Forgot your password?
typodupeerror

RFID Injection Required for Datacenter Access 551

Posted by Zonk
from the one-way-to-make-sure-we're-working dept.
user24 writes "Security focus reports that RFID injections are now required for access to the datacenter of a Cincinnati company. From the article 'In the past, employees accessed the room with an RFID tag which hung from their keychains, however under the new regulations an implantable, glass encapsulated RFID tag from VeriChip must be injected into the bicep to gain access ... although the company does not require the microchips be implanted to maintain employment.'"
This discussion has been archived. No new comments can be posted.

RFID Injection Required for Datacenter Access

Comments Filter:
  • Comrades... (Score:5, Insightful)

    by Bananatree3 (872975) * on Saturday February 11, 2006 @11:32PM (#14697782)

    ...and the Comrades marched rank and file into their working facility, while the Big Brother telescreen carefully scanned each implanted chip...

    • Big Brother (Score:4, Insightful)

      by westlake (615356) on Sunday February 12, 2006 @12:59AM (#14698206)
      ...and the Comrades marched rank and file into their working facility, while the Big Brother telescreen carefully scanned each implanted chip...

      It's a video surveillance company. You work in the data center, you become Big Brother.

      • Re:Big Brother (Score:3, Insightful)

        by meringuoid (568297)
        It's a video surveillance company. You work in the data center, you become Big Brother.

        Remember what our hero did for a living in Nineteen Eighty-Four? He worked at the Ministry of Truth, editing old news articles and throwing inconvenient facts about the past down the memory hole.

    • Biceps? (Score:3, Funny)

      Obviously don't want geeks. No self respecting geek would have biceps!
    • Re:Comrades... (Score:3, Informative)

      Shenanigans.

      I saw a representative from this company on Fox News yesterday (he was the IT manager) and he explicitly stated that participation was voluntary. Two employees had the implant, one of those was the CEO. The fellow being interviewed carried his RFID on his keychain.
  • A milestone (Score:5, Interesting)

    by suso (153703) * on Saturday February 11, 2006 @11:32PM (#14697783) Homepage Journal
    Is this the first time civilians have been required to do thing type of thing? I guess its no longer science fiction.
    • Re:A milestone (Score:4, Insightful)

      by servognome (738846) on Saturday February 11, 2006 @11:43PM (#14697852)
      Is this the first time civilians have been required to do thing type of thing?

      Lots of stuff has been done to monitor civilian employees: Drug testing, email snooping, time card punching, video monitoring, background/credit checks, etc.
    • Re:A milestone (Score:5, Insightful)

      by Jafafa Hots (580169) on Saturday February 11, 2006 @11:50PM (#14697892) Homepage Journal
      Well, there were those number tattoos in the Nazi slave labor camps...
    • by jc42 (318812) on Sunday February 12, 2006 @09:16AM (#14699422) Homepage Journal
      Is this the first time civilians have been required to do thing type of thing?

      This may not be exactly the same thing, but it's somewhat of a precedent: A few years ago, after a mammogram, my wife had a biopsy to check out something "suspicious". It turned out to be nothing important, though.

      Some time later, she had another x-ray at a different place, and she saw that the image had a visible object at the site of the biopsy. She was told that it was a small piece of plastic left behind during the biopsy procedure, and that this was a fairly common thing. Sort of a "We were here" tag.

      Whether it's an RFID chip we don't know. But at least some medical people are already implanting small "innocuous" things without mentioning it to the patient. And there have been stories of medical uses of RFID chips to help avoid the common problem of misidentifying a patient.

      It's easy to put such things together. If you've had any "penetrative" medical work done in the past few years, there's a good chance that you're carrying an RFID chip now.

  • by mfh (56) on Saturday February 11, 2006 @11:33PM (#14697795) Journal
    Rumour has it that a certain data center will be sued shortly for creating a hostile work environment. There's a few ways to slice this one:
    • employees will strongly dislike geeks from Slashdot following them around with RFID readers
    • employees will strongly dislike nosy reporters trying to get stupid interviews about what it felt like to have an RFID tag implanted (ie: "So what did it feel like when the cold steel of that needle intersected your unwilling arm, ma'am?"
    • employees will detest their weekly security update shots, along with subsequent track marks


    And then there is the whole magic marker circumvention method that is soon to be discovered (possibly within this thread).

