Slashdot Mirror
Too slow! FBI Shuts Down Hosting Service
Chope writes "If FBI agents showed up at your data center bearing a warrant, would you be able to provide them prompt access to customer data?
BZZZZT! I'm sorry, but you've taken too long to answer. We'll be confiscating all the hardware you use, er, used to use, to run your business. But we'll get it back to you 'real soon now.' Thank you for playing. CarrierHotels.com is carrying the story of a FBI raid on a web hosting company. When the hosting company didn't and/or couldn't provide the information the FBI was looking from its several terabytes of data within "several hours", the FBI decided it was more "efficient" to seize all the web servers and customer data as part of the FBI's investigation of a hacking incident."
someone had to say it..
The poor hosting company probably has ToS to live up to. This will ruin them.
If nothing is found, will they have any recourse against the FBI or are they screwed?
And what if you run your website on those servers for commercial use? Will the FBI refund the finanial damage you suffered (e.g. when you run a webshop or smthing)?
If the FBI shoed up at my door... there would be a hell of an international incident as I live in Sweden (you insensitive clod!)
A little planning goes a long way...
if CIT might have been uncooperative. This article is very one sided and if it was taking hours and they weren't seeing it get anywhere then there might have been a legitimate problem. I don't know if taking the servers was the best solution but if they did it then there must have been something going on.
Evolution or ID?
Last year I found the a controller of the proxy that was installed on a NT workstation happened to be controlled out of the same data center that was shut down. That machine was telling the NT box to send out massive amounts of spam.
This is about the last data center on earth where script-kiddies can get free shell accounts.
This is a case were many servers got caught in the crossfire aginst the script kiddies and spamers.
There is no spoon or sig.
There has to be more to this story. From what the article says, the FBI just walked in and shut them down. While that might have happened this story seems to be extremely one sided and a little short on the detail.
Initially, I don't like the sound of it at all given that I host several domains and don't want the FBI coming in and taking all of my servers. But, we don't know what led up to the seizure....maybe it was a legitimate action? We shouldn't judge too harshly until we have all the information. I'm trying to play devil's advocate here.
"Wisdom is not a product of schooling but of the life-long attempt to acquire it." -Albert Einstein
First their webserver farm gets seized by the FBI, then you post their story on /. ??? Give these guys a break!
I would be more worried about the fact that rather than being supplied with the data that they originally requested, they now potentially have the logs/records/recordings/information of all the transactions and customer records and IRC conversations ever hosted by this...
Will they delete the 'copied' data after they have finished, keeping only the information that they originally wanted, please this is v bad...
Thank God i dont live in the US
Kingdom of Loathing (www.kingdomofloathing.com) Addicted is me
FBI Shutters Web Host
By Rich Miller
Carrier Hotels Editor
Posted Feb 19, 2004
If FBI agents showed up at your data center bearing a warrant, would you be able to provide them prompt access to customer data? How long would it take?
That's an important question in the wake of an FBI raid of Columbus, Ohio hosting company CIT Hosting last Saturday. Federal agents wound up shutting down the entire operation, seizing all the company's web servers and all customer data as part of its investigation of a hacking incident.
CIT Hosting, also known as FooNet, markets itself as "the leader in the IRC and DDoS protection business for the last 5 years." The company posted a web page informing customers that its data center was shut down, and instructing customers to contact the FBI if they needed access to their files.
"The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host," the company said in its statement.
IRC (Internet Relay Chat) is a live chat system that allows users to create private discussion rooms. While IRC has a lengthy history of legitimate use, it is also a medium for discreet communication between hackers. CIT said the FBI was "investigating whether someone hosted on our network hacked and attacked someone else."
"After several hours of attempting to track down, inspect and audit the terabytes of data that we host, the FBI determined that it was more efficient (from their point of view) to remove all of our servers and transport them to the FBI local laboratories for inspection," the statement continued. "The FBI has assured us that as soon as the data has been safely copied and inspected, the equipment will be promptly returned. Unfortunately, the FBI has not been able to tell us when they will be completed with their inspection."
The seizure isn't standard procedure, and there's no way to know exactly what prompted it. CIT's account suggests the FBI may have lost patience with the process. The IRC-focused nature of CIT's business may also have been a factor.
But if you're a data center operator, you want to avoid any scenario in which the FBI gets impatient and starts hauling away your servers. Just one more item on the contingency planning checklist for the times in which we live.
This is the US we're talking about. We sue everyone for everything. In fact I just might sue you for implying we wouldn't sue.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
IDNRADC (I do not run a data center), but don't let that stop me from making a completely unqualified comment ;) ....
Perhaps just as important, or more important, are you storing customer data that could/should be regularly deleted? Not that burning everything when the FBI shows up is the best option, but having a sensible scheme for what needs to be stored, and what would be better deleted and overwritten, seems to me to be important...
From their site - don't forget to let the FBI know what you think! rwhite3@leo.gov
02/23/2004 CIT re-establishes service.
