Slashdot Mirror
FBI Seizes Servers In Virginia
Axolotl_Rose writes "The FBI has seized servers belonging to several clients of a hosting company in Reston, VA, disrupting service for many other clients. 'In an e-mail to one of its clients on Tuesday afternoon, DigitalOne’s chief executive, Sergej Ostroumow, said: “This problem is caused by the FBI, not our company. In the night FBI has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.” Mr. Ostroumow said that the FBI was only interested in one of the company’s clients but had taken servers used by “tens of clients.” He wrote: “After FBI’s unprofessional ‘work’ we can not restart our own servers, that’s why our Web site is offline and support doesn’t work.” The company’s staff had been working to solve the problem for the previous 15 hours, he said.'"
And so it begins . . . .
did lulzsec think they could get rid of it forever?
Your hair look like poop, Bob! - Wanker.
Need to suffer the same repercussions that anyone fitting the loose modern definition of 'cyber criminal'?
To the cloud!
It is easy to acknowledge the FBI and other police force's need to obtain servers belonging to a client, but with the reality being multi-client servers that most that should be allowed is a copy that doesn't violate any other customer's right of privacy.
They'd have to be pretty stupid to use a server located in the USA.
Couldn't they restore their customers' sites from backup?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
1. Take the servers
2. There is nothing on the servers - take the Storage
3. The storage is remotely replicated - pull the remote storage
4. You can't pull the remote storage, you don't have jurisdiction overseas
Starbucks, Harbuckle of Breath.
Host offshore.
Have gnu, will travel.
I think it's time to hold the FBI to the same standards that they would hold the rest of us. If I went in waving a gun around and demanding to walk away with somebody else's server, they'd throw my ass in jail.
If they want access to a particular client's content, they can go through the same process as a DMCA takedown request or a backup request would. They make a request, the company yanks that customer's access, then clones that customer's data onto a new drive, then hands them the drive.
As far as I'm concerned, every single client of this ISP ought to sue the FBI for the damage they caused—for the downtime, for the loss of data, for the time spent trying to reach the ISP to figure out what was going on, for the cost of any failover hardware or service that they had to pay for in lieu of that service, etc. If the FBI had to pay out a few million dollar settlements every time they pulled a stunt like this, they'd think twice about acting like a bunch of thugs, and they would go through proper channels and do their investigation in a way that doesn't cause collateral damage.
There's simply no excuse for such sloppy investigative work. If they screwed up so royally with the servers, you have to wonder how many grievous errors they made in other areas that would lead to the evidence being declared tainted, criminals going free, etc.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Every time I hear this story, and in the one situation where I witnessed federal agents confiscating equipment, the equipment never returns.
Each of the clients who had their property seized without warrant should bring suit.
it's like if they stopped a bunch of trucks on the highway, and scanned every single one of them for nuclear weapons, drugs, and bombs, even though they had no probable cause whatsoever.
oh wait. they already do that.
( google VIPR )
one must admit, one begins to warm up to the goal, if that's exposing the real shenanigans and making real evildoers sweat it...
next time, use a drone.
I think most of the smart IT people are beginning to view the U.S. as a threat to their business. If U.S. investigative agencies can disrupt dozens, or even thousands, of innocent individuals and businesses with impunity, why the hell would anyone take the risk hosting in the U.S.?
perhaps because they mistakenly thought that âoeone enclosure is = to one server"
More likely, they realized that one enclosure would bring in more at auction than one server...
It's the ultimate Denial Of Service attack:
1) Co-locate stuff that the FBI doesn't like with the server that you want to DOS
2) Report your server to the FBI
3) Sit back and let the FBI do the rest.
not Group punishment more like hitting the main to the building trun off one office.
... is they did not want to power down the server.
Law enforcement is trained that if you are seizing a computer, if possible, do not let it be shut down/locked. Forensics can snapshot the RAM and possibly get encryption keys that would be lost if the server was powered down. Worst case there could be a whole drive encryption that needs a password every boot, if you let the computer shut down you lose everything and all you will have is a worthless box without the password.
It is likely there was no way to remove the server from the enclosure while keeping it supplied with power. So what they likely did is they spliced in their own UPS to the cabinet and rolled the whole thing out. to their truck where they could keep it powered till a expert could get in and get a dump of the system state.
Call me paranoid but I am starting to look around for hosting options outside the US. The stories of the massive collateral damage when they take away shared servers and seize domain names is getting me nervous.
