Too slow! FBI Shuts Down Hosting Service

Chope writes "If FBI agents showed up at your data center bearing a warrant, would you be able to provide them prompt access to customer data? BZZZZT! I'm sorry, but you've taken too long to answer. We'll be confiscating all the hardware you use, er, used to use, to run your business. But we'll get it back to you 'real soon now.' Thank you for playing. CarrierHotels.com is carrying the story of a FBI raid on a web hosting company. When the hosting company didn't and/or couldn't provide the information the FBI was looking from its several terabytes of data within "several hours", the FBI decided it was more "efficient" to seize all the web servers and customer data as part of the FBI's investigation of a hacking incident."

Poor hosting company

The poor hosting company probably has ToS to live up to. This will ruin them.

If nothing is found, will they have any recourse against the FBI or are they screwed?

Re:Poor hosting company

[LostCluster]

The poor hosting company probably has ToS to live up to. This will ruin them.

Law always beats a ToS. If the FBI comes with a warrant for a piece of customer data, you've got to turn it over even if your ToS/Privacy Policy says you won't. To avoid getting caught in this jam, include a statement saying you'll turn over anything to any authority who presents a proper warrant.

If their business was based on not turning anything over to the spooks, well, so much for that idea.

How about the sustained financial damage?

[devilkin]

And what if you run your website on those servers for commercial use? Will the FBI refund the finanial damage you suffered (e.g. when you run a webshop or smthing)?

more important (?) how much customer data stored?

[buzban]

IDNRADC (I do not run a data center), but don't let that stop me from making a completely unqualified comment ;) ....

Perhaps just as important, or more important, are you storing customer data that could/should be regularly deleted? Not that burning everything when the FBI shows up is the best option, but having a sensible scheme for what needs to be stored, and what would be better deleted and overwritten, seems to me to be important...

The FBI is already returning some equipment...

[shyster]

Looks like the seizure occurred on 02/14, and that as of 2/23 some servers have already been shipped back and put back on-line. As of now, their IRC network is still down...though it's unclear whether that's due to an FBI decision, the FBI still having their servers, or a CITHosting decision.

The only thing I find a bit odd about this whole thing is that it looks like they too the opportunity to relocate their data center to Chicago (it was previously in Cleveland). According to their news,

The FBI has begun retuning equipment to CIT which is being shipped to our new facilities in Chicago.

Wouldn't that unnecessarily delay the process of restoring service to their customers? Was the move already planned, or did they suddenly decide that they needed a different data center? Is it possible they're blowing the seize out of proportion in order to cover outages due to their move? Or did the seizure even actually happen?

Seems to blow a hole in the theory..

[Linker3000]

...that 'the powers that be' are monitoring everything 'on the fly', if they need to get their hands on the physical data repository to check it out.

They had good reasons to shut them down, indeed :

[skaya]

I can't get access to the article, but I guess that the story is about the shutdown of FooNet. FooNet isn't a "real" hosting solution ; it's a cheap shell provider for script kiddies who want to have their own ircd. They might also provide "serious" hosting services ; but as soon as one provides shell services for such a targetted audience, she knows that she will have to handle some specific problems - DDOS, flood, etc.

And according to what I know about the FooNet shutdown (if that's the same story), there was thousands of DDOS "drones" located at the datacenter, and the staff of the datacenter failed to shut them down. That sounds very dubious to me, but you might want to check this for another side of the story ...

Quoting :

"Perhaps the blackest of the black hat networks is finally gone, raided by the FBI. Foonet was home of spammers, packet kiddies, script kiddies, carders, and other illegal activities, as documented in the links below."

PS: if the shutdown mentionned isn't the FooNet one, ignore this post :-)

Re:They had good reasons to shut them down, indeed

[CommanderTaco]

No, it turns out you are right, cit & foonet are one and the same. http://www.easynetworknyc.com/foonet/

Re:More to the story

[Alranor]

"The phrase

"I disapprove of what you say, but I will defend to the death your right to say it"

is widely attributed to Voltaire, but cannot be found in his writings. With good reason. The phrase was invented by a later author as an epitome of his attitude. It appeared in The Friends of Voltaire (1906), written by Evelyn Beatrice Hall under the pseudonym S[tephen] G. Tallentyre."

(from here )

Re:USA politics = one party system?

[TheXRayStyle]

One thing you may want to look into is supporing Instant Runoff Voting. You can get some information about it here. It has been shown to be successful in places such as Papua New Guinea with an error less than that of US Presidential elections (yeah, what a high standard of comparison...). It allows people to vote their mind without worrying about a slightly lesser evil not getting their vote and losing to a greater one.

Basically, it works like this: You rank the candidates in order and your first choice gets your first vote. All the votes are counted and the candidate with the least votes is eliminated. If the candidate eliminated is your first choice, then your vote goes to the second candidate on your list. This process continues until only one candidate is left, and they are then elected. (See the link above for a better explanation...)

If this sounds like something you'd like instituted, contact your senators and representatives!

Furthermore, support candidates such as Presidential Candidate Dennis Kucinich who have declared their support for IRV. As he says in his platform:

I also support "Instant Runoff Voting." IRV offers a cost-effective way of insuring that the winning candidate is preferred by a majority of voters; it encourages voters to vote their wishes and not their fears; it promotes greater voter turnout and positive campaigning.

I seriously believe that implimenting a system such as this is the best way to get out of the Kang "Go ahead, throw your vote away." mentality about 3rd party candidates that America seems to have. Hell, even I feel that way in this next election.

Peace.

Re:USA politics = one party system?

