Slashdot Mirror
Too slow! FBI Shuts Down Hosting Service
Chope writes "If FBI agents showed up at your data center bearing a warrant, would you be able to provide them prompt access to customer data?
BZZZZT! I'm sorry, but you've taken too long to answer. We'll be confiscating all the hardware you use, er, used to use, to run your business. But we'll get it back to you 'real soon now.' Thank you for playing. CarrierHotels.com is carrying the story of a FBI raid on a web hosting company. When the hosting company didn't and/or couldn't provide the information the FBI was looking from its several terabytes of data within "several hours", the FBI decided it was more "efficient" to seize all the web servers and customer data as part of the FBI's investigation of a hacking incident."
someone had to say it..
and who says they abuse their power? (I wouldn't...)
Oh my, which one our corporate overlords were offended this time?
I'm sure there is more to the story than what we are hearing...
I wonder what the FBI was looking for.
The poor hosting company probably has ToS to live up to. This will ruin them.
If nothing is found, will they have any recourse against the FBI or are they screwed?
And what if you run your website on those servers for commercial use? Will the FBI refund the finanial damage you suffered (e.g. when you run a webshop or smthing)?
Ok, so it's faster to have to unplug all of the servers, carry them out of the building, put them on a truck, drive them several (dozens?) of miles, unload them from the truck, put them in a warehouse, re-plug them all in, and now have to datamine without the assistance of the people who operate the systems.
Was I abducted by aliens and brought to Bizarro world while I slept last night, or am I just missing something here?
Chris Knight is my hero.
or something like that? I wonder how their other clients feel?
If the FBI shoed up at my door... there would be a hell of an international incident as I live in Sweden (you insensitive clod!)
A little planning goes a long way...
if CIT might have been uncooperative. This article is very one sided and if it was taking hours and they weren't seeing it get anywhere then there might have been a legitimate problem. I don't know if taking the servers was the best solution but if they did it then there must have been something going on.
Evolution or ID?
Last year I found the a controller of the proxy that was installed on a NT workstation happened to be controlled out of the same data center that was shut down. That machine was telling the NT box to send out massive amounts of spam.
This is about the last data center on earth where script-kiddies can get free shell accounts.
This is a case were many servers got caught in the crossfire aginst the script kiddies and spamers.
--Mike--
Nazis? - I hate Illinois Nazis
There has to be more to this story. From what the article says, the FBI just walked in and shut them down. While that might have happened this story seems to be extremely one sided and a little short on the detail.
Initially, I don't like the sound of it at all given that I host several domains and don't want the FBI coming in and taking all of my servers. But, we don't know what led up to the seizure....maybe it was a legitimate action? We shouldn't judge too harshly until we have all the information. I'm trying to play devil's advocate here.
"Wisdom is not a product of schooling but of the life-long attempt to acquire it." -Albert Einstein
First their webserver farm gets seized by the FBI, then you post their story on /. ??? Give these guys a break!
I would be more worried about the fact that rather than being supplied with the data that they originally requested, they now potentially have the logs/records/recordings/information of all the transactions and customer records and IRC conversations ever hosted by this...
Will they delete the 'copied' data after they have finished, keeping only the information that they originally wanted, please this is v bad...
Thank God i dont live in the US
Kingdom of Loathing (www.kingdomofloathing.com) Addicted is me
FBI Shutters Web Host
By Rich Miller
Carrier Hotels Editor
Posted Feb 19, 2004
If FBI agents showed up at your data center bearing a warrant, would you be able to provide them prompt access to customer data? How long would it take?
That's an important question in the wake of an FBI raid of Columbus, Ohio hosting company CIT Hosting last Saturday. Federal agents wound up shutting down the entire operation, seizing all the company's web servers and all customer data as part of its investigation of a hacking incident.
CIT Hosting, also known as FooNet, markets itself as "the leader in the IRC and DDoS protection business for the last 5 years." The company posted a web page informing customers that its data center was shut down, and instructing customers to contact the FBI if they needed access to their files.
"The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host," the company said in its statement.
IRC (Internet Relay Chat) is a live chat system that allows users to create private discussion rooms. While IRC has a lengthy history of legitimate use, it is also a medium for discreet communication between hackers. CIT said the FBI was "investigating whether someone hosted on our network hacked and attacked someone else."
"After several hours of attempting to track down, inspect and audit the terabytes of data that we host, the FBI determined that it was more efficient (from their point of view) to remove all of our servers and transport them to the FBI local laboratories for inspection," the statement continued. "The FBI has assured us that as soon as the data has been safely copied and inspected, the equipment will be promptly returned. Unfortunately, the FBI has not been able to tell us when they will be completed with their inspection."
The seizure isn't standard procedure, and there's no way to know exactly what prompted it. CIT's account suggests the FBI may have lost patience with the process. The IRC-focused nature of CIT's business may also have been a factor.
But if you're a data center operator, you want to avoid any scenario in which the FBI gets impatient and starts hauling away your servers. Just one more item on the contingency planning checklist for the times in which we live.
