (#14698099) Homepage
    Okay, but what's the metric here? "Unsafeness?" How "unsafe" is getting an RFID implant? Is it then safe to assume that if something was sufficiently risk-free, that a potential employer could get away with making the employee submit to their wishes? How far might that go? And most importantly, who's deciding what's unsafe, and where's their money come from?
  • Re:Don't panic (Score:5, Insightful)

    by Somegeek (624100) on Sunday February 12, 2006 @12:33AM (#14698102)
    I don't think the CIA is going to want thier agents permanantly broacasting a message that says 'hey I work for the CIA' to anybody that has the desire and technology to listen.
  • by Drachemorder (549870) <brandon AT christiangaming DOT org> on Sunday February 12, 2006 @12:40AM (#14698134) Homepage
    Well, sorta; one idea is that the mark of the beast could be an implantable device. But to qualify as the mark of the beast it would need to be in the right hand or forehead, you'd have to have one to be able to buy or sell anything, and you'd have to sell your soul to the devil when you accepted it.
  • by Rakishi (759894) on Sunday February 12, 2006 @12:49AM (#14698171)
    Ironically, the extra security sought may be offset by a recent discovery of Jonathan Westhues, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication. When contacted, those at CityWatcher were unaware of the chip's security issue, according to the spychips.com release.

    So before I needed to get close to an object (whatever had the rfid tag) which under normal circumstances an employee would not be carried around (say they were going home or something) or could have it in a reader blocking case. Now, I simply need to get close to an employ anywhere at any time to copy their data.

    Fucking brilliant, now I can steal their tag without anyone ever knowing, whereas before they'd know it was gone in a reasonable amount of time (I'd have to steal the physical object most likely).
  • Don't Give In (Score:2, Insightful)

    by Mr Bubble (14652) on Sunday February 12, 2006 @12:57AM (#14698201)
    This is way over the line and a dangerous precedent. The employees at this company must refuse and they must take this to court. If they acquiesce, it will establish a precedent and other companies will see that people are willing to allow corporations to do this shit and it will spread. Once it's common in corporate security environments, the government will start requiring it. This is bad news. The company doesn't own my body. They can stick the tag up their ass.
  • Big Brother (Score:4, Insightful)

    by westlake (615356) on Sunday February 12, 2006 @12:59AM (#14698206)
    ...and the Comrades marched rank and file into their working facility, while the Big Brother telescreen carefully scanned each implanted chip...

    It's a video surveillance company. You work in the data center, you become Big Brother.

  • by Belseth (835595) on Sunday February 12, 2006 @01:05AM (#14698237)
    It's the gradual change that scares me. First it starts with things that people can justify easily until it seems like a normal part of life then how can you object to something so harmless. Besides it's for our own good. How long will it be before you need an implanted chip to use a fire arm? They are already pushing for chip activated pistols that would need a ring or wristband to be used. Next step would be implants. Who could object? How long before drivers licenses require inplant chips? No time soon but eventually. Indentity thieft may make people even demand it. Remember driving isn't a right. You want to do it you abide by the rules. How about credit cards? Banks loosing money to thieft may start pushing for chips to combat thieves. You want a credit card you get a chip. May be not for fifty years but I think such things are the future. DNA identity systems may make the credit card version unnessaccary but then we are constantly having our DNA checked. A job can require DNA scanners for identification but what is to stop the same machines from checking for genetic desease? Suddenly to keep health costs down companies start laying off high risk employees. All such systems are dangerous and will be abused. The real reason is never for your benefit and in the end will take away our rights.
  • by GoMMiX (748510) on Sunday February 12, 2006 @01:30AM (#14698325)
    Now people are required to inject glass capsules into their arms to enter a facility?

    Now we know asbestos kills.

    What will be said of placing RFID tags into our bodies 50 years from now.

    Some risks are worth taking, there is no question. For me, this is not one of them.
  • Re:A milestone (Score:2, Insightful)

    by teslafreak (684543) <teslafreak@hotmail.com> on Sunday February 12, 2006 @01:34AM (#14698344) Homepage Journal
    "there aren't many other cases of forced permanent identification"

    And there isn't one here.

