Police Seize Two 'Perfect Privacy' VPN Servers

An anonymous reader writes from a report via TorrentFreak: VPN provider Perfect Privacy has informed its customers that two of its servers had been seized by the police in Rotterdam, Netherlands. Torrent Freak reports: "The authorities went directly to the hosting company I3D and the VPN provider itself wasn't contacted by law enforcement. 'Currently we have no further information since the responsible law enforcement agency did not get in touch with us directly, we were merely informed by our hoster,' Perfect Privacy says. Despite losing control over two servers, Perfect Privacy assures its customers that no personally identifiable data is present on the seized hardware. Like many other VPNs, the company maintains a strict no-logging policy. 'Since we are not logging any data there is currently no reason to believe that any user data was compromised,' the VPN provider says. 'When the Dutch police contact us with a subpoena, we work with them in a professional manner and ensure their request and our responses are in compliance with the Dutch law,' I3D informs us. 'We think with the affected customer as well, for example by making temporary capacity available so the customer does not suffer extended downtime during the investigation.'"

hmm.

'Since we are not logging any data there is currently no reason to believe that any user data was compromised,' = Anyone still on the system over the next week is being logged by someone else.

log

[bugs2squash]

There was no logging before the machines were captured. It's probably turned on now

Re:log

So what, why would they continue to run compromised servers as part of their service? If they have provisioned against hacking by not logging, they surely must also have provisioned in case a server is physically compromised.

Re:log

[ourlovecanlastforeve]

Police will seize the server, hack the root password and set it up as a honeypot on the VPN provider's network.

Re:log

[TheGratefulNet]

I don't follow; if the server is returned, it will be wiped and reloaded.

any isp would do that.

so what's the issue? the police can't just put it back on the air again. if they do, its fraud (not that any cop cares about breaking laws, these days...)

what I don't understand is: what gives the police the right to grab a whole server, when its only 1 customer they are after?

that's huge over-reach.

some day, we need to take control of our world and stop the authoritarians who seem to think all property belongs to THEM instead of the actual owners.

Re:log

I'd hope to almighty atheismo that those servers would be blacklisted and any passwords or certs associated with them would be invalidated the instant they knew about it. Frankly if i were them i'd simply abandon that host entirely as the risk of the servers being compromised now or in the future* is too great.

* "Let us install this logger or you'll go down as an accessory to any crimes committed using this server"

Re:log

Putting police and some action that actually involves competence in the same sentence - absurd!

Re:log

But, the police apparently have the power to seize servers without warrant.

So, they could have done that before, 3 months ago. Then, they turned on logging (and a rootkit to hide what they'd done).

Now. 3 months later, they seize it because it's been logging what they wanted.

If you're using a VPN provider in a country where police can seize servers, without warrant, and the VPN provider isn't physically present to know about it until afterwards, then all bets are off - anything can happen.

Re:log

Or, it was turned on 3 months ago when they last turned up, armed with a gagging order for the datacentre.

What kind of "privacy" company has to depend on a third party to notify it if someone's had physical access?

Re:log

[jonwil]

I am sure that any VPN calling themselves "Perfect Privacy" wont be allowing these servers to be used again until they are sure they are clean.

Re:log

[Dunbal]

I don't follow; if the server is returned, it will be wiped and reloaded. any isp would do that.

Except these servers are being hosted by a 3rd party. One that could be coerced into NOT doing that (authorities are getting good at this "guilt by association" thing), or the actual hardware itself could have been modified. The 3rd party is just a host, they are absolutely not obligated to comply with any "privacy" deals that Perfect Privacy may have promised to its customers. If you want to do something right you have to do it yourself. I seem to remember hearing that somewhere.

Re: log

It may also require that they throw them away. Who knows what has been done to the hardware and what firmware tricks the police have at their disposal?

Re:log

[JustAnotherOldGuy]

There was no logging before the machines were captured. It's probably turned on now

This assumes that the Feds hadn't tapped the line and were logging the data without the people at Perfect Privacy knowing about it. They could log the data for a while (weeks? months?) which would then give them the justification they needed to be able to secure a warrant and seize the servers.

