Slashdot Mirror
FBI Caught On Camera Returning Seized Server
sunbird writes "As previously covered on Slashdot, on April 18th the FBI seized a server located in a New York colocation facility shared by May First / People Link and Riseup.net. The server, which was operated by the European Counter Network ('ECN'), the oldest independent internet service provider in Europe, was seized in relation to bomb threats sent to the University of Pittsburgh using a Mixmaster anonymous remailer hosted on the server (search warrant). The FBI's action has been criticized by the EFF. Predictably, the threats continued even after the server seizure. On April 24th, the FBI quietly returned the server, without notifying either Mayfirst / People Link or riseup, and were caught on video doing it."
Come on people, if it weren't so inconsequential, I'd think it was a false flag operation to justify these kinds of seizures.
But really, if that's what they'd want to do, it'd be more meaningful. So it's genuine dickhattery.
Is mayfirst.org already suffering /. syndrome?
It's not just an observation -- it's the very essence of government (second only to coercion).
This really has to be a first. Usually you always hear about police and or FBI etc seizing servers and never returning them to said owner(s).
So, they returned a server. Isn't that good?
Maybe I don't understand the issue here.
Where did the FBI manage to dig up field agents who don't know that commercial facilities with high value equipment almost always have surveillance cameras? Christ, seedy dollar stores have surveillance cameras these days. Were they expecting nobody to notice when they just walked into a colo?
If I were the people who ran the server, I'd go over the hardware with a fine-toothed comb, and wipe/rebuild the software. There's no telling what (legal or illegal) tracking crap the FBI put in it, if they're giving it back without a huge fight.
If they really wanted to be inconspicuous they would not dress like they are not FBI agents. I guess that just comes with the persona and elitist culture.
The footage, taken by a small surveillance camera MF/PL technologists installed after the FBI seizure of the server, is a rare glimpse of what appears to be an FBI operation.
The FBI has returned equipment? Rare indeed!
-IOVAR Web Dev Platform
Sure it was heavy handed -- in about the same way as shutting down traffic for a major accident is heavy handed. You know we have the ability to just plow that wreckage off our highways and get on with our lives but noooo the police want to find out who was at fault and make sure everyone is okay. Even though it inconveniences thousands of people every day and, predictably, the accidents keep happening despite the police officers' efforts.
Predictably, the threats continued even after the server seizure
That's gotta be the stupidest part of this summary. The idea wasn't to stop the threats but to trace them! If logging wasn't turned off on that server, the FBI would have been able to trace it. That being the only thing they could do, they did it. I mean, if I was a student or parent, I would be really upset if the FBI said "Well, we could confiscate that server and mildly interrupt e-mail service for 300 people but it will only tell us who is doing it if logging is turned on and it's probably not so we're just going to go ahead and let this all continue to happen."
... with the safety and lives of hundreds of other people at the university in mind when it happened.
Yeah, hundreds of people were inconvenienced when their e-mail was disrupted
Big bad FBI, trying to follow the only lead they have on some sick pervert who gets off to bomb threats. Shame on them! Sometimes I think law enforcement is damned if they do, damned if they don't.
My work here is dung.
On April 24th, the FBI quietly returned the server, without notifying either Mayfirst / People Link or riseup, and were caught on video doing it. what kind of no security operation are they running at this datacenter? The last place i worked , to get in the datacenter required a thumb reader, to get into the clean room, that then detected if more than one person had entered and would not let you past that door untill the other door was closed and no other people were in the clean room, and it was ALWAYS staffed to see people coming and going. For just random people to come in , take a server, then put it back later with out any one knowing is some where i would never store my server.
I sincerely hope the server owner and users consider tne equipment hopelessly compromised, and quickly and completely dispose of it.
Never ascribe to malice or conspiracy that which can be adequately explained by ignorance or stupidity.
When they take it, its either without a warrant, where they just kick in the front door and scream "FBI!", or with one, where they kick in (or knock) and say, "FBI! We have a warrant!"
But sneaking around without the requisite "FBI" announcement is just a great way to get shot. We have some facilities manned 24/7 by armed guards. You might get lucky and only get Tased*, but its kind of difficult to identify yourself as law enforcement when you are flopping around on the floor and you've just relieved your bladder.
*Security had some issues with shooting people unchallenged. But now that they carry Tasers as well as semi-autos, you get no warning.
Have gnu, will travel.