    Oh wait...

    FTA: Ironically, the extra security sought may be offset by a recent discovery of Jonathan Westhues, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication.

    Yeah... I can't wait for the Diebold spin on this story.
    • Typo (Score:5, Funny)

      by BiggerIsBetter (682164) on Sunday February 12, 2006 @12:04AM (#14697968)
      That was supposed to read, FTA: Ironically, the extra security sought may be offset by a recent discovery of Captain Obvious, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication.

      Seriously, which genius thought putting a remotely readable barcode in an employees arm was ever going to be secure? Must the IT world really repeat the mistakes of the 80's garage door opener industry??

    • by Linker3000 (626634) on Sunday February 12, 2006 @06:37AM (#14699115) Journal
      • Employees were fed up of being charged for an extra 'phantom' tube of tomato puree every time they went grocery shopping
  • Back in the good old days, we used to just use duct tape and superglue to keep people from messing with our machines! (And I guess OpenBSD [openbsd.org] doesn't hurt either... ;-)
  • by captnitro (160231) on Saturday February 11, 2006 @11:34PM (#14697798)
    Aw, hell no.
  • by Statecraftsman (718862) on Saturday February 11, 2006 @11:34PM (#14697801) Homepage
    the part about the VeriChip being sucsceptible to scanning and cloning.

    At least, it doesn't need to be cut out to be used by a sufficiently motivated attacker.

    • Well, the same could be said about most ID badges that have some form of electronic identifier in them. Motorola makes the kit we use at the office. Pretty standard tech, and both systems can be defeated with directional antennas and patience. The only thing the implantation buys you is a slightly greater chance of getting hacked, as the employee will always have the badge on them, leaving them open to scanning just about any time.
      • by Martin Blank (154261) on Saturday February 11, 2006 @11:49PM (#14697886) Journal
        This is why I keep pressing my employer to not adopt RFID badges, and keep either the magnetic swipes or move to 2D barcodes. I have an inherent distrust of anything wireless, which is why I still have cables running from my mouse and keyboard, refuse to use Bluetooth, and use wireless only when I have to and even then almost exclusively in Linux (though with WPA/WPA2 and a nice, long, random shared key, it's not so bad). My current record in a lab for cracking 128-bit WEP is about 14 minutes, start to finish.

        Paranoid? Yeah, a bit. But then I've never had to worry much about someone intercepting my phone calls or passwords over the air.

        On the main topic, if no one is going to be fired for refusing, but part of their job is working on equipment in the datacenter, what happens?
        • by broller (74249) on Sunday February 12, 2006 @12:05AM (#14697978)
          So are you entering passwords or making phone calls with your mouse? I wasn't clear on that point.
        • Paranoid? (Score:5, Funny)

          by runlvl0 (198575) on Sunday February 12, 2006 @02:22AM (#14698503) Homepage Journal
          I have an inherent distrust of anything wireless, which is why I still have cables running from my mouse and keyboard, refuse to use Bluetooth, and use wireless only when I have to and even then almost exclusively in Linux (though with WPA/WPA2 and a nice, long, random shared key, it's not so bad). My current record in a lab for cracking 128-bit WEP is about 14 minutes, start to finish. Paranoid?


          Paranoid? Not until you do all of your computing inside a Faraday cage. Until then, you're just a TEMPEST in a teapot.
  • Ironically, the extra security sought may be offset by a recent discovery of Jonathan Westhues, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication. When contacted, those at CityWatcher were unaware of the chip's security issue, according to the spychips.com release.

    hahaha! Now implanting RFID tags is somewhat scary. How do you get it out without taking out a chunk of your biceps?
    • And will the company cover the costs of extraction if you're separated from them in any way (fired, RIF, you quit, etc.) I can just imagine some poor dead schmuck's widow getting a bill for a $300 implantable RFID...
    • by Anonymous Coward
      I'm approaching two dozen RFID chips in my biceps, and let me tell you -- the chicks dig it!
    • Perhaps it is possible to destroy the chip whilst it is in your arm, using something like a blast of suitable frequency microwaves.