We have restored service at Equinix's Chicago Data Centers. We are in the same facilities as MSN and many fortune 500 companies. The facility has multi OC192 connections to the backbone.
The FBI has begun retuning equipment to CIT which is being shipped to our new facilities in Chicago.
At this time CIT will continue to provide dedicated DDOS Protected web hosting only.
CIT provides reliable and scalable solutions for customers of all sizes and services. Located in Equinix's Chicago Data Centers , CIT has access to all the major carriers without the need for local loop circuits.
Our Chicago staff is focused first and foremost on customer satisfaction, and will take every action necessary to accommodate each customer. Unlike many large ISPs, CIT prides itself in its ability to provide personalized service to each customer - if a customer calls twice for assistance, they can usually speak to the same representative. Our sales and support teams are allowed a great deal of flexibility to work together to resolve each customer's needs on an individual basis. Our success and rapid growth can be attributed to the satisfaction of our customers - word-of-mouth referrals account for a large portion of the new business we receive each month.
The IRC Network will remain down until further notice.
02/14/2004 FBI Confiscates all servers
Dear Customers of FOONET/CIT:
We regret to inform you that on Saturday February 14, 2004 at approximately 8:35 am EST, FOONET/CIT's data center in Columbus, Ohio temporarily ceased operations.
Here are the facts of what occurred:
The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host. According to the warrant, it appears that the Bureau is investigating whether someone hosted on our network hacked and attacked someone else.
After several hours of attempting to track down, inspect and audit the terabytes of data that we host, the FBI determined that it was more efficient (from their point of view) to remove all of our servers and transport them to the FBI local laboratories for inspection. This was completed at 7:00 pm EST same day.
The FBI has assured us that as soon as the data has been safely copied and inspected, the equipment will be promptly returned. Unfortunately, the FBI has not been able to tell us when they will be completed with their inspection.
We have been told by the Special Agent in charge of the investigation that If you need access to your data you are asked to please contact the Bureau via email to rwhite3@leo.gov. Make sure to include in your email your name, mailing address, and telephone number with area code.
Since we wish to focus 100% of our efforts on restoring services, we would appreciate it very much if you do not attempt to contact us directly. Please rest assured that we are doing everything possible to restore service to you as quickly as possible.
To the many who have inquired, Paul and family are OK, although shaken by these events. They are at home and awaiting the blessed event of their new child's birth. We thank you for your good wishes and prayers.
Please check back here often. Through this site, we will keep you informed of ongoing developments as we know them.
Thanks again for your understanding.
Marked troll already. That's slashdot for you.
Anyway this incident illustrates why the citizentry needs to be active in government instead of reactionary and "woe is me" after the fact. The government isn't very good at self-disciplining. That's our job. An absentee citizentry breds the results you see. Get out and vote in 2004. Get involved in local and national politics. Stop being a wallflower.
Is that if the FBI, ATF, *BI, or whoever seizes your property in the investigation of a crime, they are in no way liable for any damage that occurs to your property, if you can even consider it your property anymore, because, even if your property was deemed to have NOTHING to do with the crime being investigated, said above entities are not required to return your property. You have to SUE to get it back. Now how's that for some bullshit.
The only thing I find a bit odd about this whole thing is that it looks like they too the opportunity to relocate their data center to Chicago (it was previously in Cleveland). According to their news,
Wouldn't that unnecessarily delay the process of restoring service to their customers? Was the move already planned, or did they suddenly decide that they needed a different data center? Is it possible they're blowing the seize out of proportion in order to cover outages due to their move? Or did the seizure even actually happen?
I bet there is more to the story than we are hearing. There was a search warrent from the "United States District Court for the Southern District of Ohio"
To get a search warrent you have to have something to go on already.
Evolution or ID?
...that 'the powers that be' are monitoring everything 'on the fly', if they need to get their hands on the physical data repository to check it out.
AT&ROFLMAO
If everything was shut down, how come http://www.cithosting.com/ is still up and running? If all the equipment was taken, wouldn't the web page that's being shown on that site be gone...shouldn't it be hard to connect to anything on that site at all?
The fact is, this story is old because the FBI has already started returning the equipment back as of yesterday. The FBI confiscated everything on the 14th. CIT's web site says:
02/23/2004 CIT re-establishes service.
We have restored service at Equinix's Chicago Data Centers. We are in the same facilities as MSN and many fortune 500 companies. The facility has multi OC192 connections to the backbone.
The FBI has begun retuning equipment to CIT which is being shipped to our new facilities in Chicago.
At this time CIT will continue to provide dedicated DDOS Protected web hosting only.
Yes, the FBI overstepped they're bounds and yes it's frightening to think of this happening...but let's not get the facts wrong. The story here on Slashdot made is seem like the equipment was seized and the FBI probably won't be returning it, which isn't the case.
When reporting the crap that the US Gov throws at us, don't embelish...just report what is known and not a lot of speculation.
"Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
I don't believe the headline overstated anything. The FBI's track record for returning anything seized is appalling.
"The words of the prophets are written on the Slashdot walls."