I'm tempted to start a building demolition company. Using tactical nukes. You point out the town your building you want to demolish is in, and we guarantee it's razed to the ground, no other details needed.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
I am a federal agent (non-FBI) who has seized large amounts of digital evidence. In criminal cases, you need entire hard drives so you can do forensic extraction. Can you ask the ISP to retrieve the data for you? Yes. However, it depends on 1.) Is this an email address or a large organization with colocated servers. 2.) How much do you trust the ISP? (based on past actions, size, clientele, etc.). BTW, if you search large companies who have their congressman on speed dial, you can be assured that the agents and judge have evaluated the impact to legitimate business vs illegal activity.
I'd think that the same thing applies when the FBI sees a suspect enter a parking garage - they know he entered the garage and are pretty sure that he hid his contraband in a car. The garage owner might be working with the suspect, so they can't trust him. The question is, can they seize all 200 cars in the garage and tow them back to be disassembled and searched to be eventually returned to the owners, perhaps no longer in working order? Would any judge allow that?
If the answer is no, why is it different with servers?
As a federal agent (non-FBI) you should have been trained that the "entire hard drive" does not extend to the entire RACK of servers.
Sig Battery depleted. Reverting to safe mode.
so I don't see the reason to take several racks. The risk that the server powers down that way is roughly the same as for an entire rack. Also, the reason why things were taken is not given. For all we know, there may be an illegal mp3 hosted on one machine and the MAFIAA had it seized for "economic terrorism". The feds better come up with a pretty good explanation, or there will be a lot of damages to be paid by the USA tax payer.
I was promised a flying car. Where is my flying car?
The hosting centre is at fault here. "Naughty Servers" should be clearly labelled as such so they can't be mistaken for "Benign Servers". If those fatcats in Washington had just listened when the 'Evil Bit' was first proposed we wouldn't be in this mess now!
Mod up.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
nt
"Men will never be free until the last king is strangled with the entrails of the last priest." - Denis Diderot.
This is worse.
Conventional disasters don't give you jail sentences for owning a copyrighted pic of a terrorist engaging in Pr0n.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I've seen folks comply with DMCA out of courtesy, but for the most part your Canadian-based providers would have a lot more tape before the RCMP knocked on their door for an American agency.
So far it seems the RCMP are mainly concerned with counterfeit goods and pot. Assuming we don't run out of these I'd imagine your colo is pretty safe :)
-Matt
--- Need web hosting?
If I want to perform the ultimate denial of service - get the servers ripped out - all I have to do is create a stir in the press from the same hosting company that I want to target for my denial of service attack.
Good to know.
--
BMO
"That's not a denial of service attack! This is a denial of service attack."
OMG! They were hacked from the Internet! Seize the Internet! All of it!
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Yes, you have none of those Nazi types
And surly none of those Fascist types either
If you Americans are not oppressed, then your smoking something good ( and you really should learn to share! ).
As for being brave? well you do have a few 100.000 soldiers that have shown some balls, so that leaves what? 309.800.000 yellow-bellys?
As your benji-boy wrote; They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
"Men will never be free until the last king is strangled with the entrails of the last priest." - Denis Diderot.
Decent infrastructure, decent government, some coastguards but not really interested in starting wars with anyone unless it's about fish, and a legislative framework that is conducive to free speech.
Korma: Good
not Group punishment more like hitting the main to the building trun off one office.
You are one weird robot, dude. Why don't you try that Preview button and actually read your drivel before you post it?
Hint: if you can't understand what you've written, we sure as hell aren't going to either.
..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
hmm. 'trun' isn't an acceptable abbreviation for 'to turn' in your lexicon?
I thought his analogy was very apt, irrespective of his dyslexia.
had a phrase for such behaviour, but I can't quite remember it...
I am pretty sure this happened as a result of a problem that is endemic with law enforcement. A large percentage of people in law enforcement have come to believe that all people that they interact with are criminals who are acting to keep law enforcement from discovering the evidence to convict that person and/or others. As a result, they did not trust the hosting company to work with them to obtain all of the data of the target of their investigation.
The proper way to have done this would have been to go in with someone from the FBI who was technically proficient who would then work with the hosting company to isolate and migrate all of the virtual machines containing the target's data to a single server (or several, if that was necessary) and seize that server(s).
The truth is that all men having power ought to be mistrusted. James Madison
I used to work for a hosting company, and the FBI was interested in plenty of our customers. They would show up with a warrant for information and explain that we could either provide the data they needed, or they could seize the equipment the data was on. I wonder if the host failed to comply with a warrant requesting data?
hmm. 'trun' isn't an acceptable abbreviation for 'to turn' in your lexicon?
I thought his analogy was very apt, irrespective of his dyslexia.
You're quite right, the fault is mostly mine in restrospect - my parser barfed completely on his post, it looked like pure Engrish.
Of course I see now that it's actually quite understandable so I guess I must be tired.