    It says right on the story that it is NOT required to stay employed. If you don't like the idea, don't do it.

  • Re:A milestone (Score:3, Insightful)

    by fungus (37425) on Sunday February 12, 2006 @01:35AM (#14698347)
    Slaves and criminals were marked with red hot iron before. It happened in America and elsewhere. If that's not forced permanent identification, I wonder what is.

    http://www.ralphmag.org/slave2.html [ralphmag.org]
    http://en.wikipedia.org/wiki/Branding_(law) [wikipedia.org]
  • by satcomdaddy1 (938185) on Sunday February 12, 2006 @02:04AM (#14698447)
    Taking the "frog in water" tack a step further, let's assume that the RFID chip is currently the same size as the one I just put in my dog. (About the size of a grain of rice, they tell me.) This is probably far too large/intrusive to put in the hand(for Revelations to come to fruition). With the advent on nanotechnology, there is no doubt that these can be made not only smaller in the future, but they also can be made of a 'non-rejectable' material so that the body wouldn't force it out thru the skin. Now let's take it out of the bicep, which has relatively little range of movement. If it were restricted to the upper arm, the reader/receiver would have to be at a certain height, relative to the "average" bicep height. This wouldn't last for long. It needs to be given a more full range of motion, so that employers/sellers/buyers/governments could put the receiver anywhere. What's a place on the body with a great range of motion, could reach either side of a door, capable of going high/low/everywhere? The hand, you say? What a novel concept! This is not a great leap to tie the necessity of having a chip implanted for work to requiring permanent identification for the conduct of everyday life, and as a side note, coming close enough to a 2000 year old prophecy(that I believe, BTW) to allow 'him who has understanding' to 'reckon'.
  • Re:A milestone (Score:3, Insightful)

    by Money for Nothin' (754763) on Sunday February 12, 2006 @02:25AM (#14698516)

    And there isn't one here.

    It says right on the story that it is NOT required to stay employed. If you don't like the idea, don't do it.

    Wrong. TFA specifically states:

    In the past, employees accessed the room with an RFID tag which hung from their keychains, however under the new regulations an implantable, glass encapsulated RFID tag from VeriChip must be injected into the bicep to gain access, a release from spychips.com said on Thursday.

    Although the company does not require the microchips be implanted to maintain employment, anyone without one will not be able to access the datacenter, according to a Register article.

    Thus, *IF* you work in that datacenter, then you *MUST* get an RFID chip in the bicep. *IF* you refuse the chip, then you *CANNOT* enter the datacenter -- and thus, how do you do your job?

    Perhaps the company will be able to re-position people who adamantly refuse to be chipped. However, my suspicion is that:

    1) The company isn't big enough to have so many such possible positions available (just look at their "About Us" page -- doesn't this look rather low-grade and unprofessional [citywatcher.com]?), and

    2) Every employee will go along with it anyway, like a bunch of goddamn cattle being taken to slaughter. *Especially* if the people working there are willingly working for what is a surveillance company...
  • by plover (150551) * on Sunday February 12, 2006 @02:35AM (#14698549) Homepage Journal
    The difference between mag stripe cards and RFID chips is that mag stripe cards cannot be read remotely. Your door access card is fairly safe, as long as you don't allow it to leave your possesion and don't run it through "strange" readers.

    Regardless of manufacturer's claims of "short ranges", hackers have successfully read RFID tags at distances of up to 69 feet. That means a van stopped near the office building's door could pick up a card being energized by the door's reader.

    Smartcards are definitely the route to take for "difficulty in cloning."

  • by extra the woos (601736) on Sunday February 12, 2006 @02:43AM (#14698574)
    I'm a Christian so here's my input.

    This isn't the same as the mark of the beast, however it DOES prove that indeed there is no new idea under the sun :)

    Anyway, I don't think the mark of the beast is something physical (i mean how could they control your thoughts right)... Instead I believe it means that it is in their minds (what they think) and in their hands (what they do, their actions)...