A search warrant is one thing, shutting down a private enterprise because a couple agents got impatient or paranoid is another issue entirely.
We keep hearing about liberal judges this and liberal judges that in the media, but there are just as many conservative judges giving law enforcement rubber stamps on warrants.
"The words of the prophets are written on the Slashdot walls."
Yes, the FBI overstepped they're bounds and yes it's frightening to think of this happening...but let's not get the facts wrong. The story here on Slashdot made is seem like the equipment was seized and the FBI probably won't be returning it, which isn't the case.
Bullshit - it reported about another step towards the police state in the US - nobody said anything about not getting it back. But by previous accounts they never care much about getting it back.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Wether you find this acceptable depends I guess on wether you find it acceptable that the police can investigate crimes beyond posting a little poster asking criminals to please come to the station and answer their questions and to bring in any evidence on their own.
Normal search warrants on an office mean that the FBI and police storm the building and everyone inside is ordered to stop doing anything. No more accessing PC's no shredding of documents no phone calls no nothing. The reason is simple to prevent evidence from being destroyed.
I am frankly amazed that they even allowed the company to provide the info this shows that they probably don't suspect the company but rather that they hope to find evidence against someone else on their systems.
There was a rather nasty ddos attack on mircx and aniverse. The FBI seems to be investigating wether the IRC network hosted by this company was used in the attack. There seems to be a lot of hints as to the person who was behind the attack but sadly in america you need that silly evidence stuff (at least for use against americans).
So the FBI asked and got a search warrant. They then gave the company time to hand over the data but they couldn't. So the FBI used the law and did what we expect them to do. Secure any evidence by removing access to it. They are even giving the hardware back. They waited wich they don't have to and give the hardware back after copying data wich they don't have to do. Frankly I think they went way beyond what they needed to do to minimize damage.
Quit frankly the original poster seems to be one of those people that want the police to disappear. That line about wich coorperate master they offended is clear bullshit. mircx and aniverse are hardly the powers that be.
In any society that doesn't chose to be an anarchy you have to give some powers to the police to investigate crimes. Search warrants are pretty common in all democracys and also work pretty much the same way. If you get one it sucks but so far noone has come up with a better alternative except to just allow criminals free reign.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I can't get access to the article, but I guess that the story is about the shutdown of FooNet. FooNet isn't a "real" hosting solution ; it's a cheap shell provider for script kiddies who want to have their own ircd. They might also provide "serious" hosting services ; but as soon as one provides shell services for such a targetted audience, she knows that she will have to handle some specific problems - DDOS, flood, etc.
And according to what I know about the FooNet shutdown (if that's the same story), there was thousands of DDOS "drones" located at the datacenter, and the staff of the datacenter failed to shut them down. That sounds very dubious to me, but you might want to check this for another side of the story ...
Quoting :
PS: if the shutdown mentionned isn't the FooNet one, ignore this post :-)
It's not like I agree with this, if indeed things happened as the article state... but a quick google on FooNet (AKA / DBA CIT ) turns up some VERY interesting results.
I google'd quickly on a hunch, and sure enough I got some rather interesting hits.
I claim to know nothing about SPEWS and how they go about adding to the blacklists, but they apparently are no stranger to it.
Furthermore, it seems that this IS NOT the first run-in with the FBI that FooNet/CIT has had: from here, if you scroll down a bit, you'll see the following text: The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host # We regret to inform you that on Saturday February 14, 2004 at approximately 8:35 am EST, FOONET/CIT's data center in Columbus, Ohio temporarily ceased operations. And this was from Feb. 14 ...
Another incident was reported out here on 07/12/03 (search the page for "foonet") ... seems that 84898 spams swamped a box, and follow-up by FooNet sucked - e.g. they turned a blind eye.
There are far too many hits to return ... if you're interested in more, you can always head here. For now, I'll close with this: I do not agree with the methods used, if they were as described ... however, FooNet/CIT is no stranger to the FBI, and perhaps this is all rolled in to the Feb. 14th notice ... maybe the FBI actually gave them 10 days to comply... I'd really like to see how this ends.
Abdul, Mohammed, Mustafa Ali, greetings! The goat is roasted. I repeat, the goat is roasted. Run! Run like the great camel to tell Uncle.
There is a lot that is not being said. Such as, did CIT cooperate? Did they obviously stall or with hold information? Did they claim to not have records they obviously had? This is not the whole story and maybe the only alternative to getting the information was to take the equipment. Maybe CIT gave them no alternative. We are speculating based on one sides point of view.
Moderators: I know this may be redundant but I was responding to his comment. He obviously didn't read the 50 posts in front of this one.
Evolution or ID?