For the the Peoples Choice award for funniest security vaudeville.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
The server, which was operated by the European Counter Network ('ECN'), ... was seized in relation to bomb threats sent to the University of Pittsburgh using a Mixmaster anonymous remailer hosted on the server.
Given their recent activities - Terrorist Plots, Hatched by the F.B.I. - I wouldn't be surprised if the FBI e-mailed that bomb threat themselves so they could legally seize and search the ECN system - brilliant.
It must have been something you assimilated. . . .
http://ia601208.us.archive.org.nyud.net/32/items/FbiReturnsRiseupServerToMayFirstpeopleLinkCabinet/fbi-returns-seized-server.ogg
Join the Slashcott! Feb 10 thru Feb 17!
As you pointed out, this is a VERY fast turn-around ... almost like they hope that people will use it in a "business as usual" fashion ... like a honeypot?
Not even telling them that it was back so that the owners could decide if they even wanted to risk leaving it in place? VERY suspicious.
The FBI also left a dolly to move the server. Unfortunately the dolly is filled with microphones and wi-fi packet recorders. The FBI also left a fruit basket as an apology. Unfortunately the fruit is laced with mind control chemicals. The FBI also left an apology note. Unfortunately the text is interlaced with words that activate their sleeper agent inside the company.
I mean I can play the conspiracy game all day, yeah if they installed spyware on it, the FBI are pieces of shit. At least have the decency to request the compliance of the company and let them decide to help you track down a scofflaw. At least you could then tell the parents and students that this company won't comply with your investigation so your hands are tied until further leads.
I mean, come on, you think that the FBI is that savvy? You think that any two bit network or systems engineer wouldn't be able to pick up on weirdness in network traffic or processes running from/on the machine phoning home to the FBI? Any company worth its salt that accepts a server or hardware back from anybody proceeds to rebuild it from scratch. Flash or upgrade the firmware if you want! It's so hilariously convenient that law enforcement is a barrel of bumbling idiots when they're supposed to be helping us and when they're trying to help us they are seventeen steps ahead of us and already have infiltrated my underwear drawer. In this story they go straight from idiots who can't understand that logging is turned off on this server to installing honeypot software/devices in two weeks into a device they just got. Right. VERY suspicious. And let's face it, this bomb threat guy has already moved on to another remailer and he's not going to return to this remailer that he has inconvenienced.
My work here is dung.
Am I the only one waiting minutes for a slashdot page to load?
What doesn't kill you only delays the inevitable
Looks like he's going to a funeral.
In the law-suit happy world we live in, you dam sure do need to evacuate on bomb threats. If you do, you'll get sued. Even if it is just a case of you didn't evacuate and it is revealed that you received a threat there's a decent chance you get sued. However in the event there is a bomb and it goes off? You are fucked, sued out of existence. So, institutions have to err on the side of caution, on the side of not getting sued.
What it changed? Change the law first. However you cannot reasonably say to a university "Just ignore it, hope it is nothing and that nobody find out and sues you."
Also there are ways to stop anonymous threat from happening, you just really, REALLY won't like any of them.
Try reading the Bill of Rights sometime. The FBI broke the 6th law in that document (also known as the 4th amendment) which requires obtaining a search warrant from a judge prior to entrance.
You mean something like this? The warrant that was linked to not only in the article but also the summary?
And yes sometimes the bad guy gets away.
That would be a hilarious motto for any law enforcement agency! I'd opt for "We do everything within our legal rights to catch the bad guy."
That is preferable to harassing innocent people & treating them like criminals (example: patting down their breasts and crotches)
You are confusing the FBI and TSA.
(example: randomly searching through cars)
You are confusing the FBI and ... your local law enforcement? Who require probable cause?
(example: arresting people who publish anti-war pamphlets)
The FBI might have done that in the past during Vietnam but it was probably for other trumped up bogus charges and luckily today we have the EFF/ACLU to take up those cases when that happens. Got any recent examples or really any citations at all for this entire post?
(example: rounding-up asian-Americans & tossing them in jail cause it's world war 2)
Wow, dude, that was six decades ago ... yeah it was horrible and I think it's been publicly recognized as horribly racist and is a reason for public shame to the United States. I do not think that's happening today.
(example: assassinating Americans because you SUSPECT they might be terrorists)
Again, I think you're confusing the FBI with some other agency ...
(example: strip-searching old people before they can fly)
But you repeat yourself ... that's the TSA, not FBI. The TSA definitely has no purpose and needs to be dissolved.