This is the US we're talking about. We sue everyone for everything. In fact I just might sue you for implying we wouldn't sue.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
Its worth reading this thread
Rus
Cheap UK and US VPS
IDNRADC (I do not run a data center), but don't let that stop me from making a completely unqualified comment ;) ....
Perhaps just as important, or more important, are you storing customer data that could/should be regularly deleted? Not that burning everything when the FBI shows up is the best option, but having a sensible scheme for what needs to be stored, and what would be better deleted and overwritten, seems to me to be important...
There is an article here that tells that equipment is already being returned.
Evolution or ID?
From their site - don't forget to let the FBI know what you think! rwhite3@leo.gov
02/23/2004 CIT re-establishes service.
We have restored service at Equinix's Chicago Data Centers. We are in the same facilities as MSN and many fortune 500 companies. The facility has multi OC192 connections to the backbone.
The FBI has begun retuning equipment to CIT which is being shipped to our new facilities in Chicago.
At this time CIT will continue to provide dedicated DDOS Protected web hosting only.
CIT provides reliable and scalable solutions for customers of all sizes and services. Located in Equinix's Chicago Data Centers , CIT has access to all the major carriers without the need for local loop circuits.
Our Chicago staff is focused first and foremost on customer satisfaction, and will take every action necessary to accommodate each customer. Unlike many large ISPs, CIT prides itself in its ability to provide personalized service to each customer - if a customer calls twice for assistance, they can usually speak to the same representative. Our sales and support teams are allowed a great deal of flexibility to work together to resolve each customer's needs on an individual basis. Our success and rapid growth can be attributed to the satisfaction of our customers - word-of-mouth referrals account for a large portion of the new business we receive each month.
The IRC Network will remain down until further notice.
02/14/2004 FBI Confiscates all servers
Dear Customers of FOONET/CIT:
We regret to inform you that on Saturday February 14, 2004 at approximately 8:35 am EST, FOONET/CIT's data center in Columbus, Ohio temporarily ceased operations.
Here are the facts of what occurred:
The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host. According to the warrant, it appears that the Bureau is investigating whether someone hosted on our network hacked and attacked someone else.
After several hours of attempting to track down, inspect and audit the terabytes of data that we host, the FBI determined that it was more efficient (from their point of view) to remove all of our servers and transport them to the FBI local laboratories for inspection. This was completed at 7:00 pm EST same day.
The FBI has assured us that as soon as the data has been safely copied and inspected, the equipment will be promptly returned. Unfortunately, the FBI has not been able to tell us when they will be completed with their inspection.
We have been told by the Special Agent in charge of the investigation that If you need access to your data you are asked to please contact the Bureau via email to rwhite3@leo.gov. Make sure to include in your email your name, mailing address, and telephone number with area code.
Since we wish to focus 100% of our efforts on restoring services, we would appreciate it very much if you do not attempt to contact us directly. Please rest assured that we are doing everything possible to restore service to you as quickly as possible.
To the many who have inquired, Paul and family are OK, although shaken by these events. They are at home and awaiting the blessed event of their new child's birth. We thank you for your good wishes and prayers.
Please check back here often. Through this site, we will keep you informed of ongoing developments as we know them.
Thanks again for your understanding.
Marked troll already. That's slashdot for you.
Anyway this incident illustrates why the citizentry needs to be active in government instead of reactionary and "woe is me" after the fact. The government isn't very good at self-disciplining. That's our job. An absentee citizentry breds the results you see. Get out and vote in 2004. Get involved in local and national politics. Stop being a wallflower.
Is that if the FBI, ATF, *BI, or whoever seizes your property in the investigation of a crime, they are in no way liable for any damage that occurs to your property, if you can even consider it your property anymore, because, even if your property was deemed to have NOTHING to do with the crime being investigated, said above entities are not required to return your property. You have to SUE to get it back. Now how's that for some bullshit.
Ironically, they were probably investigating a Denial Of Service.
The only thing I find a bit odd about this whole thing is that it looks like they too the opportunity to relocate their data center to Chicago (it was previously in Cleveland). According to their news,
Wouldn't that unnecessarily delay the process of restoring service to their customers? Was the move already planned, or did they suddenly decide that they needed a different data center? Is it possible they're blowing the seize out of proportion in order to cover outages due to their move? Or did the seizure even actually happen?
...that 'the powers that be' are monitoring everything 'on the fly', if they need to get their hands on the physical data repository to check it out.
AT&ROFLMAO
what about their reputation for having illegal or compromising people using thier service. That reputation alone may be worse than the downtime.
Evolution or ID?
Doug Moen
I have written a truly remarkable program which this sig is too small to contain.
We, my comrades, live in dangerous times. It is not the threat of "terrorism," for terrorists do not want to take away our liberty (directly). No, it is the threat of the United States Government. The treat is posed militarily to those outside her boarders, and by gross incroachments on fundimental constitutional rights and liberties against those within her boarders. The 4th Amendment to the United States Constitution is as follows:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
So I say to you: is this not a blatant violation of the US Constitution? The warrent did not say to take the servers, did it? And where are the warrents of TSA people at the airports? where is their probably cause? where are OUR GODGIVEN, CONSTITUTIONALLY PROTECTED freedoms?