Re:log

[AHuxley]

Governments, police often allow forums, accounts, databases, services to keep running for months, years in the hope that the same activity is repeated after some initial event.

Re:log

'the Feds'? Are you talking about the FBI? Why would they be in the Netherlands?

Re:log

Another thing I wonder about is how easy it is to set up a VPN server that logs absolutely no data, not even in deleted form on the hard drive. Do they really log no IP addresses at all, no connection time data, nothing else that could identify a user at some time? Do they wipe everything securely after each session?

Just wondering how easy that is, as I've never tried to switch off all logging on my Linux box.

Re:log

[bill_mcgonigle]

There was no logging before the machines were captured. It's probably turned on now

We're assuming Perfect Privacy doesn't have cryptographically-secure control over its devops? That would be quite an indictment of a VPN provider.

Re:log

Tapped what line? VPN traffic is encrypted so it would be rather pointless to tap. It would be more of a question of if the server itself was compromised in some way to gain access to the encrypted data.

Re: log

Servers could be returned with some enhancements:
- Disks with modified firmware / hidden partitions
- USB / PS/2 ports tapped to keylog
- Spy device / microphone hidden inside power supply

Let your imagination think up more

Re:log

[allo]

That's why your openvpn client checks the CA certificate of the server. Which is secured on the server by a strong passphrase and/or disk encryption.

perfect privacy are not amateurs.

Re:log

[allo]

openvpn does per default no logging at all. It just has for each phase of connection some hooks, where scripts get data via environment variables. So you can for example add a connect hook, which logs external to internal ip or you can have a disconnect hook, which just logs internal ip to traffic in/out (thus enabling accounting per user). I know no vpn with traffic limit, because they do not want to log anything.
And if you think about it ... plausible saying you have nothing can spare you from a raid next time. Who seizes servers, when nothing's stored on them? So a vpn provider who logs despite saying they don't not only risks to lose all customers after a raid, but has even a longer investigation during the raid. And a reliable logging setup in that scale isn't free either.
So if you're not renting a full honeypot you're probably secure. And that they do not cooperate is probably the reason why the data center was connected and not PP.

Re:log

[allo]

*contacted.

Re:log

But the encryption key will be in the server memory. It is quite possible to remove the server without turning it off, it is also possible to retrieve the key from its RAM with physical control of the server.

Using a hardware based key management module may make it impossible to retrieve the key, but that has trust issues of its own.

Re:log

[allo]

without root access it is rocket science and will stay it. Of course you can freeze ram modules. This may work for 1 of 10 experiments under lab conditions. For a real case you either have some exploit (insecure firewire dma or similiar) or you won't be able to get RAM from the system.

You all missed the part where..

[coolmoe2]

They are helping their client setup new service. So im sure they know that the original server was compromised/seized.

Criminals

Anytime I see someone from I3D on my e-commerce website, I assume someone is trying to steal my money... I wish they could get punched in the face, once.

Is this just harrassment?

[Mal-2]

Is this just a campaign to make a service that provides true anonymity too expensive to operate? It seems a bit reminiscent of the cock.li drive seizures which themselves seemed designed to disrupt operations as much as possible.

Re:Is this just harrassment?

[schekker]

I doubt it. My guess would be that the seizure was done by the Dutch High Tech Crime unit, which in general is not politically driven. With a socialist party in government such harassment would cause a major political incident, so it simply is not worth it. Far more likely the service came up during a criminal investigation and the High Tech Crime unit thinks it can still salvage some important evidence from the seized servers.

Not meant to get data

This isn't meant to reveal any data. It's meant to make hosting much more expensive for VPN providers. They're basically harassing the hosters so that they'll end up raising prices on VPN providers or forbidding the operation of VPN servers (including TOR nodes).

Re:Not meant to get data

[slashrio]

...raising prices...

will only drive out the 'good citizens' while the real criminals keep paying whatever price will be asked.
So, if you use a VPN you must be a criminal.