(example: forcing a breast-feeding mom to stand in a glass jail for an hour, rather than let her take her pumping equipment home to her newborn kid)
What the hell? Citation?
INFORM yourself of what's happening in the world.
Yep, I'm the misinformed one here, got it. Hey, since all government actions are from the same people (you cross state and federal levels several times there) why don't you go tell your local county clerk to stop murdering Afghan children? Makes about as much sense as the rest of your rambling post ...
My work here is dung.
Well, assuming they had a warrant for the seizure in the first place, fine and good that they did their job looking for the bad guys. But I don't think a judge would have given them a warrant to break in and return the server unless they thought no one had noticed it was gone. Why did they not just call the owner and say they wanted to return the server. Were they trying to be nice by returning it to its rightful place. How did they get in to return it? Has this place no security? Did they bully some pimply faced security guard into opening the door? Did the guard have authority to grant them access to the cage? No legal access means trespassing; the feds are not above laws on criminal trespass.
actually, couldn't they just install a piece of hardware like a network logger that would be transparent to the server?
Should we not read this as the FBI has copied and is studying everything they can stored on that server plus they have tossed in their own secret recipe so that everything that passes through that server from now on flows right to the agency? You can bet that very special attention has been paid to that equipment.
Server virtualization is pretty awesome for getting low cost, geographically distributed server power.
But this is the problem you face. Your virtual server is sharing a physical box, disk, and memory with strangers. Strangers who might be doing all manner of things. And who might (as in this case) do something that would cause law enforcement to need to take down the server. Sorry you're collateral damage, but that's frankly the price you pay for shared infrastructure.
You want guaranteed uptime? Have multiple instances. You want your data protected? Have it in multiple places, encrypted.
I have a hard time getting mad at "The Big Bad FBI seized a server that had some legitimately bad stuff on it but also had some stuff for other people on it."
Would anyone trust a returned server from the FBI? I would properly wipe it 3 times and flash the bios a few times just to be sure. That thing could be spyware haven.
The white guy in the tie looks pretty cute...too bad he works for the FBI.
Then again I do like em cute and dumb.
So, your theory is that....
a.) the FBI knew exactly which server the ECN data lived on in the CoLo facility,
b.) knew exactly which other virtual servers were on the same box,
c.) had sufficient access to fake a bomb threat through someone else's server to justify the search warrant.
With that much access to the internals of the CoLo, why would they NEED to drum up a pretext to search the server?
Was it connected correctly?
"If any question why we died, Tell them because our fathers lied."
Allow me to take this opportunity to bring up again the idea of "transparent" remailers. The term may seem paradoxical at first, until you realize what "transparent" applies to.
Here's the idea:
If remailers are getting taken down because authorities want images of their hard drives, what about just giving that to them? Preemptively? The hard drives should have nothing revealing on them, I think. (Is that your understanding, too?) If the drives have nothing revealing, then remailers could continue to operate despite law enforcement investigation.
You just submit a drive image to the law enforcement agency.
The possible sticking points I see:
My intuition says it may be possible to overcome each of these.
Does it really matter if the FBI or the colocation compant told the server owner it was back?
Well, you are correct, legally, they probably did everything they needed to. The problem the FBI has, however, is that is perceived as a bunch of power happy bullies that throw their legal weight around whenever it suits them. Wither this is the case or not is moot, if this is the public perception.
What they should be doing is apologizing more and, and talking and working with people more before just seizing servers right and left. In the long run, you catch more flys with honey than vinegar. I am a pretty honest person, but if the FBI showed up at my front door, my first reaction would be to tell them to fuck off, just based on their reputation. They do some good work trying to catch some really nasty people, but they definitely have a PR problem.
Additionally, the shouldn't need to hold computers as evidence for more than a few days. I believe police procedure is to pull and mirror the drives before they do anything to the machine so holding hardware is really just being vindictive.
HA! I just wasted some of your bandwidth with a frivolous sig!
No one jumped out and shouted "Smile, you're on Candid Camera!"
Vietnam Veteran / Former Postal Worker -- Use Caution When Taunting!
It's for you
they are seventeen steps ahead of us and already have infiltrated my underwear drawer.
Shit! Yours too? I was afraid I was the only one here wearing tinfoil boxers....
HA! I just wasted some of your bandwidth with a frivolous sig!