It seems that many people didn't read the text. The FBI had a warrant, which means they had to go before a judge, justify the need, and spell out what would be looked for/taken. If it wasn't initially spelled out that the servers would be taken, they might have had the warrant amended as such. Before some of you "conspiracy theorists" start screaming about a police state and such, the FBI was acting in the bounds of the law, under a warrant issued by a judge. John Ashcroft and George Bush had nothing to do with this. Maybe once you stop looking for black helicopters, you can see this. As for those of you saying you're glad you don't live in the US, we are the most free, most law-abiding country in the world. While we may not be perfect, we're the best thing going. Sorry if I'm offending anyone, but I'm tired of hearing knee-jerk reactions to things, without anyone reading the facts. Believe it or not, not EVERYTHING the government does is wrong.
Liberalism...the next best thing to thinking.
You are a cop and arrive at a murder scene with a dozen doctors standing around the corpse. Would you really allow any of these medical experts to assist you with determining the cause of death?
A shutdown machine cannot erase data and the fbi got the tools to simply copy data from HD's without the computer it was in being involved. This prevents any chance of the data being destroyed.
Saying they replug them back in at the fbi shows you have no idea of what is involved in this kind of investigation. They copy the HD's directly and completly by taking them out and putting them in their own hardware.
How the fbi does this kinda stuff has been discussed often enough on /.
This is nothing else then the police sealing of a crime scene. Any inconvenience is considered though luck. It really is no different from streets being closed off to allow marathons or demonstrations or repairs. Yes they do attempt to minimize damage but the investigation comes first.
But lets turn it around. If the FBI raids a place like enron would you find it acceptable if the bosses were allowed to keep making phone calls and keep working on their pc's and play with their shredders as they could loose money if the police removed access and took everything away?
Of course not. Just because this is a small hosting company doesn't change the law.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
No, it turns out you are right, cit & foonet are one and the same. http://www.easynetworknyc.com/foonet/
I do wonder how cooperative CIT was. After several hours of requests for the info (with a warrent) the FBI must have been riled to say "F-this-S, haul it away!". Think about how much extra work that must have been. There's more to this story, pity no news service has looked into it yet.
One line blog. I hear that they're called Twitters now.
It is routine, however, that the FBI or police seize computer equipment and never return it. So it was reasonable to assume that this was the case here (they still haven't returned 100% of the equipment anyway). It's not obviously stated under the law one's rights when this happens, nor are there limits to how long your equipment can be held (so far as I know). This is a huge problem.
the guy behind it seems to have been boosting about about a 200k botnet. 200.000 machines under his control. I think this is no longer some harmless hacking. This is stuff the fbi needs to investigate cause quit frankly nobody else seems able to stop this.
So unless you believe the net should be total anarachy ruled by those with the most bots then this kinda off stuff is sadly needed. To bad for those caught in the crossfire but that is live. Nothing really different from when all trains are disrupted because someone jumped in front of one. A marathon closing off all the streets despite the fact you hate sports. A demonstration causing massive gridlock despite the fact that only 200 people in a million people city are taking part.
Live sucks at times. Really this story shows that /. is getting more and more tabloid. A serious tech site would have asked what the fbi was investigating and wether the hosting company was hosting the person investigated or had servers wich were hacked or was simply a place where the hacker might have left evidence.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I haven't seen this story picked up on any other news outlet yet :-)
Anyway, if you are interested in knowing more, have a look at the records at SPEWS .
ciao, .mau.
Maybe you looked at the wrong sources
Let me fill you in on Foonet.
Foonet was the blackest of the black hat networks in existance. They hosted spammers, carders (credit card theives), DDoS drones, floodnets, and various other illegal activities and blindly turned the opposite way and let it happen.
Foonet was based out of the basement of the owners' house. There was no actual 'data center'. They had a T3 and a few T1s - nowhere near the OC-X level they were claiming.
They got tossed off of GBLX about a week before they were raided, and were humping the light at Qwest right before they got pulled.
I knew about this right after it happened.
Foonet will not be coming back, so get over it kiddies. Your DDoS drones are gone. Spammers, your mail servers are gone. Go run and hide under another rock.
A little hint for all of you who can't figure it out - the FBI doesn't usually seize all equipment if its something small. If they took all of the equipment, there is a good reason why they did (not that foonet was acting 'too slow').
I have a list of stuff about foonet on the AHBL page here.
Brielle
02/23/2004 CIT re-establishes service.
Hey, look, I tried my best, by submitting this three days ago:
2004-02-21 09:18:16 FBI confisticates (sic) ISP's servers: "more efficie (articles,usa) (rejected)
and it was rejected in about thirty minutes.
Maybe I should write more sensationalistic submissions?
But seriously folks, yeah, the FBI is returning the equipment now, but how much damage was done to an innocent ISP just because the FBI couldn't figure out how to do on-site data mining?
And if searching for evidence on a computer requires the FBI to physically cart the equipment to some distant lab, I guess we just write off any expectation that they'll be able to find data quickly in an emergency -- like, just off the top of my head here, for instance, wholly unlikely I'm sure, an imminent terrorist act?
Well, maybe a business got ruined, maybe the FBI can't scan data quickly enough to stop a terrorist crime in progress, but at least we all feel safer now that arch-criminal Tommy Chong is in jail.
