Too slow! FBI Shuts Down Hosting Service

Chope writes "If FBI agents showed up at your data center bearing a warrant, would you be able to provide them prompt access to customer data? BZZZZT! I'm sorry, but you've taken too long to answer. We'll be confiscating all the hardware you use, er, used to use, to run your business. But we'll get it back to you 'real soon now.' Thank you for playing. CarrierHotels.com is carrying the story of a FBI raid on a web hosting company. When the hosting company didn't and/or couldn't provide the information the FBI was looking from its several terabytes of data within "several hours", the FBI decided it was more "efficient" to seize all the web servers and customer data as part of the FBI's investigation of a hacking incident."

All Your Rights Are Belong To Ashcroft

[by Anonymous Coward]

someone had to say it..

Re:All Your Rights Are Belong To Ashcroft

[LittleBigLui (304739)]

someone had to say it..

... and judging by the finely crafted grammar, bush did. :)

Re:All Your Rights Are Belong To Ashcroft

[GodBlessTexas (737029)]

I hate to be the bearer of bad news, but the FBI has been doing this in computer crime cases since the last few years of the Clinton administration under that bastion of civil liberties (nevermind Waco, Ruby Ridge, or Elian Gonzalez) Janet Reno, and it didn't require several TB of potential evidence to make it happen.

The FBI will attempt to work with any provider in order to get the data they need to investigate a crime. If that is impossible to do in a 'reasonable amount of time' they have little choice but to confiscate the equipment in order to copy the existing data from the machines to conduct a forensic investigation. A reasonable amount of time is generally a couple of hours to a day. Believe me, the last thing some poor special agent wants to do is sift through TBs of customer crap and put a company out of business or under financial hardship.

Re:All Your Rights Are Belong To Ashcroft

[sjames (1099)]

Doing some simple math, with a decentish disk controller, it will take 3 hours just to stream 1TB from disk to /dev/null. That assumes that the data is perfectly sequential and that no 'analysis' (such as accessing in a filewise manner, looking for a particular name of other data within the stream, etc).

Touching the data at all will easily double that to 6 hours. Add in more time because the volume is probably archival (read slower) rather than being set up as an enterprise DB system. Add even more since the server has other things to do running the business.

Most likely, what they were after was logs. Logs tend to be optimized to be stored quickly rather than for fast access. After all, logs are being stored constantly, but unless something unexplained is going wrong, they aren't analyzed at all. When they are analyzed, it's usually one of a handful of standard reports (such as logins, changes to suid, etc) and is only done over a reletivly short span of time.

Given the above, and that there were multiple TB of data to sift, it is not even vaguely reasonable to expect a complete result in less than several days.

If this report is even vaguely factual, I sincerely hope the person who made the decision to sieze is forced to spend the remaining years of his career in the basement sifting through endless lines of:

1337 d00d> D000dZ! I R s0 1337!

To the best of my knowledge, there is no posibility of an all encompassing regular expression that can translate 1337 to english.

Poor hosting company

[by Anonymous Coward]

The poor hosting company probably has ToS to live up to. This will ruin them.

If nothing is found, will they have any recourse against the FBI or are they screwed?

Re:Poor hosting company

[LostCluster (625375)]

The poor hosting company probably has ToS to live up to. This will ruin them.

Law always beats a ToS. If the FBI comes with a warrant for a piece of customer data, you've got to turn it over even if your ToS/Privacy Policy says you won't. To avoid getting caught in this jam, include a statement saying you'll turn over anything to any authority who presents a proper warrant.

If their business was based on not turning anything over to the spooks, well, so much for that idea.

Re:Poor hosting company

[carou (88501)]

If their business was based on not turning anything over to the spooks, well, so much for that idea.

I think the parent was probably referring to uptime guarantees, which the confiscation of equipment has caused the ISP to fail on, rather than anything to do with data privacy.

I wonder...

[millahtime (710421)]

if CIT might have been uncooperative. This article is very one sided and if it was taking hours and they weren't seeing it get anywhere then there might have been a legitimate problem. I don't know if taking the servers was the best solution but if they did it then there must have been something going on.

script kiddy and spam proxy heaven

[by Anonymous Coward]

Last year I found the a controller of the proxy that was installed on a NT workstation happened to be controlled out of the same data center that was shut down. That machine was telling the NT box to send out massive amounts of spam.