[spitzak]

I have heard that instant runoff is mathmatically broken and somewhat of a scam. Supposedly it will allow votes for (as an example) Greens, until the point where Greens become powerful enough to actually make a difference. At that point a vote for a Green will suddenly be bad, just like it is under the current system. The main reason is (assumming you like Dems more than Republicans) is that at that point your Green vote will make your Dem vote as #2 really mean #2 and Dems will lose to Republicans who voted them #1.

There is good analysis at http:://www.votingmethods.org. This site is obviously Libertarian, but their analysis seems accurate and their arguments about how to make Libertarians get votes without Republicans losing apply just as well to how to make Greens get votes without Democrats losing.

Use RAID to protect against RAIDs

[ziegast]

I see all alot of, "their rights have been violated", and "this is why I don't host in the US", and "here's what I think they're investigating", but I don't see anything constructive about how to protect your service uptime against a raid.

At a local security meeting, I learned about security incident handling, and things you can do to help preserve the chain of custody of the evidence (aka data). It's one thing to copy data, but just by reading data on most filesystems, you alter it. If a hacker determines that you are investigating them, that can and will try as fast as they can to cover their tracks, and it's alot quicker to delete/destroy/taint data than copy data.

The fastest and best to preserve a single machine's data is to break a RAID 1 array (pull out live disks). Your machines keep running, and the FBI gets a pristine copy of the disks that they can put into (hopefully antistatic) evidence bags and document chain of custody without modification of the data. They can go read it at their leisure off-site. Using RAID5 doesn't cut it. Using single disks with frequent backups doesn't cut it. Use RAID1.

Another way to protect data and preserve service is to store all non-OS data on enterprise storage that supports advanced mirroring or snapshot capabilities. If I had a NetApp, I could create a read-only snapshot and give the FBI access to that point in time copy of data and never delete it until I can do a DR copy of my filer onto another box. If I have an EMC or Hitachi or other large RAID1-capable unit, I can beak off a very large mirror and present it to FBI hosts on a SAN and continue to run off of unprotected data or implement a disaster recovery plan to get me running again on another similar storage. This data isn't as clean as a "drive in a bag", but with proper notes and techniques, the FBI can be convincing enough to a jury that the data was used in the investigation was correctly read unmodified "beyond a reasonable doubt".

If I'm really good, and have a bigger budget, I'll have a near-real-time mirror of that data (NetApp SnapMirror, EMC SRDF, "rsync", etc.) in a remote location that runs independently of my primary site and a plan that will help keep me running while I let the FBI tears apart my primary data center.

If you run a 100% uptime service ("Show me the nines!"), it's your responsiblity to to have an effective disaster recover plan. An FBI or Secret Service raid is an equivalent of a jumbo jet crashing into your data center. You as an individual, have a RIGHT to privacy and due process, but your company has created obligations to your customers to which you've guaranteed service, and your customers care more about the latter than the former. It's more responsible to have a DR plan and sue the FBI to replace your hardware than not have a plan and sue for lost business.

-ez

If the checksum doesn't fit, you can't commit!

Re:All Your Rights Are Belong To Ashcroft

[ikeleib]

Believe me, the last thing some poor special agent wants to do is sift through TBs of customer crap and put a company out of business or under financial hardship.

It's far more serious than simply putting a financial hardship on the data center and their customers. It is entirely possible that the FBI has gone beyond the authority granted to them in the warrant. Their warrant only allows them to search and sieze specific items related to a crime.

It is highly likely that by siezing all machines and data of a commercial data center, that they have deprived several customer of their due process of law (5th) and freedom from search and siezure (4th).

This was foonet,, hardly a reputable company

The company in question, known as "Foonet" or "Creative Internet Technologies" is well known to anyone who frequents efnet as a safe haven for anyone involved in illegal activities, including DDoS, childporn, compromising hosts, spamming, carding etc, the staff of foonet are well known for overlooking illegal activity by their customers..
Most likely the fbi turned up to confiscate one or two customers boxes and saw how stuffed with illegal data their network is, virtually everyone on efnet who is involved with illegal activity used to base their operation from foonet, the servers there will be a total goldmine of evidence for the fbi..
Infact, the staff themselves at foonet are well known for breaking the law, in particular "Paul" who owns the company gives shell accounts or free hosting to people who will ddos for him, and often the staff at foonet have used their customers credit cards for fraudulent transactions.

Exactly

[macdaddy]

Second part untrue. What makes you think the Agents gives a flying fsck through a rolling doughnut about collateral damage to some business he's never heard of and isn't paid to protect?

Right on target. In my experience the FBI couldn't give a rats ass about causing the least amount of colateral damage or returning your siezed property. In 2001 (I believe that's right) the FBI siezed a Sun 20 from a lab at a University I worked for. The lab was less than maintained. It was full of SGIs that were vulnerable to every possible exploit for the last 5 or 6 years. It was a joke really. The Sun was also unmaintained. I pointed out to my super 10 months before the siezure that the Sun was an open relay and had services running that shouldn't be (I still have that email!). Nevertheless it wasn't touched for 10 months. Right about the time I volunteered to help the lab maintainer get everything up to date and secure again the FBI came in and siezed the Sun. It apparently was used for something bad. I haven't been with that University for a while now but last I knew it still hadn't been returned. The FBI couldn't give a rat's ass about causing the least amount of colateral damage. Their actions speak for themselves. What if the machine used for the attack (or probe for that matter) was the Unv's mail server? It was poorly maintained too and had been hacked before. What if an attacker used it as a launching pad for an attack. Would the FBI sieze that piece of state property, effecting bringing email on campus to a complete halt? It's sad really to think about it.