Are you saying that the FBI should phone ahead before executing a proper and valid search warrant? (Which could give those involved ample time to remove incriminating evidence.)
Yes, if they have a warrant to do so, the FBI can "go around removing servers at will." That's kind of the point of a warrant.
And I'm pretty surprised Riseup didn't have somebody at the data center follow the agents around and/or ask for an inventory of what was taken from where. IIRC, a full inventory of seized items is something you can request of any warrant executed on your property.
The text of the article and the information in the articles it links to seem to state different things.
The article linked states:
But the link in that goes to this site http://www.post-gazette.com/stories/local/neighborhoods-city/internet-service-to-help-in-probe-of-pitt-threats-631734/
which states:
These seem to be completely different things! The article states that they were running an anonymous remailer which, assuming it's done right, doesn't leave any trail. But the link in that text states that they believed that "someone illegally hacked into their system" and "they did some kind of shenanigan to get it"-- which could plausibly have left fingerprints, since real-world hackers aren't always the genius criminal masterminds that the movies like to portray.
Which is it? Were they "illegally hacked" using "shenanigans", or were they running a remailer open to anonymous login? Or, did they actually run an anonymous remailer, but told the FBI that they were hacked?
http://www.geoffreylandis.com
They got a warrant, took it. When done the replaced it.
Wow..yeah.. stop the presses...
Some people are trying too hard to find a reason to be angry.
The Kruger Dunning explains most post on
Hardware rootkits are bad, mkay?
1) remove hdd, destroy, sell or research it.
2) check for modifications and remove all batteries, flash all firmwares.
3) donate returned server to orphanage (with cheap hdd and a clean install).
4) aquire new server.
This scenario is the only smart thing to do.
Anyone with a brain would go over that system with a fine-toothed comb to look for such things, and then wipe the system and restore from a known-good backup, and diff update.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
If the police come to your house and search it with a warrant when you are not home, they are required to leave a copy of the warrant "in plain sight" in most instances. Except for a few rare cases the law generally requires that the owner of the property being searched and seized be notified, and this is the accepted way to do it.
In this case ECN says they were not notified. We don't know why, but there are a number of interesting possibilities:
Either way, XO or the FBI fubared the notification at a corporate and legal level respectively.
Now, let's look at putting it back, first in the real world. FBI gets a warrant to search your house for a joint, breaks in when you're not at home, searches it, and finds what it thinks is a joint. Takes that, runs it off for testing and finds out it's full of oregano or something. Does the FBI now break back into your house when you're not home and put the joint back? Heck no. It would in fact be breaking and entering. Your right to privacy is being broken. Plus, they just don't do it, anyone who's ever retrieved seized property knows you go to the evidence room, fill out a bunch of paperwork, and you're on your own to take it back home. No warrant is ever issued to return property.
I think a competent lawyer could have a lot of fun with this case. Invasion of privacy, breaking and entering, civil trespass, etc, all from returning it. The FBI should have given ECN a notice to come pick it up, and they didn't. Thing is, I'm sure they know better, this really does feel like some sort of cover-up attempt. "What server? We don't have any of your servers. Are you sure it's missing?"
Anyone with a brain would go over that system with a fine-toothed comb to look for such things, and then wipe the system and restore from a known-good backup, and diff update.
Trash the server, it's the only way to be sure. In fact, since they appear to have been in the datacenter, just nuke the entire site from orbit. It's the only way to be sure.
There's no place like
Sunbird and Jeremiah...you are both fucking morons.
"Caught returning the server"? ooooohhhhh!
Waste of fucking bandwidth.
Dumbshits.
Wonder how much time they charged the department.
Your post being one example of this.
stupid fucking idiot.
Does anyone know what equipment is being used for the rack camera/recorder? I'd not seen that before and I'm definitely interested in putting cameras in my racks too, provided the cost isn't too high. I don't particularly care to spend a fortune in co-lo fees just to host a camera and DVR.
Can you provide me a link to this Shenanigans software of which you speak.
The new right fascists are bilingual. They speak English and Bullshit.
When installing CCTV inside a server housing rack, also arrange a nice, helpful internal light (probably wired to a simple door switch) so that the people opening the rack can see the wiring loom, power connectors, etc. And so the camera can see their faces. So that the CCTV's viewers/ payers can actually get some value for their investments.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Screw worrying about the software - hopefully the important stuff is on a clean backup anyway.
My concern would be whether they may have installed a hardware spy device of some description.
Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com)