This is about the last data center on earth where script-kiddies can get free shell accounts.

This is a case were many servers got caught in the crossfire aginst the script kiddies and spamers.

There's gotta be more to this

[queen of everything (695105)]

There has to be more to this story. From what the article says, the FBI just walked in and shut them down. While that might have happened this story seems to be extremely one sided and a little short on the detail.

Initially, I don't like the sound of it at all given that I host several domains and don't want the FBI coming in and taking all of my servers. But, we don't know what led up to the seizure....maybe it was a legitimate action? We shouldn't judge too harshly until we have all the information. I'm trying to play devil's advocate here.

Re:There's gotta be more to this

[shyster (245228)]

Yeah, the more of the story is pretty well detailed in the WHT forums [webhostingtalk.com].

Rumors have ben flying for quite awhile that Paul (the owner) was either involved or turned a blind eye to DDoS drones on his network. Some rumors stated that he's DDoS competitors to prove the superiority of CITHosting's DDoS hardened servers.

Seeing as this "data center" seems to have been his basement, I'd bet his (lack of) logs, records, and monitoring left the FBI little choice but to seize the whole thing. And, we can assume he was uncooperative as he may have been involved or at least knoweledgeable.

The general reputation of Foonet also seemed to be a bit on the black hat side. No doubt there may have been some legitimate customers as well, but they seem to be known more for their spammers and script kiddies (and cheap shell accounts) than for their legitimate webhosting.

All in all, it looks to me like the FBI did what it had to do to effectively process the warrant. They were evidently going after a network, not a specific machine. Unfortunately, some legitimate customers got caught up in it.

It looks like CTIHosting was recently sold, and is being moved to a new data center in Chicago. Let's hope that it comes back as a legitimate business this time. They've already stated that IRC will be down indefinitely, so that's a good sign.

What kind of sick joke is this?

[elchulopadre (466393)]

First their webserver farm gets seized by the FBI, then you post their story on /. ??? Give these guys a break!

um...

[boogy nightmare (207669)]

I would be more worried about the fact that rather than being supplied with the data that they originally requested, they now potentially have the logs/records/recordings/information of all the transactions and customer records and IRC conversations ever hosted by this...

Will they delete the 'copied' data after they have finished, keeping only the information that they originally wanted, please this is v bad...

Thank God i dont live in the US

Full Text

[by Anonymous Coward]

FBI Shutters Web Host

By Rich Miller
Carrier Hotels Editor
Posted Feb 19, 2004

If FBI agents showed up at your data center bearing a warrant, would you be able to provide them prompt access to customer data? How long would it take?

That's an important question in the wake of an FBI raid of Columbus, Ohio hosting company CIT Hosting last Saturday. Federal agents wound up shutting down the entire operation, seizing all the company's web servers and all customer data as part of its investigation of a hacking incident.

CIT Hosting, also known as FooNet, markets itself as "the leader in the IRC and DDoS protection business for the last 5 years." The company posted a web page informing customers that its data center was shut down, and instructing customers to contact the FBI if they needed access to their files.

"The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host," the company said in its statement.

IRC (Internet Relay Chat) is a live chat system that allows users to create private discussion rooms. While IRC has a lengthy history of legitimate use, it is also a medium for discreet communication between hackers. CIT said the FBI was "investigating whether someone hosted on our network hacked and attacked someone else."

"After several hours of attempting to track down, inspect and audit the terabytes of data that we host, the FBI determined that it was more efficient (from their point of view) to remove all of our servers and transport them to the FBI local laboratories for inspection," the statement continued. "The FBI has assured us that as soon as the data has been safely copied and inspected, the equipment will be promptly returned. Unfortunately, the FBI has not been able to tell us when they will be completed with their inspection."

The seizure isn't standard procedure, and there's no way to know exactly what prompted it. CIT's account suggests the FBI may have lost patience with the process. The IRC-focused nature of CIT's business may also have been a factor.