Opinions on the Twiddler2 hand-held keyboard?
There's an old line saying the only way they'll be able to enforce all of these laws is to make a police state.
Regarding the seizure of equipment, though. Why on Earth would they bother taking all of that equipment off-line to conduct their investigation? Whenever I deal with Federal level investigators, they always make an image of the hard drive and work off of that. They NEVER work off of the hard drives, themselves.
If it was just a "hacking incident", then they should be able to accomplish everything they want by working off of those images.
Wait a minute. I got it. You could play with your magic nose goblins.
I 100% agree. I get in political discussion with folks who complain about the system not working...when I ask if they write their representatives they say no. I ask if they vote, they say they aren't registered. How dare someone say the system is broken when they've never bothered to participate!! Register to vote if you haven't already and GET OUT AND BE HEARD. Vote on election days, write your senators and representative whenever you have something for the government to hear. A government of the people means we are their bosses! They don't listen to the majority, they lose their job. And don't say to me "the /. geeks will never be the majority" until you all are registered to vote and participate in our government! It's more important for us to do it now more than ever...
perl -e '$_="\007/4`\cp%2,".chr(127);s/./"\"\\c$&\""/gees
(from here )
If you consider 2600 a news outlet, then you'll be glad to know that Off the Hook spent quite some time last week talking about the incident.
--Leo
It won't help. People won't vote third party, they only vote for the current reigning Demopublican party.
The democrats and republicans use rhetoric to convince the less intelligent that there's actually a difference between the two, assuring that almost everyone votes democrat to vote AGAINST the republican, or republican to vote AGAINST the democrat.
Unfortunately, there's no appreciable difference betwixt the two, so we're condemned to continue down the slippery slope.
I live in Columbus, and have had the misfortune of working with foonet/Creative Internet Technologies/Creative Internet Techniques - they have called themselves all three. The small ISP which I used for my website unexpectedly moved our web site to a server at foonet. All of our mail forwarding was getting blocked by about every blacklist on the planet, and the uptime was horrendous. Needless to say, despite the 3 month prepay, we immediatly moved to another ISP. While we were being hosted at foonet, located about 10 minutes from us, I called them (local, no 800 # - ) multiple times, telling them that they were on blacklists. I never could talk to anyone, just leave messages that would go unanswered. If you are doing anything remotely important, avoid foonet/CIT like the plague. Their phone numbers are/used to be Sales - 614 353 8243 and General Inquires - 740 881 0323
Never. Hard drives are forensically examined by being removed from their machines and duplicated (usually using dd). No investigator would ever boot a machine which is the subject of an investigation - auto-deletion scripts are just too easy to write.
The FBI cart equipment away to their premises in order to duplicate the systems and environments. If ever you get into information systems forensics, they would at least perform 2 copies. One is kept as an exact duplicate (to keep for their investigation records) and at least another to actually run analysis against (since searching on an active system can change the data stored in it).
It also makes it easier to catalog what they are working with, and prevents any interference from the outside.
Delete your logs. Delete them early, and delete them often. Searching through 24 hours worth of data is a lot easier then searching through 2 years worth...
"Freedom means freedom for everybody" -- Dick Cheney
I read every single one, fine thank you. The article too.
Maybe we are only getting half the story, and maybe we are getting all of it. The difference is that I am relying on the information I do have and you are relying on information that _must_ exist, but have no proof of because you can't believe that this kind of thing would happen otherwise.
I believe it is entirely possible that the FBI acted in such a manner because they felt that CIT was either stalling or even destroying evidence. I can only assume that they presented this theory to a judge, backed it up with some evidence and got the warrant. However, all of that is speculation.
I worked in the legal system on both sides of the coin as a paralegal before I saw the light and switched to IT. I can only go on my personal experience when I say that this could indeed be the whole story. I have personally seen judges rubber stamp warrants with zero evidence and I have seen judges refuse to sign warrants with all kinds of evidence. I have seen law enforcement officials embellish and even fabricate evidence for the purpose of getting a warrant and I've seen law enforcement officials vehemently defend a defendant's rights.
My point in the previous post, may have been a little incendiary, but the point is DO NOT discount the story simply because you think there MUST be more to it, when it could simply be all there is to it.
"The words of the prophets are written on the Slashdot walls."
But seriously folks, yeah, the FBI is returning the equipment now, but how much damage was done to an innocent ISP just because the FBI couldn't figure out how to do on-site data mining?
I'm sorry to break this to you all, but this hosting provider is far from innocent. This particular provider has been a PITA for the major IRC networks for a long time due to the amount of DoS drone nets being held on private ircds hosted by foonet. Good riddance, and applause to the feds for finally dealing with this.
If you are a data center, this sounds like another good reason to have a mirror (RAID 0, or is it RAID 1). That way you can just unplug the mirror drive and give it to the FBI without disturbing the rest of your service.
Actually this makes the acronym RAID (Redundant Array of Inexpensive Devices) have dual meaning... RAID is what you want when you are raided!