I'm surprised that there hasn't been any discussion of Magic Lantern for awhile...
Wether you find this acceptable depends I guess on wether you find it acceptable that the police can investigate crimes beyond posting a little poster asking criminals to please come to the station and answer their questions and to bring in any evidence on their own.
Normal search warrants on an office mean that the FBI and police storm the building and everyone inside is ordered to stop doing anything. No more accessing PC's no shredding of documents no phone calls no nothing. The reason is simple to prevent evidence from being destroyed.
I am frankly amazed that they even allowed the company to provide the info this shows that they probably don't suspect the company but rather that they hope to find evidence against someone else on their systems.
There was a rather nasty ddos attack on mircx and aniverse. The FBI seems to be investigating wether the IRC network hosted by this company was used in the attack. There seems to be a lot of hints as to the person who was behind the attack but sadly in america you need that silly evidence stuff (at least for use against americans).
So the FBI asked and got a search warrant. They then gave the company time to hand over the data but they couldn't. So the FBI used the law and did what we expect them to do. Secure any evidence by removing access to it. They are even giving the hardware back. They waited wich they don't have to and give the hardware back after copying data wich they don't have to do. Frankly I think they went way beyond what they needed to do to minimize damage.
Quit frankly the original poster seems to be one of those people that want the police to disappear. That line about wich coorperate master they offended is clear bullshit. mircx and aniverse are hardly the powers that be.
In any society that doesn't chose to be an anarchy you have to give some powers to the police to investigate crimes. Search warrants are pretty common in all democracys and also work pretty much the same way. If you get one it sucks but so far noone has come up with a better alternative except to just allow criminals free reign.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I can't get access to the article, but I guess that the story is about the shutdown of FooNet. FooNet isn't a "real" hosting solution ; it's a cheap shell provider for script kiddies who want to have their own ircd. They might also provide "serious" hosting services ; but as soon as one provides shell services for such a targetted audience, she knows that she will have to handle some specific problems - DDOS, flood, etc.
And according to what I know about the FooNet shutdown (if that's the same story), there was thousands of DDOS "drones" located at the datacenter, and the staff of the datacenter failed to shut them down. That sounds very dubious to me, but you might want to check this for another side of the story ...
Quoting :
PS: if the shutdown mentionned isn't the FooNet one, ignore this post :-)
It's not like I agree with this, if indeed things happened as the article state... but a quick google on FooNet (AKA / DBA CIT ) turns up some VERY interesting results.
I google'd quickly on a hunch, and sure enough I got some rather interesting hits.
I claim to know nothing about SPEWS and how they go about adding to the blacklists, but they apparently are no stranger to it.
Furthermore, it seems that this IS NOT the first run-in with the FBI that FooNet/CIT has had: from here, if you scroll down a bit, you'll see the following text: The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host # We regret to inform you that on Saturday February 14, 2004 at approximately 8:35 am EST, FOONET/CIT's data center in Columbus, Ohio temporarily ceased operations. And this was from Feb. 14 ...
Another incident was reported out here on 07/12/03 (search the page for "foonet") ... seems that 84898 spams swamped a box, and follow-up by FooNet sucked - e.g. they turned a blind eye.
There are far too many hits to return ... if you're interested in more, you can always head here. For now, I'll close with this: I do not agree with the methods used, if they were as described ... however, FooNet/CIT is no stranger to the FBI, and perhaps this is all rolled in to the Feb. 14th notice ... maybe the FBI actually gave them 10 days to comply... I'd really like to see how this ends.
Not to mention you could've just used a box of floppies to copy the hard drives.
Abdul, Mohammed, Mustafa Ali, greetings! The goat is roasted. I repeat, the goat is roasted. Run! Run like the great camel to tell Uncle.
It seems that many people didn't read the text. The FBI had a warrant, which means they had to go before a judge, justify the need, and spell out what would be looked for/taken. If it wasn't initially spelled out that the servers would be taken, they might have had the warrant amended as such. Before some of you "conspiracy theorists" start screaming about a police state and such, the FBI was acting in the bounds of the law, under a warrant issued by a judge. John Ashcroft and George Bush had nothing to do with this. Maybe once you stop looking for black helicopters, you can see this. As for those of you saying you're glad you don't live in the US, we are the most free, most law-abiding country in the world. While we may not be perfect, we're the best thing going. Sorry if I'm offending anyone, but I'm tired of hearing knee-jerk reactions to things, without anyone reading the facts. Believe it or not, not EVERYTHING the government does is wrong.
Liberalism...the next best thing to thinking.
You are a cop and arrive at a murder scene with a dozen doctors standing around the corpse. Would you really allow any of these medical experts to assist you with determining the cause of death?
A shutdown machine cannot erase data and the fbi got the tools to simply copy data from HD's without the computer it was in being involved. This prevents any chance of the data being destroyed.