But if you're a data center operator, you want to avoid any scenario in which the FBI gets impatient and starts hauling away your servers. Just one more item on the contingency planning checklist for the times in which we live.

more important (?) how much customer data stored?

[buzban (227721)]

IDNRADC (I do not run a data center), but don't let that stop me from making a completely unqualified comment ;) ....

Perhaps just as important, or more important, are you storing customer data that could/should be regularly deleted? Not that burning everything when the FBI shows up is the best option, but having a sensible scheme for what needs to be stored, and what would be better deleted and overwritten, seems to me to be important...

Look! I'm whoring!

[teamhasnoi (554944)]

From their site - don't forget to let the FBI know what you think! rwhite3@leo.gov

02/23/2004 CIT re-establishes service.

We have restored service at Equinix's Chicago Data Centers. We are in the same facilities as MSN and many fortune 500 companies. The facility has multi OC192 connections to the backbone.

The FBI has begun retuning equipment to CIT which is being shipped to our new facilities in Chicago.
At this time CIT will continue to provide dedicated DDOS Protected web hosting only.

CIT provides reliable and scalable solutions for customers of all sizes and services. Located in Equinix's Chicago Data Centers , CIT has access to all the major carriers without the need for local loop circuits.

Our Chicago staff is focused first and foremost on customer satisfaction, and will take every action necessary to accommodate each customer. Unlike many large ISPs, CIT prides itself in its ability to provide personalized service to each customer - if a customer calls twice for assistance, they can usually speak to the same representative. Our sales and support teams are allowed a great deal of flexibility to work together to resolve each customer's needs on an individual basis. Our success and rapid growth can be attributed to the satisfaction of our customers - word-of-mouth referrals account for a large portion of the new business we receive each month.

The IRC Network will remain down until further notice.

02/14/2004 FBI Confiscates all servers

Dear Customers of FOONET/CIT:

We regret to inform you that on Saturday February 14, 2004 at approximately 8:35 am EST, FOONET/CIT's data center in Columbus, Ohio temporarily ceased operations.

Here are the facts of what occurred:

The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host. According to the warrant, it appears that the Bureau is investigating whether someone hosted on our network hacked and attacked someone else.

After several hours of attempting to track down, inspect and audit the terabytes of data that we host, the FBI determined that it was more efficient (from their point of view) to remove all of our servers and transport them to the FBI local laboratories for inspection. This was completed at 7:00 pm EST same day.

The FBI has assured us that as soon as the data has been safely copied and inspected, the equipment will be promptly returned. Unfortunately, the FBI has not been able to tell us when they will be completed with their inspection.

We have been told by the Special Agent in charge of the investigation that If you need access to your data you are asked to please contact the Bureau via email to rwhite3@leo.gov. Make sure to include in your email your name, mailing address, and telephone number with area code.

Since we wish to focus 100% of our efforts on restoring services, we would appreciate it very much if you do not attempt to contact us directly. Please rest assured that we are doing everything possible to restore service to you as quickly as possible.
To the many who have inquired, Paul and family are OK, although shaken by these events. They are at home and awaiting the blessed event of their new child's birth. We thank you for your good wishes and prayers.

Please check back here often. Through this site, we will keep you informed of ongoing developments as we know them.

Thanks again for your understanding.

The FBI is already returning some equipment...

[shyster (245228)]

Looks like the seizure occurred on 02/14, and that as of 2/23 [cithosting.com] some servers have already been shipped back and put back on-line. As of now, their IRC network is still down...though it's unclear whether that's due to an FBI decision, the FBI still having their servers, or a CITHosting decision.

The only thing I find a bit odd about this whole thing is that it looks like they too the opportunity to relocate their data center to Chicago (it was previously in Cleveland). According to their news,

The FBI has begun retuning equipment to CIT which is being shipped to our new facilities in Chicago.

Wouldn't that unnecessarily delay the process of restoring service to their customers? Was the move already planned, or did they suddenly decide that they needed a different data center? Is it possible they're blowing the seize out of proportion in order to cover outages due to their move? Or did the seizure even actually happen?