Oh, and to be fair, probably prejudiced too I guess; Joe_Dragon looks much like Joe_The_Dragon who posts in the same style and is similarly immune to the Preview function. Maybe I'm just a grumpy old fart but I tend to feel that if one thinks a post is worth others' time to read, expending the effort to read it over oneself is hardly that much to ask.
..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
If the cops are too stupid to take one server from a rack, what makes you think they'll be able to figure out this signed VM state image thingy?
If I have been able to see further than others, it is because I bought a pair of binoculars.
Giganews has servers hosted in ashburn which isn't too far from where they mentioned in the article. More specifically, they host the VyperVPN service they have in ashburn.... wouldn't be surpised if they confiscated their hardware because behind all those proxies they saw a Giganews IP address. I have no idea if vypervpn is down though... so I'm just speculating X_x
By the time guilt or innocence *is* proven, the equipment seized becomes useless.
I've seen cases where it can take a decade for things to resolve to the point where you can try and re-obtain your equipment, but by then, who bothers? The hard-drives have seized, the pentium II has since been replaced by the pentium 4, and the OS is 5 generations behind.
Once the law takes your equipment, it's gone. Unless you have some emotional link to a particular computer, it's not worth the effort, paperwork, expense, and headache required to retrieve your now-useless, and very likely terminally damaged, equipment.
If telephones are outlawed, then only outlaws will have telephones.
So, should we all start adding FBI seizures to our disaster recovery plans?
Am I the only one who finds it odd that the management of a datacenter "cannot check" whether or not a particular machine was taken by the FBI? Every datacenter I've ever worked in, had an inventory of what equipment was where, and KNEW where every machine was, down to the specific "U" for shared racks, or at least which rack or cage (in cases where a single client had rented an entire rack or cage.) Presumably they know which racks were emptied, they should be able to check their inventory for those three racks to see what was taken...
Or is he saying that the FBI is preventing his personnel from entering the building to check on what was taken and what's still there?
No, but they can probably shut down the garage, barring all entry and exit, until such a search is completed. It has the same effect - preventing access to your property/data, even though it is almost certainly not involved in the crime.
Is it just my observation, or are there way too many stupid people in the world?
Though completely offtopic, "Sergej Ostroumow" is a now-unusual Cyrillic romanization of what would be "Sergey Ostroumov" -- it is based on matching Cyrillic and Roman characters in KOI-7 and KOI-8 charsets.
A terminal made in Fryazino in 80's would show one in place of another if program omitted SO or SI control character (to be precise, also switching around uppercase and lowercase), so it became associated with this kind of transliteration. It is currently alive in form of "Phonetic" keyboard layouts that allow Cyrillic input on keyboards with no Cyrillic labels, though "Phonetic" is kind of a misnomer, considering that it includes such mappings as "v" to "zhe" and "q" to "ya".
Contrary to the popular belief, there indeed is no God.
Don't put all your servers in one co-location site. Spread them around. If one goes down the others will still provide service (but probably slower service). I know this is a more expensive option but if you're getting substantial income from your site then you need to make sure than no single site that gets seized will disrupt that income.
No one ever had to evacuate a city because the solar panels broke!
Welcome to the USA.
Former home of the US Constitution.
Did they get shot? Did any pets get shot? If not, I'd say they are one-up on most people who interact with what passes for "law enforcement" these days.
"Your honor, the data center employee was was wielding that server in a hostile manner. They even called it a 'blade'! I feared for my life."
I think he wanted to post useful and interesting strategic information ("Here's how we do it") without risking being blasted as a karma whore.
I'm sure that a ton of people would like to be his customer, now, though, and would upmod a link to his company. :D
Somewhat this. If you search online, you can find us. We do enterprise hosting for the majority of our clients (none of our clients pay less than $7K-10K/month), and a fair number of them are household names (if you use laundry detergent, purchase car tires, or drink soda, you probably know our clients).
I by no means posted on Slashdot to brag (we are quite the humble type). I posted to say "Business can do this the right way, they just have to commit to doing it".
If this happened in China, I bet someone'd start the repressive measures discussion right away...
Every harsh word you utter has the right address. It only sounds harsh because the one on the envelope is the wrong one.
I've been one of the collateral victims of one of the FBI's "grab everything and go" raids. Some of you might recall the FooNet raid back in 2004.
http://www.thewhir.com/web-hosting-news/foo021604
My shell host had their boxes colocated with Foonet, so when the FBI went in and just grabbed every single machine in the building my host was screwed. And by extension, I was screwed. My host ended up losing almost all their customers (Including me) when they neglected to get a backup online in a reasonable amount of time. As far as I know nobody else on my host ever got their data back from the feds.
Just say NO to stinky cheese