Saying they replug them back in at the fbi shows you have no idea of what is involved in this kind of investigation. They copy the HD's directly and completly by taking them out and putting them in their own hardware.
How the fbi does this kinda stuff has been discussed often enough on /.
This is nothing else then the police sealing of a crime scene. Any inconvenience is considered though luck. It really is no different from streets being closed off to allow marathons or demonstrations or repairs. Yes they do attempt to minimize damage but the investigation comes first.
But lets turn it around. If the FBI raids a place like enron would you find it acceptable if the bosses were allowed to keep making phone calls and keep working on their pc's and play with their shredders as they could loose money if the police removed access and took everything away?
Of course not. Just because this is a small hosting company doesn't change the law.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
No, it turns out you are right, cit & foonet are one and the same. http://www.easynetworknyc.com/foonet/
I do wonder how cooperative CIT was. After several hours of requests for the info (with a warrent) the FBI must have been riled to say "F-this-S, haul it away!". Think about how much extra work that must have been. There's more to this story, pity no news service has looked into it yet.
One line blog. I hear that they're called Twitters now.
the guy behind it seems to have been boosting about about a 200k botnet. 200.000 machines under his control. I think this is no longer some harmless hacking. This is stuff the fbi needs to investigate cause quit frankly nobody else seems able to stop this.
So unless you believe the net should be total anarachy ruled by those with the most bots then this kinda off stuff is sadly needed. To bad for those caught in the crossfire but that is live. Nothing really different from when all trains are disrupted because someone jumped in front of one. A marathon closing off all the streets despite the fact you hate sports. A demonstration causing massive gridlock despite the fact that only 200 people in a million people city are taking part.
Live sucks at times. Really this story shows that /. is getting more and more tabloid. A serious tech site would have asked what the fbi was investigating and wether the hosting company was hosting the person investigated or had servers wich were hacked or was simply a place where the hacker might have left evidence.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I don't buy it! How can they move that stuff, not only physically, but also logically? To re-plug the servers, they need:
;-).
Or they can clone all the drives with ghost (now with ext3 support) and use Ghost Explorer in Windows to find specific files and folders without ever booting the machines into Linux and dealing with bullshit. (also dd/mount -o loop)
I prefer to read (between the lines) that they wanted something to be stopped, and eventually an occasion to get the information on the long term (weeks at least) on who/where it is
I believe one of two things:
1) They possibly thought whatever was going on might have been contributed to by someone on the inside and didn't want to give time for people to erase evidence. Maybe a raving lunatic anonymous coward but link.
2) They got impatient and thought they could do it faster, which probably ended up not being the case.
The strange part, for a European citizen like me, is that no reason at all is given. Normally (in democratic/free world), an investigation means a judge, some reasons, some rule brake, some arguments on why the police is acting.
A warrant means that a Judge signed off on the investigation. They were able to convince a Judge that they had probable cause, how is this different from Europe? (I'm not trolling, I just don't know much about the legal system in European Countries and realize that it probably differs from Euro Country to Euro Country)
I hope that with these new laws in Europe we are not going to become like that too soon
I agree, big brother is getting scary here in the states.
Can I get an eye poke?
Dog House Forum
Let me fill you in on Foonet.
Foonet was the blackest of the black hat networks in existance. They hosted spammers, carders (credit card theives), DDoS drones, floodnets, and various other illegal activities and blindly turned the opposite way and let it happen.
Foonet was based out of the basement of the owners' house. There was no actual 'data center'. They had a T3 and a few T1s - nowhere near the OC-X level they were claiming.
They got tossed off of GBLX about a week before they were raided, and were humping the light at Qwest right before they got pulled.
I knew about this right after it happened.
Foonet will not be coming back, so get over it kiddies. Your DDoS drones are gone. Spammers, your mail servers are gone. Go run and hide under another rock.
A little hint for all of you who can't figure it out - the FBI doesn't usually seize all equipment if its something small. If they took all of the equipment, there is a good reason why they did (not that foonet was acting 'too slow').
I have a list of stuff about foonet on the AHBL page here.
Brielle
I 100% agree. I get in political discussion with folks who complain about the system not working...when I ask if they write their representatives they say no. I ask if they vote, they say they aren't registered. How dare someone say the system is broken when they've never bothered to participate!! Register to vote if you haven't already and GET OUT AND BE HEARD. Vote on election days, write your senators and representative whenever you have something for the government to hear. A government of the people means we are their bosses! They don't listen to the majority, they lose their job. And don't say to me "the /. geeks will never be the majority" until you all are registered to vote and participate in our government! It's more important for us to do it now more than ever...
perl -e '$_="\007/4`\cp%2,".chr(127);s/./"\"\\c$&\""/gees
One more reason to get hosting based outside the US, if your site does anything but blindly wave the flag and speak the newspeak.
It won't help. People won't vote third party, they only vote for the current reigning Demopublican party.
The democrats and republicans use rhetoric to convince the less intelligent that there's actually a difference between the two, assuring that almost everyone votes democrat to vote AGAINST the republican, or republican to vote AGAINST the democrat.