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Regarding the seizure of equipment, though. Why on Earth would they bother taking all of that equipment off-line to conduct their investigation? Whenever I deal with Federal level investigators, they always make an image of the hard drive and work off of that. They NEVER work off of the hard drives, themselves.
Exactly, in order to establish the non-tamperedness of the hardware, they *MUST* work off the images instead of actual. Imagine if some bad/new tech accidentally did a "rm -Rf". If they worked on the originals, then they could easily claim that the company did it.
I have believed for a long time that more Americans should be voting for the Green party. There are many who prefer the Green's stand but fear that a vote for Green is a vote wasted and would only serve to help put the Republicans in office. I suggest accepting the (relatively) short term pain of Republican rule and looking at the long term.
Currently the Democrats and Republicans are essentially different flavours of the same poison. Forget the next election, forget the next five elections. Even if the Democrats gain power they will produce more of the same crap. Vote Green in the next election - they won't get much this time around, but if everyone who wanted to vote Green did, then the Greens would probably make the coveted 5% mark, which means more money. With more money they could do better the next time around, and after two or three more elections they could mount a real challenge to the status quo (if they manage to not become a part of the status quo).
Forget tomorrow; tomorrow is already a disaster. Think of your children and think of your grandchildren.
As for the Green party itself, getting Nader elected (as implausible as it may be) would not be a great triumph as I can easily imagine the dems and repubs in the houses making his life hell. The Greens need to seriously focus on getting seats in the two houses. With balances teetering at 51-49 for a long long time, the Greens getting just a few seats and being able to tip a house one way or the other could provide a breath of fresh air that American politics has needed for a very long time. Why the US generally believes it can only function with a two-party political system (with little difference between the two) is baffling and perhaps a little sad.
RTFM; please, I beg you.
Ah. That explains a lot. The anti-spam folks (including SPEWS) have been trying to bring this ISP's child-porn-spammer problem to their attention for months. It hadn't worked; the child porn stayed up on their servers and the spammers kept blasting ads for it to all and sundry -- including a very worried biologist at my site, who wanted to know why he seemed to be on some spammer's list of paedophiles?
By the time the FBI got around to investigating, the ISP had probably (as "bulletproof bulker hosting" ISPs usually do) told their spammer customer that they were taking fire. Under those circumstances, the FBI's move was probably a good one -- to keep the child-porn spammers from deleting all their files and hiding their traces.
The problem is the ratio of times that terrorists are *really* involved.
How many major terror acts are perpetrated or confounded each year relative to how much we've seen "The War on Terror" used to justify anything and everything anyone can get away with. Funding for every agency under the sun derives from whether they're combatting terror. The DOE needs money "to combat terror" by developing methods to protect our utility grid. The DoD needs funds to "help combat terrorism" by developing new monitoring and data-mining technologies. The CDC needs money to "help combat terror" by producing vaccines. I'll bet that even the Department of Agriculture has funding initiatives based on "terror" somewhere -- maybe they want to monitor use of crop dusters, who knows.
It's freaking ridiculous. The "War on Terror" certainly saves lives, but the amount of resources that have been claimed in its name *vastly* outweigh the amount of damage that terrorism has done to us. A lot more people lost their lives to car crashes in 2001 than to terrorist attacks. Did we have black helicopters ready to swoop down on speeders? How about long-range alcohol sensors? What about armed guards at strategically-placed toll booths that search cars and people thoroughly for any kind of alcohol? All these sorts of things have been done in the name of "The War on Terror", instead of being used in an area where more American lives are being lost. The "War on Terror" is, frankly, a tool based in fear to help manipulate the masses. It has little practical value.
I claim that terrorism on the order of at 200:1 life amplification (roughly what the 9/11 terrorists achived -- something like 4000 lives to around 20 terrorists) cannot be eliminated without massively curtailing and altering a free society. There are just too many ways for a person willing to die to kill many people.
I would like to point out that people are only willing to throw their lives away if they are incredibly upset over something you've done. You don't see Iceland coming under terror attacks, because Iceland doesn't anger people to the point of being willing to die to kill Icelanders (or whatever a citizen of Iceland is called).
We have spent masses of money and effort on trying to figure out how to crush terror rings, on making people so afraid to resist the United States that they won't dream of it. The problem is, it can't be done. The Soviets couldn't crush resistance with years of secret police and encouraging children to inform on their parents. I don't think Bush Junior can do so in our society. Sheer force and fear just don't work when you're dealing with people who are willing to lose their lives to kill. You have no cards that they are interested in.
How much money has been spent on diplomatic and social solutions to eliminating terrorism? Supposedly the United States has a negative image in Islamic countries -- how much work have we gone through to improve that image? How much effort has gone into determining the things that are making people so angry that they are willing to *die* to hurt citizens in the US and resolve those issues?