      In any case, this sounds like fake-security. What reason would having an RFID tag attached to a person would make this more secure than just carrying a card. It's probably more an attempt to watch where employees go or something.
  • by still_sick (585332) on Saturday February 11, 2006 @11:35PM (#14697806)
    Mmmm-hmmm...

    They won't require you to implant the chip to keep your job. But how long can you keep your job if you can't access the datacenter?
  • uh, no. (Score:2, Interesting)

    by netwiz (33291)
    Isn't this illegal? I was under the impression that forced surgery as a requirement for employment was against OSHA. Maybe I'm wrong. Altho, if you're in a right-to-work state, I can't see why they can't force this on workers. If you agree to it in a contract, well, you had your opportunity to decide against it.

    At the same time, where does this take us? More importantly, what new kinds of abuse will this bring about? I'm a bit spooked.
    • Resistence is futile, prepare to be assimilated...

      What is next? Embedded computers that control and monitor where we go and what we do?
      This may sound like paranoia but the problem with these type of changes is that they are so gradual that we don't realize what we have lost till its too late.

  • by HeavensBlade23 (946140) on Saturday February 11, 2006 @11:37PM (#14697817)
    Isn't this what the Christians have been saying was going to happen for the past 20 years now? Of course, it's not the governing that's forcing the chips on people, but it's only a matter of time.
    • Well, sorta; one idea is that the mark of the beast could be an implantable device. But to qualify as the mark of the beast it would need to be in the right hand or forehead, you'd have to have one to be able to buy or sell anything, and you'd have to sell your soul to the devil when you accepted it.
    • by CAIMLAS (41445)
      What makes you think there has to be some sort of distinction between a company or coroporation, and a modern government?

      What's the difference, really? A government is a corporation of a sort: there to make money and power while giving the perception (as much as possible) of viable services. If the shit hits the fan on a global or national scale, there will be many corporations with resources which the government doesn't have. Really, the main distinction is that the government has guns - and there are many
  • by 1310nm (687270) on Saturday February 11, 2006 @11:38PM (#14697821)
    It might actually double the victim's bicep circumference.
  • This is just one private company making an internal policy change. If it was a government doing it there would be cause to worry.
    • If it was a government doing it there would be cause to
      worry.
      Are you kidding? Some federal chucklehead is going to read this and think "cool beans, I bet we can get a shitload of funding to implement this."

      I mean seriously... If you work for the CIA, you're not allowed to tell anyone where you really work. You think they wouldn't implement something like this and then tell everyone to STFU about it?
  • ... but, no.

    Unless and until the pointy hair managers can guarantee that the RFID tag that they force me to implant in my body will never be used for purposes other than those which I agree to, I will refuse to succumb to their idioitic desires for control of my body.

    Before you ask, any company those does this to its employees, is a company I would never even consider working for.

  • by scotty1024 (584849) on Saturday February 11, 2006 @11:40PM (#14697835)
    But now they want to chip us like dogs too?

    What's next, kibble in the break room vending machines?
  • Why? (Score:5, Insightful)

    by cgenman (325138) on Saturday February 11, 2006 @11:40PM (#14697837) Homepage
    I'm not understanding the point here. If you inject the RFID chip, you can theoretically track your users wherever they go. But you can't ensure that access isn't being granted to someone who has an RFID chip in their wallet. You are making it slightly harder to steal the data, but you're not making it any harder to clone the chip.

    What's the security benefit to injected RFID?

    BTW, this [spychips.com] is the original article.

    • Re:Why? (Score:5, Insightful)

      by netwiz (33291) on Saturday February 11, 2006 @11:55PM (#14697920) Homepage
      You're not even really improving the security at all. Most of these types of devices get a short burst of RF at the reader which serves two purposes, one to provide raw power for the device (a la crystal radios), and one to signal the device to request it's ID. The device gets just enough power from the input signal to do a lookup and squirt back it's code just before it dies. The trick is, so long as you're willing to wait for someone to use the door, a directional antenna will pick up the conversation nicely. Once you've got a sample of the door's signal (they broadcast continuously), you can use the same directional to trigger the victim's ID unit remotely. Since normal badged users won't have the badge on them at all times, you couldn't get the code by following them in public. The RFID guy on the other hand, well, he's a different story. you could snag codes from him all day by just hanging nearby as he goes in/out of stores, Wal-Mart, etc.