    So the world will think and do a certain way, after the beast... my input lol

    Still, this is an interesting thing for employee rights in that it brings up a: how far will it go? question.
  • Re:A milestone (Score:3, Insightful)

    by JabberWokky (19442) <slashdot.com@timewarp.org> on Sunday February 12, 2006 @07:39AM (#14699242) Homepage Journal
    Perhaps I worded it poorly... none of those mark *specific* individuals, i.e., function as identity that can be referenced per person a la a serial number (thus my use of the term "serialization"). Lots of group tattoos and marks that show affiliation, and several non-permanent things like dog tags that are worn, but I can't offhand think of anything like dog tags or drivers licenses (i.e., specific identity) that are forcibly and permanently marked upon an individual's body other than the Nazi tattoos.

    Maybe there are, but none of the replies have been specific to more than just a group.

    --
    Evan

  • by slashname3 (739398) on Sunday February 12, 2006 @09:24AM (#14699436)
    The reason they would take the whole arm is that it would probably be difficult to dig around in the arm to find the implant. Much quicker to just use a hacksaw and take the arm. Plus they might damage the RFID chip while trying to extract it.

    The whole idea is about as silly as it can be. While it sounds hi-tech and probably would impress most managers it does nothing NOTHING to improve security.

    Although it might be good to use as a method to tag point haired bosses so we can track their movement through the various companies during their careers.
  • Re:"The Mark"... (Score:3, Insightful)

    by Thing 1 (178996) on Sunday February 12, 2006 @11:26AM (#14699874) Journal
    We have been monitored a long time and for many different reasons. The public is mostly ignorant, AS THEY SHOULD BE. Could someone explain to me why we would want everyone to know that our governments have monitoring in place? It isn't something that could ever openly be acknowledged.

    Everyone should know so that they can act appropriately. For instance, what's the point in voting when Diebold will just hand the election to the highest bidder?

    The monitoring should go both ways. Elected officials should be monitored 24/7, audio and video, and these feeds should be made available to the public for their amusement and also to ensure that we know when they're talking to Diebold, or Enron, or Halliburton, ad nauseum. This would go a long way towards eliminating corruption--which is of course why they'll never go for it.

  • Re:A milestone (Score:4, Insightful)

    by Richy_T (111409) on Sunday February 12, 2006 @03:56PM (#14701055) Homepage
    But RFID doesn not require the participation of the owner. That stranger who just jostled you in the subway now has your RFID code (You can make RFID readers *small*) Now a)You don't know the code has been stolen (vs having your passcard lost or stolen) and b)When you do discover the code as been stolen, changing your own code is a *lot* more hassle than issuing a new passcard.

    These things could be negated by RFID chips with rolling codes or read/write ability but these are not commonly available in the glass capsule RFID chips. I'd give good odds that this company is not pushing the boudaries either and has the standard one-id versions.

    Bear in mind that RFID devices are operating on the limits of what power can be obtained from a fairly weak power source in the first place. Any extra complexity has a real impact on the operational range.

    Rich
  • Re:Biceps? (Score:3, Insightful)

    by MsGeek (162936) on Sunday February 12, 2006 @05:25PM (#14701392) Homepage Journal
    13:16 And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:

    13:17 And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.


    The bicep is close enough to this to give me pause. I would *never* consent to anything like that. I am not necessarily a believer, but I'm not going to take any chances.

    Besides, I don't believe in recreational surgery.
  • by jc42 (318812) on Sunday February 12, 2006 @06:39PM (#14701667) Homepage Journal
    WTF? Who moderated this "troll"?

    I almost didn't read it when I noticed the -1.

    Maybe the meta-mods will catch it, or maybe not.

    Actually, using a second breast as a control for the other may not be all that great an idea. Usually they are slightly different in size and shape, as are most men's testes. And both breasts get exposed to anything in the blood stream.

    What you obviously want is a second woman who is a match for the first in as many ways as possible. Then you compare all four breasts.

    Lessee what sort of mod this gets ...

  • Re:Big Brother (Score:3, Insightful)

    by meringuoid (568297) on Monday February 13, 2006 @10:40AM (#14705634)
    It's a video surveillance company. You work in the data center, you become Big Brother.

    Remember what our hero did for a living in Nineteen Eighty-Four? He worked at the Ministry of Truth, editing old news articles and throwing inconvenient facts about the past down the memory hole.

Suggest you just sit there and wait till life gets easier.

Working...