A lot of people feel that trying to resolve things peacefully would be "giving in to the terrorists", and encourage future terrorist acts. I don't agree. The only value to a hard-core refusal to ever attempt peaceful solutions is as an attempt to establish prescedent governing future acts -- that no terrorist would ever be willing to attack the United States if it was *guaranteed* that doing so would hurt his cause, and damn the consequences to us in hurting that cause. The problem is, the prescedent has clearly not been established during the time we have taken a hard-line approach. The United States was attacked several times, despite having followed tough guidelines for dealing with terrorism in the past.
I'm curious as to what would happen if the 70 billion or whatever dollars that are being spent to keep us in Iraq (which at least originally was supposed
May we never see th
Come play Moral Decay!
I see all alot of, "their rights have been violated", and "this is why I don't host in the US", and "here's what I think they're investigating", but I don't see anything constructive about how to protect your service uptime against a raid.
At a local security meeting, I learned about security incident handling, and things you can do to help preserve the chain of custody of the evidence (aka data). It's one thing to copy data, but just by reading data on most filesystems, you alter it. If a hacker determines that you are investigating them, that can and will try as fast as they can to cover their tracks, and it's alot quicker to delete/destroy/taint data than copy data.
The fastest and best to preserve a single machine's data is to break a RAID 1 array (pull out live disks). Your machines keep running, and the FBI gets a pristine copy of the disks that they can put into (hopefully antistatic) evidence bags and document chain of custody without modification of the data. They can go read it at their leisure off-site. Using RAID5 doesn't cut it. Using single disks with frequent backups doesn't cut it. Use RAID1.
Another way to protect data and preserve service is to store all non-OS data on enterprise storage that supports advanced mirroring or snapshot capabilities. If I had a NetApp, I could create a read-only snapshot and give the FBI access to that point in time copy of data and never delete it until I can do a DR copy of my filer onto another box. If I have an EMC or Hitachi or other large RAID1-capable unit, I can beak off a very large mirror and present it to FBI hosts on a SAN and continue to run off of unprotected data or implement a disaster recovery plan to get me running again on another similar storage. This data isn't as clean as a "drive in a bag", but with proper notes and techniques, the FBI can be convincing enough to a jury that the data was used in the investigation was correctly read unmodified "beyond a reasonable doubt".
If I'm really good, and have a bigger budget, I'll have a near-real-time mirror of that data (NetApp SnapMirror, EMC SRDF, "rsync", etc.) in a remote location that runs independently of my primary site and a plan that will help keep me running while I let the FBI tears apart my primary data center.
If you run a 100% uptime service ("Show me the nines!"), it's your responsiblity to to have an effective disaster recover plan. An FBI or Secret Service raid is an equivalent of a jumbo jet crashing into your data center. You as an individual, have a RIGHT to privacy and due process, but your company has created obligations to your customers to which you've guaranteed service, and your customers care more about the latter than the former. It's more responsible to have a DR plan and sue the FBI to replace your hardware than not have a plan and sue for lost business.
-ez
If the checksum doesn't fit, you can't commit!
I wrote a letter to a DA once about a slashdot story. I was really irritated that the DA would prosecute someone who was just demonstrating how a security hole worked for a company.
Several months later, I got a letter from the DA. Now she could talk about it, as the case was over. Turns out the guy pleaded guilty. He not only had demonstrated the hole, but before he had been running all over the company network doing stuff that was clearly not legal. I felt like such a heel writing a letter of support for this sod.
This story, of course, was never posted by Slashdot to my knowledge.
So while I do not discount the story, I'll start by asking for more information, and not by calling the FBI a bunch of jerks. (I'll do that later when I have more info, and am reasonably sure I won't stick my foot in my mouth.)
There's almost certainly more to the story. I've had some experience with FBI "raids" where I used to work. It was a semi-large hosting provider in south Florida. I worked there from about 1999-2002. In that time, we had FBI "visits" at least 5 times in that time period because of nasty stuff our customers were doing.
Not ONCE did the FBI leave the property with our machines. The key was cooperation. The FBI agents knew what would happen if they left with our equipment, and knew that we would do everything in our power to help them get the job done without having to resort to that.
Heck, I even showed them better ways to get data off of the machine. We had a good working relationship. They'd show up with the warrant/subpoena, we'd go pull the machine that had the data they wanted. We'd assign one of our technicians (usually me) to help them copy everything over. They'd be out the door with whatever data it was they needed by the end of the day on hard disks they brought onsite with them.
The fact that the FBI left with their machines indicates to me that the provider did something stupid to piss off the agents. They probably made everything as difficult as they possibly could, and the FBI agents got sick of it, and said, "Screw this, I can get this done in the lab without all of this bullshit."... and then they did it.
In my experience, most law enforcement (especially FBI) consider themselves professionals. Usually, they're not out to get you personally, they're just out to do their job. If you don't make their day any harder than necessary, they're not going to make YOUR day any harder than necessary.
So to the extent that you feel you can, MAKE THEIR DAY EASIER. They'll tend to do the same.
The company in question, known as "Foonet" or "Creative Internet Technologies" is well known to anyone who frequents efnet as a safe haven for anyone involved in illegal activities, including DDoS, childporn, compromising hosts, spamming, carding etc, the staff of foonet are well known for overlooking illegal activity by their customers..