      So in the end, the RFID makes things worse by imcreasing the level of access to the device itself.
    • Re:Why? (Score:3, Insightful)

      by killjoe (766577)
      "What's the security benefit to injected RFID?"

      It probably gets the CIO a bonus. That's the way these things work in corporations. It has nothing to do with whether it's effective or not. It benefits the ruling class and you have no need to know why or how. Do it or hit the road.
    • Re:Why? (Score:5, Informative)

      by Beryllium Sphere(tm) (193358) on Sunday February 12, 2006 @02:23AM (#14698508) Homepage Journal
      >What's the security benefit to injected RFID?

      If your threat model is someone walking into the data center with a lost/stolen/borrowed badge then requiring them to be injected does address the threat. But then so would issuing tokens in the form factor of a ring, except for the "borrowed" token problem.

      So, if you don't know that RFID chips can be cloned, if you don't know that they transmit the same number every time they're pinged, if you don't know that they can be read remotely and cloned at leisure, and if you have contempt for your employees and are oblivious to human rights, you might come up with a requirement for injected RFID.

      I sincerely hope that whoever came up with this isn't one of my colleagues in security consulting.
  • by Shky (703024) <shkyoleary.gmail@com> on Saturday February 11, 2006 @11:41PM (#14697838) Homepage Journal
    Could someone object on the basis of religious discrimination if they believe that RFID implants constitute the "Mark of the Beast"?
    • by Bodysurf (645983) on Saturday February 11, 2006 @11:48PM (#14697878)
      "Could someone object on the basis of religious discrimination if they believe that RFID implants constitute the "Mark of the Beast"?"

      I would imagine it would be just like the article stated: They can't/won't force you, but if you refuse, you don't get acccess to the datacenter. Just like the Mark of the Beast "... no one may buy or sell except one who has the mark or name of the beast, or the number of his name."

      • by WasteOfAmmo (526018) on Sunday February 12, 2006 @12:02AM (#14697953) Journal
        Not that I'm typically very religious or anything but:

        It seems to me that it would be a little hard to claim that this, or a good many of the other things that people have pointed too, constitutes the mark of the beast.

        1. It is in the bicep region, not the forehead or right hand;
        2. It is not a name nor the number 666
        From the book of revelations:

        13:16 He causes all, the small and the great, the rich and the poor, and the free and the slave, to be given marks on their right hands, or on their foreheads;

        13:17 and that no one would be able to buy or to sell, unless he has that mark, the name of the beast or the number of his name.

        I'm not sure what edition the above is from but it is plain English and close enough for this discussion.

        13:18 Here is wisdom. He who has understanding, let him calculate the number of the beast, for it is the number of a man. His number is six hundred sixty-six.

        On a side note: always wondered about making a program to compute all the possible combinations of the Jewish alphabet that adds up to 666 (filtering out all the nonsense ones of course). Someone must have done this somewhere already.

        Merlin.

        • OT but,

          Since the book of Revelation is in the New Testament not the Old Testament, it doesn't make sense to think 666 is as a hebrew number. Instead, you should picture it as a roman numeral, in which case it is the roman equivalent if 54321 (500+100+50+10+5+1) or DCLXVI.
    • Who needs a religious grounds? I object on the basis of you being fscking insane to wanna stick me with a computer chip. You nutcase... can I keep working here without being poked? No, alright fsck you i'm outta here
    • I'm a Christian so here's my input.

      This isn't the same as the mark of the beast, however it DOES prove that indeed there is no new idea under the sun :)

      Anyway, I don't think the mark of the beast is something physical (i mean how could they control your thoughts right)... Instead I believe it means that it is in their minds (what they think) and in their hands (what they do, their actions)...

