Slashdot Mirror
FBI Seizes Servers In Virginia
Axolotl_Rose writes "The FBI has seized servers belonging to several clients of a hosting company in Reston, VA, disrupting service for many other clients. 'In an e-mail to one of its clients on Tuesday afternoon, DigitalOne’s chief executive, Sergej Ostroumow, said: “This problem is caused by the FBI, not our company. In the night FBI has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.” Mr. Ostroumow said that the FBI was only interested in one of the company’s clients but had taken servers used by “tens of clients.” He wrote: “After FBI’s unprofessional ‘work’ we can not restart our own servers, that’s why our Web site is offline and support doesn’t work.” The company’s staff had been working to solve the problem for the previous 15 hours, he said.'"
And so it begins . . . .
did lulzsec think they could get rid of it forever?
Your hair look like poop, Bob! - Wanker.
Need to suffer the same repercussions that anyone fitting the loose modern definition of 'cyber criminal'?
To the cloud!
It is easy to acknowledge the FBI and other police force's need to obtain servers belonging to a client, but with the reality being multi-client servers that most that should be allowed is a copy that doesn't violate any other customer's right of privacy.
They'd have to be pretty stupid to use a server located in the USA.
Couldn't they restore their customers' sites from backup?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
1. Take the servers
2. There is nothing on the servers - take the Storage
3. The storage is remotely replicated - pull the remote storage
4. You can't pull the remote storage, you don't have jurisdiction overseas
Starbucks, Harbuckle of Breath.
Host offshore.
Have gnu, will travel.
There's been kind of a slow build up of the anonymous and lulzsec script kiddie attacks lately.. while many of their attacks come off as childish, it's fairly clear given the technological level of the day, and the high disagreements between citizens and the slipping anti-citizen governments that a war for freedom can actually be fought this way. I just never thought the representatives would be so stupid.
Nevertheless, after watching the authorities response to lulz, and the efforts by lulz, i can't help but think they're in the right now, mostly. Did anyone else start to actually feel support for their doings due to all the recent events?
I think it's time to hold the FBI to the same standards that they would hold the rest of us. If I went in waving a gun around and demanding to walk away with somebody else's server, they'd throw my ass in jail.
If they want access to a particular client's content, they can go through the same process as a DMCA takedown request or a backup request would. They make a request, the company yanks that customer's access, then clones that customer's data onto a new drive, then hands them the drive.
As far as I'm concerned, every single client of this ISP ought to sue the FBI for the damage they caused—for the downtime, for the loss of data, for the time spent trying to reach the ISP to figure out what was going on, for the cost of any failover hardware or service that they had to pay for in lieu of that service, etc. If the FBI had to pay out a few million dollar settlements every time they pulled a stunt like this, they'd think twice about acting like a bunch of thugs, and they would go through proper channels and do their investigation in a way that doesn't cause collateral damage.
There's simply no excuse for such sloppy investigative work. If they screwed up so royally with the servers, you have to wonder how many grievous errors they made in other areas that would lead to the evidence being declared tainted, criminals going free, etc.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Every time I hear this story, and in the one situation where I witnessed federal agents confiscating equipment, the equipment never returns.
Each of the clients who had their property seized without warrant should bring suit.
it's like if they stopped a bunch of trucks on the highway, and scanned every single one of them for nuclear weapons, drugs, and bombs, even though they had no probable cause whatsoever.
oh wait. they already do that.
( google VIPR )
next time, use a drone.
DigitalOne provided all necessary information to pinpoint the servers for a specific I.P. address, Mr. Ostroumow said. However, the agents took entire server racks, perhaps because they mistakenly thought that “one enclosure is = to one server,” he said in an e-mail.
I thought digital forensics started at the scene, especially in situations like this were the systems are still live. How could such a stupid mistake happen or is it simply a case of taking too much evidence?
I think most of the smart IT people are beginning to view the U.S. as a threat to their business. If U.S. investigative agencies can disrupt dozens, or even thousands, of innocent individuals and businesses with impunity, why the hell would anyone take the risk hosting in the U.S.?
It's the ultimate Denial Of Service attack:
1) Co-locate stuff that the FBI doesn't like with the server that you want to DOS
2) Report your server to the FBI
3) Sit back and let the FBI do the rest.
not Group punishment more like hitting the main to the building trun off one office.