Yes the police can seize things with a warrant

[SmallFurryCreature (593017)]

The police and FBI can request from a judge a search warrant wich allows them to take pretty much everything as evidence and they don't have to search for it in a nice way. If they suspect that something is hidden in your sofa you can just as well order a new one. Doesn't matter wether you hid it or someone else did. If it did then all criminals could hide evidence in their neighbours house and be safe.

Wether you find this acceptable depends I guess on wether you find it acceptable that the police can investigate crimes beyond posting a little poster asking criminals to please come to the station and answer their questions and to bring in any evidence on their own.

Normal search warrants on an office mean that the FBI and police storm the building and everyone inside is ordered to stop doing anything. No more accessing PC's no shredding of documents no phone calls no nothing. The reason is simple to prevent evidence from being destroyed.

I am frankly amazed that they even allowed the company to provide the info this shows that they probably don't suspect the company but rather that they hope to find evidence against someone else on their systems.

There was a rather nasty ddos attack on mircx and aniverse. The FBI seems to be investigating wether the IRC network hosted by this company was used in the attack. There seems to be a lot of hints as to the person who was behind the attack but sadly in america you need that silly evidence stuff (at least for use against americans).

So the FBI asked and got a search warrant. They then gave the company time to hand over the data but they couldn't. So the FBI used the law and did what we expect them to do. Secure any evidence by removing access to it. They are even giving the hardware back. They waited wich they don't have to and give the hardware back after copying data wich they don't have to do. Frankly I think they went way beyond what they needed to do to minimize damage.

Quit frankly the original poster seems to be one of those people that want the police to disappear. That line about wich coorperate master they offended is clear bullshit. mircx and aniverse are hardly the powers that be.

In any society that doesn't chose to be an anarchy you have to give some powers to the police to investigate crimes. Search warrants are pretty common in all democracys and also work pretty much the same way. If you get one it sucks but so far noone has come up with a better alternative except to just allow criminals free reign.

You know...

[Niet3sche (534663)]

It's not like I agree with this, if indeed things happened as the article state... but a quick google [google.com] on FooNet (AKA / DBA CIT [cithosting.com]) turns up some VERY interesting results.

I google'd quickly [google.com] on a hunch, and sure enough I got some [ahbl.org] rather [completewhois.com] interesting [webhostingtalk.com] hits.

I claim to know nothing about SPEWS and how they go about adding to the blacklists, but they apparently are no stranger to it.

Furthermore, it seems that this IS NOT the first run-in with the FBI that FooNet/CIT has had: from here [blogspot.com], if you scroll down a bit, you'll see the following text: The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host # We regret to inform you that on Saturday February 14, 2004 at approximately 8:35 am EST, FOONET/CIT's data center in Columbus, Ohio temporarily ceased operations. And this was from Feb. 14 ...

Another incident was reported out here [aginet.com] on 07/12/03 (search the page for "foonet") ... seems that 84898 spams swamped a box, and follow-up by FooNet sucked - e.g. they turned a blind eye.

There are far too many hits to return ... if you're interested in more, you can always head here [google.com]. For now, I'll close with this: I do not agree with the methods used, if they were as described ... however, FooNet/CIT is no stranger to the FBI, and perhaps this is all rolled in to the Feb. 14th notice ... maybe the FBI actually gave them 10 days to comply... I'd really like to see how this ends.

And the moral of the story is

[El (94934)]

Delete your logs. Delete them early, and delete them often. Searching through 24 hours worth of data is a lot easier then searching through 2 years worth...

Re:More to the story

[MisanthropicProggram (597526)]

I don't know why your were modded down to -1, but I had the same thought. I haven't seen this story picked up on any other news outlet yet. And the article was posted on Feb 19th! What's going on here.

Other reports

[AndroidCat (229562)]

Not exactly news outlets, theWHIR [thewhir.com] had a short bit on the 16th, and it was mentioned in a thread in nanae [google.ca] on the 15th.

I do wonder how cooperative CIT was. After several hours of requests for the info (with a warrent) the FBI must have been riled to say "F-this-S, haul it away!". Think about how much extra work that must have been. There's more to this story, pity no news service has looked into it yet.