      So the world will think and do a certain way, after the beast... my input lol

      Still, this is an interesting thing for
  • Escalation (Score:5, Funny)

    by Spazmania (174582) on Saturday February 11, 2006 @11:42PM (#14697843) Homepage
    So much for Evil Guy yanking out an eye or cutting off a hand so that he can fake access. Now he has to take the whole arm...

    Seriously, if he wants in that bad I'd rather he just beat me up and take my keys.
    • Re:Escalation (Score:5, Insightful)

      by tftp (111690) on Sunday February 12, 2006 @12:12AM (#14698016) Homepage
      Don't worry, nobody is going to take your arm (it's too large to carry.) The chip is not that deep, so a small incision with a sharp boxcutter will allow the attacker to pull the capsule out. He only may need to explore a bit (with that knife) around the needle scar :-( Chances are very good that you will survive, especially if the attacker knows how to avoid major blood vessels, and if the knife is clean, and if you don't need that arm that much. Just choose your attackers carefully and check their medical diplomas before they do it to you.
    • by taniwha (70410) on Sunday February 12, 2006 @01:00AM (#14698215) Homepage Journal
      evil guys just have to get more inventive

      Many years ago I found myself in a turf war with the 'operators' who looked after our mainframe .... in their view system programmers weren't allowed to touch the hardware ... anyway as a response we instituted a physical penetration analysis of the machine room .... the number of different ways in we found was in the mid teens - some involved children (or small adults) climbing thru ducts or thru the windows we gave people their printouts through, others involved finding ways in under the false floor (there were several) - but the one that took the cake was when we noticed that all the hinges on each and every door to the room was on the outside ... anyone could show up at any time and steal the doors

  • by Statecraftsman (718862) on Saturday February 11, 2006 @11:43PM (#14697850) Homepage
    So when you decide to leave your emplyoyer do they take it out free of charge? I hope so.

    If not, you're likely to be tracked not just by your employer but by anyone else with an RFID scanner. There really ought to be an activator button or device that needs to be pressed or broadcasting to make such a device safe for the implanted.

  • by zappepcs (820751) on Saturday February 11, 2006 @11:45PM (#14697863) Journal
    This will only last about as long as the Sony rootkit-like DRM lasted. It now has public attention, and when it is pointed out that the scheme has enough security holes in it to act as a noodle strainer, the number of people who will actually allow the implant will be zero, meaning there will be no one to do any maintenance in the datacenter, and thus the rules will have to be changed.

    For less than they paid for the RFID system, they could have hired someone to log people in and out of the data center. Additionally, I question the validity of a system that restricts access to only those with an implant during disaster situations (fire, flood, and worse) where access rights and needs are rather different than in normal situations.

    Good security costs a lot of money, and you cannot replace the human element in the security chain. The RFID schemes won't prevent anyone following an authorized person into the data center, unless there is physical restrictions that would make working in the data center dangerous during emergencies. In this case, the $10/hour guard is more flexible and cheaper than the high-tech answer, and more respectful of humans in general... or at least I think so
    • It now has public attention

      I don't think we can call this public attention. Seriously, if our attention actually mattered in changing any policy, don't you think Microsoft would have been extinct by now and that DRM and other things like [insert what Slashdot users think is evil here] would be under public scrutiny? The cliched Joe Sixpack will probably never hear of this; heck, I don't think Joe Sixpack knows what RFID is.
    • unless there is physical restrictions that would make working in the data center dangerous during emergencies.

      Many datacenters have mantraps installed that permit only one person in at a time to prevent drafting. For emergencies there are doors that will open allowing rapid egress of the facility bypassing the man traps normally used to leave and enter the facility.

      The security team that thought implanting an rfid tag into the employees provided an increased level of security should be fired. About t
  • by cyberjessy (444290) on Saturday February 11, 2006 @11:45PM (#14697866) Homepage
    To me this sounds more like a marketing ploy. So that they could go to potential clients and say, "Look we are so secure and futuristic that we need embedded chips in humans to access our critical datacenter!". Client is left stunned.

    IANA American, but I hope that the goverment would do something if this was forced on the employees working in the datacenter. After all, what can this achieve which cannot be done with a retinal scan, RFID tag combo? If the criminal can pass the retinal scan, can't he also pluck the RFID from the employee and stick into his arm?