... is they did not want to power down the server.
Law enforcement is trained that if you are seizing a computer, if possible, do not let it be shut down/locked. Forensics can snapshot the RAM and possibly get encryption keys that would be lost if the server was powered down. Worst case there could be a whole drive encryption that needs a password every boot, if you let the computer shut down you lose everything and all you will have is a worthless box without the password.
It is likely there was no way to remove the server from the enclosure while keeping it supplied with power. So what they likely did is they spliced in their own UPS to the cabinet and rolled the whole thing out. to their truck where they could keep it powered till a expert could get in and get a dump of the system state.
I am a federal agent (non-FBI) who has seized large amounts of digital evidence. In criminal cases, you need entire hard drives so you can do forensic extraction. Can you ask the ISP to retrieve the data for you? Yes. However, it depends on 1.) Is this an email address or a large organization with colocated servers. 2.) How much do you trust the ISP? (based on past actions, size, clientele, etc.). BTW, if you search large companies who have their congressman on speed dial, you can be assured that the agents and judge have evaluated the impact to legitimate business vs illegal activity.
Call me paranoid but I am starting to look around for hosting options outside the US. The stories of the massive collateral damage when they take away shared servers and seize domain names is getting me nervous.
We are updating our information for this website as of right now. Please note that if you find an item on EspOnline that you want, and that same item does not show up on our website, please give us a call at (678)-380-6022; or shoot us an email regarding that and we will update as needed. Our email address is logo123@comcast.net. If you could please send all your order requests, digitizing & contract embroidery work, screen printing work, and quotes to our email address at logo123@comcast.net, we will gladly assist you! If you would like to fax the information to us, you can easily fax it to us through our fax number: (678)-804-1800.
I'm tempted to start a building demolition company. Using tactical nukes. You point out the town your building you want to demolish is in, and we guarantee it's razed to the ground, no other details needed.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
so I don't see the reason to take several racks. The risk that the server powers down that way is roughly the same as for an entire rack. Also, the reason why things were taken is not given. For all we know, there may be an illegal mp3 hosted on one machine and the MAFIAA had it seized for "economic terrorism". The feds better come up with a pretty good explanation, or there will be a lot of damages to be paid by the USA tax payer.
I was promised a flying car. Where is my flying car?
The hosting centre is at fault here. "Naughty Servers" should be clearly labelled as such so they can't be mistaken for "Benign Servers". If those fatcats in Washington had just listened when the 'Evil Bit' was first proposed we wouldn't be in this mess now!
DOS by FBI
Yeah, I know, hosting company, not a cloud, and the legal and practical differences are ?
nt
"Men will never be free until the last king is strangled with the entrails of the last priest." - Denis Diderot.
This is worse.
Conventional disasters don't give you jail sentences for owning a copyrighted pic of a terrorist engaging in Pr0n.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I've seen folks comply with DMCA out of courtesy, but for the most part your Canadian-based providers would have a lot more tape before the RCMP knocked on their door for an American agency.
So far it seems the RCMP are mainly concerned with counterfeit goods and pot. Assuming we don't run out of these I'd imagine your colo is pretty safe :)
-Matt
--- Need web hosting?
Imagine if virtualization would enable the FBI to seize only the signed images of virtualized OS and the customer data augmented with related images of the state of virtualized hardware. The end of hardware seizures is near =).
as businesses get destroyed across america the Chinese/Russians just upload whatever content on some other US network
cant count on cybercom because that was where hundreds of actual traders where dug out at the Pentagon City recently
not too far from Reston iirc
If I want to perform the ultimate denial of service - get the servers ripped out - all I have to do is create a stir in the press from the same hosting company that I want to target for my denial of service attack.
Good to know.
--
BMO
"That's not a denial of service attack! This is a denial of service attack."
OMG! They were hacked from the Internet! Seize the Internet! All of it!