Re:More to the story

[dotmaudot (243236)]

I haven't seen this story picked up on any other news outlet yet
Maybe you looked at the wrong sources :-) Anyway, if you are interested in knowing more, have a look at the records at SPEWS [spews.org] . ciao, .mau.

Re:More to the story

[gertsenl (719370)]

If you consider 2600 a news outlet, then you'll be glad to know that Off the Hook [2600.com] spent quite some time last week talking about the incident.

Re:More to the story

[Alranor (472986)]

"The phrase

"I disapprove of what you say, but I will defend to the death your right to say it"

is widely attributed to Voltaire, but cannot be found in his writings. With good reason. The phrase was invented by a later author as an epitome of his attitude. It appeared in The Friends of Voltaire (1906), written by Evelyn Beatrice Hall under the pseudonym S[tephen] G. Tallentyre."

(from here [york.ac.uk] )

Re:More to the story

[AntiOrganic (650691)]

While we're randomly throwing around Googled websites to get to the bottom of this quote issue, how about this one?

"Then along comes Norbert Guterman to claim that what Voltaire _did_ write in a letter of February [6,] 1770 to a M. Le Riche was: 'Monsieur l'Abbe, I detest what you write, but I would give my life to make it possible for you to continue to write.' So, whether or not he used the precise words, at least Voltaire believed in the principle behind them."

Re:More to the story

[millahtime (710421)]

I bet there is more to the story than we are hearing. There was a search warrent from the "United States District Court for the Southern District of Ohio"

To get a search warrent you have to have something to go on already.

Re:More to the story

[Ian Wolf (171633)]

A search warrant is one thing, shutting down a private enterprise because a couple agents got impatient or paranoid is another issue entirely.

We keep hearing about liberal judges this and liberal judges that in the media, but there are just as many conservative judges giving law enforcement rubber stamps on warrants.

Re:More to the story

[millahtime (710421)]

There is a lot that is not being said. Such as, did CIT cooperate? Did they obviously stall or with hold information? Did they claim to not have records they obviously had? This is not the whole story and maybe the only alternative to getting the information was to take the equipment. Maybe CIT gave them no alternative. We are speculating based on one sides point of view.

Moderators: I know this may be redundant but I was responding to his comment. He obviously didn't read the 50 posts in front of this one.

Re:Over the top anyone?

[BigDork1001 (683341)]

This is the US we're talking about. We sue everyone for everything. In fact I just might sue you for implying we wouldn't sue.

Re:How about the sustained financial damage?

[cybermace5 (446439)]

What if a criminal escaped onto the street where your brick-and-mortar shop was located, and they closed down a several-block radius for as long as it took to find him? You think they should compensate all the businesses that were affected?

Re:How about the sustained financial damage?

[ca1v1n (135902)]

They don't do that, except in cases of people believed to be dangerous, and then only for a very short period of time. That's the point. They went WAY too far in this case.

They had good reasons to shut them down, indeed :

[skaya (71294)]

I can't get access to the article, but I guess that the story is about the shutdown of FooNet. FooNet isn't a "real" hosting solution ; it's a cheap shell provider for script kiddies who want to have their own ircd. They might also provide "serious" hosting services ; but as soon as one provides shell services for such a targetted audience, she knows that she will have to handle some specific problems - DDOS, flood, etc.

And according to what I know about the FooNet shutdown (if that's the same story), there was thousands of DDOS "drones" located at the datacenter, and the staff of the datacenter failed to shut them down. That sounds very dubious to me, but you might want to check this [ahbl.org] for another side of the story ...

Quoting :

"Perhaps the blackest of the black hat networks is finally gone, raided by the FBI. Foonet was home of spammers, packet kiddies, script kiddies, carders, and other illegal activities, as documented in the links below."