Unfortunately, there's no appreciable difference betwixt the two, so we're condemned to continue down the slippery slope.
I live in Columbus, and have had the misfortune of working with foonet/Creative Internet Technologies/Creative Internet Techniques - they have called themselves all three. The small ISP which I used for my website unexpectedly moved our web site to a server at foonet. All of our mail forwarding was getting blocked by about every blacklist on the planet, and the uptime was horrendous. Needless to say, despite the 3 month prepay, we immediatly moved to another ISP. While we were being hosted at foonet, located about 10 minutes from us, I called them (local, no 800 # - ) multiple times, telling them that they were on blacklists. I never could talk to anyone, just leave messages that would go unanswered. If you are doing anything remotely important, avoid foonet/CIT like the plague. Their phone numbers are/used to be Sales - 614 353 8243 and General Inquires - 740 881 0323
The FBI cart equipment away to their premises in order to duplicate the systems and environments. If ever you get into information systems forensics, they would at least perform 2 copies. One is kept as an exact duplicate (to keep for their investigation records) and at least another to actually run analysis against (since searching on an active system can change the data stored in it).
It also makes it easier to catalog what they are working with, and prevents any interference from the outside.
Delete your logs. Delete them early, and delete them often. Searching through 24 hours worth of data is a lot easier then searching through 2 years worth...
"Freedom means freedom for everybody" -- Dick Cheney
The only problem is, no one really seems to know what is going on!
Speculation on cause has ranged from DDoS attacks to having to do with the Microsoft leaked source code.
SearchIRC - Now with live chat directory!
If you are a data center, this sounds like another good reason to have a mirror (RAID 0, or is it RAID 1). That way you can just unplug the mirror drive and give it to the FBI without disturbing the rest of your service.
Actually this makes the acronym RAID (Redundant Array of Inexpensive Devices) have dual meaning... RAID is what you want when you are raided!
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Irvingnet, the home of the Fark IRC channel, was also affected in the raid. The MOTD said that the entire datacenter was cleaned out by the FBI.
Where does the school board find them and why do they keep sending them to ME?
I have believed for a long time that more Americans should be voting for the Green party. There are many who prefer the Green's stand but fear that a vote for Green is a vote wasted and would only serve to help put the Republicans in office. I suggest accepting the (relatively) short term pain of Republican rule and looking at the long term.
Currently the Democrats and Republicans are essentially different flavours of the same poison. Forget the next election, forget the next five elections. Even if the Democrats gain power they will produce more of the same crap. Vote Green in the next election - they won't get much this time around, but if everyone who wanted to vote Green did, then the Greens would probably make the coveted 5% mark, which means more money. With more money they could do better the next time around, and after two or three more elections they could mount a real challenge to the status quo (if they manage to not become a part of the status quo).
Forget tomorrow; tomorrow is already a disaster. Think of your children and think of your grandchildren.
As for the Green party itself, getting Nader elected (as implausible as it may be) would not be a great triumph as I can easily imagine the dems and repubs in the houses making his life hell. The Greens need to seriously focus on getting seats in the two houses. With balances teetering at 51-49 for a long long time, the Greens getting just a few seats and being able to tip a house one way or the other could provide a breath of fresh air that American politics has needed for a very long time. Why the US generally believes it can only function with a two-party political system (with little difference between the two) is baffling and perhaps a little sad.
RTFM; please, I beg you.
Voting for the lesser of two evils is better than not voting at all. If you're about to be killed, and the murderer says "should I use this shotgun and blow your head off, or stick you with tiny needles until you bleed to death?" would you make a choice or let him choose? Not to say that our government elections are akin to murder per se (though some might interpret them as such).
Government participation is important after the election too, there are many websites that make it easy to send letters to your elected officials to tell them your opinion. That way you can make a difference every day for their elected term, instead of just once every few years. Don't say I'm full of shit if you don't try.
perl -e '$_="\007/4`\cp%2,".chr(127);s/./"\"\\c$&\""/gees
1.) Foonet/CIT did cooperate. 2.) Warrant was sealed. 3.) Not many, if any, got "free" accounts there. 4.) 300 or so servers were taken. 5.) Agent responsible to contact hasn't been returning calls/emails. 6.) Only a couple of machines have been returned, some should be sent out today. 7.) Warrant was served on a house which contained foonet/cit, Paul, his very pregnant wife, and two small children. 8.) Paul has always cooperated with the FBI. 9.) A 200K botnet would have clogged the lines Foonet/CIT was on, get real for pitys sake, 200K? lol 10.) Those crying DDos kiddies being freely housed are mostly terminated customers. 11.) The ownership of Foonet/CIT had recently changed, some guy named Jay owns it now. 12.) Nobody directly working for/owning Foonet/CIT knows why this raid was done, why do kiddies claim they do? I'm going to work now, feel free to flame. Sincerely, Kelly
I would recommend that the ISP gets all the user data (non-executable) off into storage, wipe clean, re-install everything, copy data back on...Problem is that the setup for this would be exhaustive and time-consuming. However, if there is an IRC informant tool that has been added to this (I remember slashdot articles concerning a system developed by FBI or CIA on a system to snoop) it would conflict with the ISP's promise of security and privacy...