Most likely the fbi turned up to confiscate one or two customers boxes and saw how stuffed with illegal data their network is, virtually everyone on efnet who is involved with illegal activity used to base their operation from foonet, the servers there will be a total goldmine of evidence for the fbi..
Infact, the staff themselves at foonet are well known for breaking the law, in particular "Paul" who owns the company gives shell accounts or free hosting to people who will ddos for him, and often the staff at foonet have used their customers credit cards for fraudulent transactions.
I know the Ashcroft-obsessed crowd will drown out this message, but I will say it anyway.
foo.net has, for the longest time, been protecting carders. They've been told so, repeatedly, by the anti-spam community and weaseled. My suspicion at this point is that either they are actively involved and/or some of their members are involved. FBI methods aside, foo.net isn't the innocent-victim they would have you believe.
As someone who has had multiple run-ins with Foonet and their customers over the years, I'm personally glad to see this happen, even if it's only temporary. The FBI doesn't just decide to dismantle an entire datacenter on a whim, there obviously has to be just cause. I feel that in this case, there's probably more than enough cause. If you are a (wannabe) "hacker" or "packet kiddie", Foonet is the place for you, and most people know it.
I run a large text based chat server (IRC), and as such we see frequent (D)DoS attacks. Far too many of these attacks in some way lead back to Foonet. It's even rumored that some of their employees harvest and sell Denial of Service drone networks... how's that for service! Since Foonet was raided a week and a half ago, we've seen maybe 25% of the DDoS attacks that we reguarly receive.
Bottom line... don't target "kiddies" as your primary customer base, and don't tolerate their abuse and things like this will not happen. But hey, what do I know.
And most likely, the FBI didn't tell the hosting company exactly what it is they wanted. When the Feds come in with a search warrant, they don't ask for your help. They say, "stand aside" and commence ransacking.
Why should I argue rationally with someone being irrational? I'll just mock them instead.
The agent that siezed the equipment probably has a boss who expects to see progress, and that progress is probably propagated up the line to the point where the details have been filtered out and it's just a number on a spreadsheet of how many computer crimes have been procecuted in the last however many days. The ulterior motive is to look like he's being productive in order to keep his job.
Ah, there's the rub.
Behind every job is a human being. That job could be something as heroic and altruistic as a fireman, or something as shady and questionable as this FBI guy. What all the folks in the country need to realize is that all the things we bitch about are being done TO us, BY us. If people would refuse to fill jobs that had questionable consquences, things might be different. We will never know that, since we all have bills to pay, and somebody will always take those crappy jobs.
What I find fascinating is that so many of us have jobs where the harmful consequences are so far down the chain that we can't even see how we have contributed. But alas we are all a part of our own mess.
The House Between - Original Sci-Fi Series
A data center adds this risk, which needs to be considered in a disaster recovery plan. Do you have off site backups at your hosted site? If the hosting site has the tapes, they may included when the warrant is executed. Your equipment may be swept up in a search of the datacenter, your first notice may be the watchdog scripts
Right on target. In my experience the FBI couldn't give a rats ass about causing the least amount of colateral damage or returning your siezed property. In 2001 (I believe that's right) the FBI siezed a Sun 20 from a lab at a University I worked for. The lab was less than maintained. It was full of SGIs that were vulnerable to every possible exploit for the last 5 or 6 years. It was a joke really. The Sun was also unmaintained. I pointed out to my super 10 months before the siezure that the Sun was an open relay and had services running that shouldn't be (I still have that email!). Nevertheless it wasn't touched for 10 months. Right about the time I volunteered to help the lab maintainer get everything up to date and secure again the FBI came in and siezed the Sun. It apparently was used for something bad. I haven't been with that University for a while now but last I knew it still hadn't been returned. The FBI couldn't give a rat's ass about causing the least amount of colateral damage. Their actions speak for themselves. What if the machine used for the attack (or probe for that matter) was the Unv's mail server? It was poorly maintained too and had been hacked before. What if an attacker used it as a launching pad for an attack. Would the FBI sieze that piece of state property, effecting bringing email on campus to a complete halt? It's sad really to think about it.
This is one of those times where the government violates all constitutional protections to the point that citizens so violated damn near have a DUTY to exercise their second amendment rights. There is no excuse for the government putting a company out of business if their only requirement is to copy data. And if the FBI is unable to do so on-site in an orderly manner, it is their failure not the fault of the ISP. ISPs have long been given the protection of a "Common Carrier" just like the telcos. They are not responsible for monitoring the content of user conversations any more than ATT/MCI/Sprint are to monitor personal phone calls. Can you imagine the FBI shutting down AT&T and confiscating their equipment because a couple hackers were discussing DDoSing? It really is getting to the point that US citizens need to start pushing back against an overbearing government. Quite frankly, take away cable TV and consumer goods and little separates the USA of today and the Soviet Union of the 1960s and 70s as far as freedom and liberty go.