Life in the anti-virus bunker

4 May 2006

Barry Collins visits the secret security centres devoted to thwarting virus writers, hackers and spammers

I'm in deepest Hampshire, being driven by a man with 25 years' experience in Royal Navy submarines to a nuclear bunker hidden under the hills of Winchester. Security cameras track our every move as we step from the car and approach the bunker, our entrance blocked by a foot-thick metal door. My guide swipes his security pass and taps his pin number into the keypad, and as we step inside there's yet another heavy-duty door to negotiate, just in case an intruder somehow managed to bluff or blow their way past the first.

Days earlier, about 50 miles north of Winchester, I'm shown into what looks like an ostentatious three-story modern office, but is actually a facility so secure the entire glass facade is bullet-proof. To prevent anyone from ram-raiding their way into the building, a purpose-built moat extends two-thirds of the way round the complex, stopping only where brickwork replaces the windows.

It may sound like I'm on a tour of MI5's UK headquarters, but I doubt its facilities are this secure. In fact, I'm being given a rare glimpse inside the nerve centres of two leading Internet security firms: Symantec and Sophos. While they may not be dealing with terrorists, the likes of Symantec and Sophos are attempting to secure priceless corporate data for some of the world's leading companies. The days of teenage hackers working alone from a computer in their bedroom are fading; today's hackers are organised criminals whose sole aim is to extort as much money as possible, using increasingly sadistic tactics to achieve their aims. Little wonder, then, that the anti-virus firms are taking every available precaution.

Symantec moved into the Winchester bunker nearly four years ago. It started life as a government-funded shelter for the local water board's executives, so that in the event of nuclear attack they could survive 60 days before getting essential services up and running again, once the dust had settled. Of course, being a government project, by the time the expensive bunker was built the Cold War threat had evaporated and the site was sold off, eventually passing into Symantec's hands in 2002.

Despite undergoing major renovation, the site manager Gordon May (the man who spent a quarter of a century in submarines) claims the bunker could still withstand a nuclear attack today. Behind another of the pressurised bunker's enormous doors, Gordon shows me an electricity generator and several tanks of fuel - enough to power the entire plant for days in the event of attack or, more likely in Winchester, power failure.

So why does an Internet security firm need such stringent security measures? The bunker stores 47TB worth of Symantec's clients' data, with billions of lines of new logs added every day, each being scanned by computers and analysts for the first signs of intrusion or virus outbreak. 'If you stole that database you could sell it to the highest bidder, and the highest bidder tends to be a criminal,' says Graeme Pinkney, threat and vulnerability analysis manager at Symantec, who himself served in Northern Ireland with the army.

Not surprisingly, the bunker has a real military feel. Only a handful of analysts and engineers are allowed into the data chamber. An infrared beam sounds the alarm if visitors like me, or even the company's own PR executive, strays into the restricted zone. Visitors have to be cleared by Gordon 24 hours in advance. Not that you're likely to stumble on this place by accident; other than a few vehicles in the car park, you wouldn't even know the place is there. There are no signposts directing you down the muddy track that leads to the plant. Visitors who drive are told to look for the big tree at the end of the lane. It's in the middle of the countryside. There are big trees everywhere.

Read more

Analysis

Pages