When all is said and done, nothing changes...
The problem is the ratio of times that terrorists are *really* involved.
How many major terror acts are perpetrated or confounded each year relative to how much we've seen "The War on Terror" used to justify anything and everything anyone can get away with. Funding for every agency under the sun derives from whether they're combatting terror. The DOE needs money "to combat terror" by developing methods to protect our utility grid. The DoD needs funds to "help combat terrorism" by developing new monitoring and data-mining technologies. The CDC needs money to "help combat terror" by producing vaccines. I'll bet that even the Department of Agriculture has funding initiatives based on "terror" somewhere -- maybe they want to monitor use of crop dusters, who knows.
It's freaking ridiculous. The "War on Terror" certainly saves lives, but the amount of resources that have been claimed in its name *vastly* outweigh the amount of damage that terrorism has done to us. A lot more people lost their lives to car crashes in 2001 than to terrorist attacks. Did we have black helicopters ready to swoop down on speeders? How about long-range alcohol sensors? What about armed guards at strategically-placed toll booths that search cars and people thoroughly for any kind of alcohol? All these sorts of things have been done in the name of "The War on Terror", instead of being used in an area where more American lives are being lost. The "War on Terror" is, frankly, a tool based in fear to help manipulate the masses. It has little practical value.
I claim that terrorism on the order of at 200:1 life amplification (roughly what the 9/11 terrorists achived -- something like 4000 lives to around 20 terrorists) cannot be eliminated without massively curtailing and altering a free society. There are just too many ways for a person willing to die to kill many people.
I would like to point out that people are only willing to throw their lives away if they are incredibly upset over something you've done. You don't see Iceland coming under terror attacks, because Iceland doesn't anger people to the point of being willing to die to kill Icelanders (or whatever a citizen of Iceland is called).
We have spent masses of money and effort on trying to figure out how to crush terror rings, on making people so afraid to resist the United States that they won't dream of it. The problem is, it can't be done. The Soviets couldn't crush resistance with years of secret police and encouraging children to inform on their parents. I don't think Bush Junior can do so in our society. Sheer force and fear just don't work when you're dealing with people who are willing to lose their lives to kill. You have no cards that they are interested in.
How much money has been spent on diplomatic and social solutions to eliminating terrorism? Supposedly the United States has a negative image in Islamic countries -- how much work have we gone through to improve that image? How much effort has gone into determining the things that are making people so angry that they are willing to *die* to hurt citizens in the US and resolve those issues?
A lot of people feel that trying to resolve things peacefully would be "giving in to the terrorists", and encourage future terrorist acts. I don't agree. The only value to a hard-core refusal to ever attempt peaceful solutions is as an attempt to establish prescedent governing future acts -- that no terrorist would ever be willing to attack the United States if it was *guaranteed* that doing so would hurt his cause, and damn the consequences to us in hurting that cause. The problem is, the prescedent has clearly not been established during the time we have taken a hard-line approach. The United States was attacked several times, despite having followed tough guidelines for dealing with terrorism in the past.
I'm curious as to what would happen if the 70 billion or whatever dollars that are being spent to keep us in Iraq (which at least originally was supposed
May we never see th
I see all alot of, "their rights have been violated", and "this is why I don't host in the US", and "here's what I think they're investigating", but I don't see anything constructive about how to protect your service uptime against a raid.
At a local security meeting, I learned about security incident handling, and things you can do to help preserve the chain of custody of the evidence (aka data). It's one thing to copy data, but just by reading data on most filesystems, you alter it. If a hacker determines that you are investigating them, that can and will try as fast as they can to cover their tracks, and it's alot quicker to delete/destroy/taint data than copy data.
The fastest and best to preserve a single machine's data is to break a RAID 1 array (pull out live disks). Your machines keep running, and the FBI gets a pristine copy of the disks that they can put into (hopefully antistatic) evidence bags and document chain of custody without modification of the data. They can go read it at their leisure off-site. Using RAID5 doesn't cut it. Using single disks with frequent backups doesn't cut it. Use RAID1.
Another way to protect data and preserve service is to store all non-OS data on enterprise storage that supports advanced mirroring or snapshot capabilities. If I had a NetApp, I could create a read-only snapshot and give the FBI access to that point in time copy of data and never delete it until I can do a DR copy of my filer onto another box. If I have an EMC or Hitachi or other large RAID1-capable unit, I can beak off a very large mirror and present it to FBI hosts on a SAN and continue to run off of unprotected data or implement a disaster recovery plan to get me running again on another similar storage. This data isn't as clean as a "drive in a bag", but with proper notes and techniques, the FBI can be convincing enough to a jury that the data was used in the investigation was correctly read unmodified "beyond a reasonable doubt".
If I'm really good, and have a bigger budget, I'll have a near-real-time mirror of that data (NetApp SnapMirror, EMC SRDF, "rsync", etc.) in a remote location that runs independently of my primary site and a plan that will help keep me running while I let the FBI tears apart my primary data center.