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
I know that searches can be a PITA, but honestly something is not being said in this story. In my experience the FBI will many times first issue a preservation request, then chase it up with a warrant for the data. Very rarely do they actually grab the hardware, at least in the hosting company that I worked for. If you cooperate, the FBI do not treat the hosting company like criminals and try to carry on their work without disrupting business. I think that Mr. Ostroumow's hat may be a bit grey, and that he is getting the nasty treatment because he has not responded to more reasonable requests. Once, in my experience, we did have a group of agents show up waving badges and wanting to install a packet sniffer, but we were able to sort things out with a phone call to the field office. This story smells of a half truth.
Yes, you have none of those Nazi types
And surly none of those Fascist types either
If you Americans are not oppressed, then your smoking something good ( and you really should learn to share! ).
As for being brave? well you do have a few 100.000 soldiers that have shown some balls, so that leaves what? 309.800.000 yellow-bellys?
As your benji-boy wrote; They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
"Men will never be free until the last king is strangled with the entrails of the last priest." - Denis Diderot.
Decent infrastructure, decent government, some coastguards but not really interested in starting wars with anyone unless it's about fish, and a legislative framework that is conducive to free speech.
Korma: Good
not Group punishment more like hitting the main to the building trun off one office.
You are one weird robot, dude. Why don't you try that Preview button and actually read your drivel before you post it?
Hint: if you can't understand what you've written, we sure as hell aren't going to either.
..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
Well a quick check shows that ALL of my "unfavorite" piracy, neo-Nazi and "suspected" Child Porn sites are still on line. Google "FOSI" for an example that won't get you jail time just for looking! Great job "F***d Beyond Imagining"!
Amsterdam webhosting is the next big thing. But, be sure that you don't use companies that fall under US-juristiction. And if it's mission-critical things you're doing, perhaps a face-to-face in beautiful Holland will do. If you're American, you should also use a company on the other side of the pond as publishers in the legal sense to avoid problem. You won't get as cheap webhosting as in USA, but you will get added benefit to privacy and lack of legal costs.
hmm. 'trun' isn't an acceptable abbreviation for 'to turn' in your lexicon?
I thought his analogy was very apt, irrespective of his dyslexia.
So why not self-promote with a link to your company.
It sounds relevant to the thread, and I think many here would be interested.
Government is the organization holding the unique "right" to employ physical force against you as their business model. This is, precisely, the defining characteristic of all government. By definition, anybody else that does what government does (employ coercion as a means) is a criminal.
"Do as I say, not as I do" isn't a metaphor; it's the reality of all government, past, present, and future. If the business of government was held to the same standards as the common man, then it wouldn't be government.
had a phrase for such behaviour, but I can't quite remember it...
I am pretty sure this happened as a result of a problem that is endemic with law enforcement. A large percentage of people in law enforcement have come to believe that all people that they interact with are criminals who are acting to keep law enforcement from discovering the evidence to convict that person and/or others. As a result, they did not trust the hosting company to work with them to obtain all of the data of the target of their investigation.
The proper way to have done this would have been to go in with someone from the FBI who was technically proficient who would then work with the hosting company to isolate and migrate all of the virtual machines containing the target's data to a single server (or several, if that was necessary) and seize that server(s).
The truth is that all men having power ought to be mistrusted. James Madison
I used to work for a hosting company, and the FBI was interested in plenty of our customers. They would show up with a warrant for information and explain that we could either provide the data they needed, or they could seize the equipment the data was on. I wonder if the host failed to comply with a warrant requesting data?
hmm. 'trun' isn't an acceptable abbreviation for 'to turn' in your lexicon?
I thought his analogy was very apt, irrespective of his dyslexia.
You're quite right, the fault is mostly mine in restrospect - my parser barfed completely on his post, it looked like pure Engrish.
Of course I see now that it's actually quite understandable so I guess I must be tired.
Oh, and to be fair, probably prejudiced too I guess; Joe_Dragon looks much like Joe_The_Dragon who posts in the same style and is similarly immune to the Preview function. Maybe I'm just a grumpy old fart but I tend to feel that if one thinks a post is worth others' time to read, expending the effort to read it over oneself is hardly that much to ask.
..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
We host our servers there. We kept getting emails about a "power outage that could effect service" during the course of this raid. Fantastic.
Giganews has servers hosted in ashburn which isn't too far from where they mentioned in the article. More specifically, they host the VyperVPN service they have in ashburn.... wouldn't be surpised if they confiscated their hardware because behind all those proxies they saw a Giganews IP address. I have no idea if vypervpn is down though... so I'm just speculating X_x
By the time guilt or innocence *is* proven, the equipment seized becomes useless.