    Huh..... I would hate it if someone said they are gonna put a chip inside my body. Wait till someone gets hurt and the company gets sued for a million dollars.
  • Heh. (Score:5, Funny)

    by soupdevil (587476) on Saturday February 11, 2006 @11:46PM (#14697871)
    The joke's on them. Geeks don't HAVE biceps.
  • Step 1: Do something that most people find offensive.
    Step 2: Require Step 1.
  • by gad_zuki! (70830) on Sunday February 12, 2006 @12:09AM (#14698001)
    We all know that this won't increase security, but now this surveillance company can use this in all their advertising and PR. "Sure, you can go with the other company but they arent half as serious as we are. We put bloody implants into our employess! That's serious!"

    Its harmless except for Joe and Jane Datacenter who have to go in for some minor surgery on the weekend to keep their jobs. I hope this "Golden Casino" mentality stops right here after these people get exposed for the dumbasses that they are. Hell, even in the article they did not know the weaknesses of RFID authentication.

    I woulndt doubt if this was 100% publicity stunt. I wonder how many people even have to access the datacenter. Depending on the company size it could just be one or two people. Of course all the executives, security, etc will have the old keycards that will work just fine.
  • by Rakishi (759894) on Sunday February 12, 2006 @12:49AM (#14698171)
    Ironically, the extra security sought may be offset by a recent discovery of Jonathan Westhues, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication. When contacted, those at CityWatcher were unaware of the chip's security issue, according to the spychips.com release.

    So before I needed to get close to an object (whatever had the rfid tag) which under normal circumstances an employee would not be carried around (say they were going home or something) or could have it in a reader blocking case. Now, I simply need to get close to an employ anywhere at any time to copy their data.

    Fucking brilliant, now I can steal their tag without anyone ever knowing, whereas before they'd know it was gone in a reasonable amount of time (I'd have to steal the physical object most likely).
  • by Belseth (835595) on Sunday February 12, 2006 @01:05AM (#14698237)
    It's the gradual change that scares me. First it starts with things that people can justify easily until it seems like a normal part of life then how can you object to something so harmless. Besides it's for our own good. How long will it be before you need an implanted chip to use a fire arm? They are already pushing for chip activated pistols that would need a ring or wristband to be used. Next step would be implants. Who could object? How long before drivers licenses require inplant chips? No time soon but eventually. Indentity thieft may make people even demand it. Remember driving isn't a right. You want to do it you abide by the rules. How about credit cards? Banks loosing money to thieft may start pushing for chips to combat thieves. You want a credit card you get a chip. May be not for fifty years but I think such things are the future. DNA identity systems may make the credit card version unnessaccary but then we are constantly having our DNA checked. A job can require DNA scanners for identification but what is to stop the same machines from checking for genetic desease? Suddenly to keep health costs down companies start laying off high risk employees. All such systems are dangerous and will be abused. The real reason is never for your benefit and in the end will take away our rights.
    • Taking the "frog in water" tack a step further, let's assume that the RFID chip is currently the same size as the one I just put in my dog. (About the size of a grain of rice, they tell me.) This is probably far too large/intrusive to put in the hand(for Revelations to come to fruition). With the advent on nanotechnology, there is no doubt that these can be made not only smaller in the future, but they also can be made of a 'non-rejectable' material so that the body wouldn't force it out thru the skin. N
    • BTW, this gradual change did start with the need to prove someone's identity - with the advent of transportation people venturing outside their village needed to be identified by people other than their family and neighbors. This is the reason for paper documents which now more and more take the shape of a plastic card.

      It seems that a reliable method of establishing someone's identity is indeed necessary for a modern society to function. The problem is how to achieve this goal while limiting the probabilit

  • by GoMMiX (748510) on Sunday February 12, 2006 @01:30AM (#14698325)
    Now people are required to inject glass capsules into their arms to enter a facility?

    Now we know asbestos kills.

    What will be said of placing RFID tags into our bodies 50 years from now.

    Some risks are worth taking, there is no question. For me, this is not one of them.

Biology is the only science in which multiplication means the same thing as division.

Working...