If you run a 100% uptime service ("Show me the nines!"), it's your responsiblity to to have an effective disaster recover plan. An FBI or Secret Service raid is an equivalent of a jumbo jet crashing into your data center. You as an individual, have a RIGHT to privacy and due process, but your company has created obligations to your customers to which you've guaranteed service, and your customers care more about the latter than the former. It's more responsible to have a DR plan and sue the FBI to replace your hardware than not have a plan and sue for lost business.
-ez
If the checksum doesn't fit, you can't commit!
Clinton administration under that bastion of civil liberties (nevermind Waco, Ruby Ridge, or Elian Gonzalez)
I hate to get offtopic here, but it really annoys me when democrat bashers don't even know what they're talking about. I bet you listen to Rush Limbaugh or Michael Savage religiously.
Hint, Ruby Ridge happened in '92.
The company in question, known as "Foonet" or "Creative Internet Technologies" is well known to anyone who frequents efnet as a safe haven for anyone involved in illegal activities, including DDoS, childporn, compromising hosts, spamming, carding etc, the staff of foonet are well known for overlooking illegal activity by their customers..
Most likely the fbi turned up to confiscate one or two customers boxes and saw how stuffed with illegal data their network is, virtually everyone on efnet who is involved with illegal activity used to base their operation from foonet, the servers there will be a total goldmine of evidence for the fbi..
Infact, the staff themselves at foonet are well known for breaking the law, in particular "Paul" who owns the company gives shell accounts or free hosting to people who will ddos for him, and often the staff at foonet have used their customers credit cards for fraudulent transactions.
From their site:
The rest of the page is chaff about who the company is, and things already quoted here.
This puts the downtime they experienced at about 2 weeks - which must have been very disruptive to their business, but not in line with most "the FBI is here" horror stories. Though I understand the FBI agents in this case not wanting to be any more disruptive than they have to be, it is incompetent of the FBI as an organization to not have a more unitrusive means of auditing large datahouses unannounced - although the companies they arrive at cannot possibly be prepared, the FBI must anticipate this frequent eventuality.I know the Ashcroft-obsessed crowd will drown out this message, but I will say it anyway.
foo.net has, for the longest time, been protecting carders. They've been told so, repeatedly, by the anti-spam community and weaseled. My suspicion at this point is that either they are actively involved and/or some of their members are involved. FBI methods aside, foo.net isn't the innocent-victim they would have you believe.
As someone who has had multiple run-ins with Foonet and their customers over the years, I'm personally glad to see this happen, even if it's only temporary. The FBI doesn't just decide to dismantle an entire datacenter on a whim, there obviously has to be just cause. I feel that in this case, there's probably more than enough cause. If you are a (wannabe) "hacker" or "packet kiddie", Foonet is the place for you, and most people know it.
I run a large text based chat server (IRC), and as such we see frequent (D)DoS attacks. Far too many of these attacks in some way lead back to Foonet. It's even rumored that some of their employees harvest and sell Denial of Service drone networks... how's that for service! Since Foonet was raided a week and a half ago, we've seen maybe 25% of the DDoS attacks that we reguarly receive.
Bottom line... don't target "kiddies" as your primary customer base, and don't tolerate their abuse and things like this will not happen. But hey, what do I know.
And most likely, the FBI didn't tell the hosting company exactly what it is they wanted. When the Feds come in with a search warrant, they don't ask for your help. They say, "stand aside" and commence ransacking.
Why should I argue rationally with someone being irrational? I'll just mock them instead.
The agent that siezed the equipment probably has a boss who expects to see progress, and that progress is probably propagated up the line to the point where the details have been filtered out and it's just a number on a spreadsheet of how many computer crimes have been procecuted in the last however many days. The ulterior motive is to look like he's being productive in order to keep his job.
Ah, there's the rub.
Behind every job is a human being. That job could be something as heroic and altruistic as a fireman, or something as shady and questionable as this FBI guy. What all the folks in the country need to realize is that all the things we bitch about are being done TO us, BY us. If people would refuse to fill jobs that had questionable consquences, things might be different. We will never know that, since we all have bills to pay, and somebody will always take those crappy jobs.
What I find fascinating is that so many of us have jobs where the harmful consequences are so far down the chain that we can't even see how we have contributed. But alas we are all a part of our own mess.
The House Between - Original Sci-Fi Series
While everyone seems to be focusing on the FBI and it's antics, hackers behind the scenes are running around making fools of intelligent men.
This weekend, we saw foonet disappear without a trace, mirc-x, aniverse, and rizen brought down in flames by DDoS attacks, and (ranked least important on this list) the anime fansubbing scene, as well as Paul (the one actually served with the warrant says #foonet on efnet) in complete disarray and confusion.
Maybe in a few weeks, some legitimate news corporation will repost what I'm about to suggest with more information.
foonet's ircd was probably a host for some sort of illegality, hence the FBI's raid.
The warrant may have been formed with the help of an IRCop on mirc-x.
While sustaining DDoS attacks, a user visited mirc-x appearing to "be the culprit," and left a few locations he could be found.