I've seen cases where it can take a decade for things to resolve to the point where you can try and re-obtain your equipment, but by then, who bothers? The hard-drives have seized, the pentium II has since been replaced by the pentium 4, and the OS is 5 generations behind.
Once the law takes your equipment, it's gone. Unless you have some emotional link to a particular computer, it's not worth the effort, paperwork, expense, and headache required to retrieve your now-useless, and very likely terminally damaged, equipment.
If telephones are outlawed, then only outlaws will have telephones.
So, should we all start adding FBI seizures to our disaster recovery plans?
Am I the only one who finds it odd that the management of a datacenter "cannot check" whether or not a particular machine was taken by the FBI? Every datacenter I've ever worked in, had an inventory of what equipment was where, and KNEW where every machine was, down to the specific "U" for shared racks, or at least which rack or cage (in cases where a single client had rented an entire rack or cage.) Presumably they know which racks were emptied, they should be able to check their inventory for those three racks to see what was taken...
Or is he saying that the FBI is preventing his personnel from entering the building to check on what was taken and what's still there?
Though completely offtopic, "Sergej Ostroumow" is a now-unusual Cyrillic romanization of what would be "Sergey Ostroumov" -- it is based on matching Cyrillic and Roman characters in KOI-7 and KOI-8 charsets.
A terminal made in Fryazino in 80's would show one in place of another if program omitted SO or SI control character (to be precise, also switching around uppercase and lowercase), so it became associated with this kind of transliteration. It is currently alive in form of "Phonetic" keyboard layouts that allow Cyrillic input on keyboards with no Cyrillic labels, though "Phonetic" is kind of a misnomer, considering that it includes such mappings as "v" to "zhe" and "q" to "ya".
Contrary to the popular belief, there indeed is no God.
Don't put all your servers in one co-location site. Spread them around. If one goes down the others will still provide service (but probably slower service). I know this is a more expensive option but if you're getting substantial income from your site then you need to make sure than no single site that gets seized will disrupt that income.
No one ever had to evacuate a city because the solar panels broke!
Welcome to the USA.
Former home of the US Constitution.
What if the entire hosting company resided on a single mainframe? Would the FBI just take the whole thing??! Imagine if they showed up and every server they were looking for were just VMs on one (huge) box? And what would that mean for the posters above who think the FBI spliced in their own UPSes to keep the servers running during removal and transport?
Finally, what about OS images with "suicide switches", designed to wipe their sensitive data at the first sign of physical intervention? "If you can't reach a specific host somewhere else in the building reachable only via a local network for 5 minutes, kill yourself."
For the Mom's basement crowd: If you are familiar with running Linux under VMware, KVM, Xen or whatever, mainframes have been able to do the very same thing since the 1990s, but they will blow away anything running in your Mom's basement.. by a long shot.. the record number of simultaneous VMs running on a mainframe is over 97,000. Even a small mainframe can run over 10,000 images simultaneously. That's a hosting company in a box right there.
Did they get shot? Did any pets get shot? If not, I'd say they are one-up on most people who interact with what passes for "law enforcement" these days.
"Your honor, the data center employee was was wielding that server in a hostile manner. They even called it a 'blade'! I feared for my life."
“This problem is caused by the FBI, not our company."
That depends on what your definition of is, is.
It is showing how looks internet freedom in the USA. IMHO China have more internet freedom than USA.
If this happened in China, I bet someone'd start the repressive measures discussion right away...
Every harsh word you utter has the right address. It only sounds harsh because the one on the envelope is the wrong one.
I've been one of the collateral victims of one of the FBI's "grab everything and go" raids. Some of you might recall the FooNet raid back in 2004.
http://www.thewhir.com/web-hosting-news/foo021604
My shell host had their boxes colocated with Foonet, so when the FBI went in and just grabbed every single machine in the building my host was screwed. And by extension, I was screwed. My host ended up losing almost all their customers (Including me) when they neglected to get a backup online in a reasonable amount of time. As far as I know nobody else on my host ever got their data back from the feds.
Just say NO to stinky cheese