Reading between lines, the lingo announced the reason for the attack: That damn IRCop reported my irc server with a lot of hacked computers taken away. So I'm bringing down his network.
What was the reason the IRCop reported anything? Did he crack a joke about the hacker's mother? Or was he just doing the "right thing?"
Sadly enough, by the end of the weekend, the anime scene had pretty much caused the death of 3 servers either due to load, or to followed DDoS attacks on other servers.
I have to wonder if there's actually a connection between the two events. 3 IRC networks down and an entire hosting company at a local FBI headquarters because of hacker squabbles? Are they really that important and/or worth the time?
I wish I knew. I wish someone could actually write about it. My story can't possibly be true.
-Kenners EE,CE,JP&RPI.EDU
I would like to ask this person: was it worth it? Is the evidence that this will result in, going to have value that exceeds the harm? Did you even ask yourself that question, before you signed the warrant?
I guess you can blame the FBI too, for bringing that unsigned warrant to some judge to be signed. But the responsibility ultimately fell on the judge.
Who judges the judges?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
A data center adds this risk, which needs to be considered in a disaster recovery plan. Do you have off site backups at your hosted site? If the hosting site has the tapes, they may included when the warrant is executed. Your equipment may be swept up in a search of the datacenter, your first notice may be the watchdog scripts
Right on target. In my experience the FBI couldn't give a rats ass about causing the least amount of colateral damage or returning your siezed property. In 2001 (I believe that's right) the FBI siezed a Sun 20 from a lab at a University I worked for. The lab was less than maintained. It was full of SGIs that were vulnerable to every possible exploit for the last 5 or 6 years. It was a joke really. The Sun was also unmaintained. I pointed out to my super 10 months before the siezure that the Sun was an open relay and had services running that shouldn't be (I still have that email!). Nevertheless it wasn't touched for 10 months. Right about the time I volunteered to help the lab maintainer get everything up to date and secure again the FBI came in and siezed the Sun. It apparently was used for something bad. I haven't been with that University for a while now but last I knew it still hadn't been returned. The FBI couldn't give a rat's ass about causing the least amount of colateral damage. Their actions speak for themselves. What if the machine used for the attack (or probe for that matter) was the Unv's mail server? It was poorly maintained too and had been hacked before. What if an attacker used it as a launching pad for an attack. Would the FBI sieze that piece of state property, effecting bringing email on campus to a complete halt? It's sad really to think about it.
Unless the hosting service itself is involved in criminal acts, it is unlawful for the FBI to request a search or seizure of "work product materials possessed by a person reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication, in or affecting interstate or foreign commerce". This includes hosting services; that was established in the Steve Jackson Games case. The service itself, not its users, has to be engaged in criminal activities before search and seizure can take place.
The FBI is usually quite careful about this, having been publicly embarassed in the Steve Jackson Games case. So the question is whether there are criminal charges against the hosting service.
"Besides the option of a large poster, it seems to me it would be possible to have a system where the police can search for evidence with a warrant, but have to pay for any damages they cause if the victims turn out to be innocent."
It should be the other way round: Unless there is danger of life or other physical harm involved, any investigation should set its priority in such a way that no one should feel hassled by the investigation. It feels strange to see that no one seems to question the means necessary to conduct an investigation.
Was it necessary to do the raid on a Saturday? Was there an imminent threat that had to be averted now and then? Monday would have been to late?
Investigators in the US seem to have completely disconnected from the actual proportions of crimes. A suspected center of DDoS attacks does not warrant the same level of agency involvement as a murder case.
This is one of those times where the government violates all constitutional protections to the point that citizens so violated damn near have a DUTY to exercise their second amendment rights. There is no excuse for the government putting a company out of business if their only requirement is to copy data. And if the FBI is unable to do so on-site in an orderly manner, it is their failure not the fault of the ISP. ISPs have long been given the protection of a "Common Carrier" just like the telcos. They are not responsible for monitoring the content of user conversations any more than ATT/MCI/Sprint are to monitor personal phone calls. Can you imagine the FBI shutting down AT&T and confiscating their equipment because a couple hackers were discussing DDoSing? It really is getting to the point that US citizens need to start pushing back against an overbearing government. Quite frankly, take away cable TV and consumer goods and little separates the USA of today and the Soviet Union of the 1960s and 70s as far as freedom and liberty go.
Steel doors, three feet thick slam closed sealing off the datacenter. Have all the computers in a vault. Single entry door (now covered by three feet of steel), and sets of quintuple, automatically locking one-way exit doors for the techs in the vault. When the FBI comes, push the Red Button. The vault main doors close, and the techs descend fire poles, with foot thick steel apertures closing off the vertical entrances. Then they file out of the escape doors, into the basement of the administrative facility. When the all clear is sounded (via radio-frequency tags embedded in employee ID tags) and everyone is out of the vault, epoxy resin is force-injected into the space between the quintuple evacuation doors.
Anyway, these places usually have gobs of venture capital. What the FUCK are they spending it on, pool tables and nerf guns?