PS: if the shutdown mentionned isn't the FooNet one, ignore this post :-)

Re:They had good reasons to shut them down, indeed

[CommanderTaco (85921)]

No, it turns out you are right, cit & foonet are one and the same. http://www.easynetworknyc.com/foonet/ [easynetworknyc.com]

Foonet/Creative Internet Technologies

[by Anonymous Coward]

I live in Columbus, and have had the misfortune of working with foonet/Creative Internet Technologies/Creative Internet Techniques - they have called themselves all three. The small ISP which I used for my website unexpectedly moved our web site to a server at foonet. All of our mail forwarding was getting blocked by about every blacklist on the planet, and the uptime was horrendous. Needless to say, despite the 3 month prepay, we immediatly moved to another ISP. While we were being hosted at foonet, located about 10 minutes from us, I called them (local, no 800 # - ) multiple times, telling them that they were on blacklists. I never could talk to anyone, just leave messages that would go unanswered. If you are doing anything remotely important, avoid foonet/CIT like the plague. Their phone numbers are/used to be Sales - 614 353 8243 and General Inquires - 740 881 0323

Re:How about the sustained financial damage?

[R.Caley (126968)]

The closest model I can think of would be the Steve Jackson Games case [eff.org] where they got damages [eff.org], eventually.

Of course, that was a long time ago, these days they would probably just have sent anyone suspected of having a copy of Illuminati to Guantanamo.

Re:and....Absentee landlords.

[by Anonymous Coward]

Marked troll already. That's slashdot for you.
Anyway this incident illustrates why the citizentry needs to be active in government instead of reactionary and "woe is me" after the fact. The government isn't very good at self-disciplining. That's our job. An absentee citizentry breds the results you see. Get out and vote in 2004. Get involved in local and national politics. Stop being a wallflower.

Re:and....Absentee landlords.

[The Unabageler (669502)]

I 100% agree. I get in political discussion with folks who complain about the system not working...when I ask if they write their representatives they say no. I ask if they vote, they say they aren't registered. How dare someone say the system is broken when they've never bothered to participate!! Register to vote if you haven't already and GET OUT AND BE HEARD. Vote on election days, write your senators and representative whenever you have something for the government to hear. A government of the people means we are their bosses! They don't listen to the majority, they lose their job. And don't say to me "the /. geeks will never be the majority" until you all are registered to vote and participate in our government! It's more important for us to do it now more than ever...

Re:and....Absentee landlords.

[The AtomicPunk (450829)]

It won't help. People won't vote third party, they only vote for the current reigning Demopublican party.

The democrats and republicans use rhetoric to convince the less intelligent that there's actually a difference between the two, assuring that almost everyone votes democrat to vote AGAINST the republican, or republican to vote AGAINST the democrat.

Unfortunately, there's no appreciable difference betwixt the two, so we're condemned to continue down the slippery slope.

Re:In response to a hacking incident?

[ScottGant (642590)]

If everything was shut down, how come http://www.cithosting.com/ is still up and running? If all the equipment was taken, wouldn't the web page that's being shown on that site be gone...shouldn't it be hard to connect to anything on that site at all?

The fact is, this story is old because the FBI has already started returning the equipment back as of yesterday. The FBI confiscated everything on the 14th. CIT's web site says:

02/23/2004 CIT re-establishes service.

We have restored service at Equinix's Chicago Data Centers. We are in the same facilities as MSN and many fortune 500 companies. The facility has multi OC192 connections to the backbone.

The FBI has begun retuning equipment to CIT which is being shipped to our new facilities in Chicago.
At this time CIT will continue to provide dedicated DDOS Protected web hosting only.

Yes, the FBI overstepped they're bounds and yes it's frightening to think of this happening...but let's not get the facts wrong. The story here on Slashdot made is seem like the equipment was seized and the FBI probably won't be returning it, which isn't the case.

When reporting the crap that the US Gov throws at us, don't embelish...just report what is known and not a lot of speculation.

Re:In response to a hacking incident?

[Ian Wolf (171633)]

I don't believe the headline overstated anything. The FBI's track record for returning anything seized is appalling.

Re:In response to a hacking incident?

[Snaller (147050)]

Yes, the FBI overstepped they're bounds and yes it's frightening to think of this happening...but let's not get the facts wrong. The story here on Slashdot made is seem like the equipment was seized and the FBI probably won't be returning it, which isn't the case.


Bullshit - it reported about another step towards the police state in the US - nobody said anything about not getting it back. But by previous accounts they never care much about getting it back.

Re:In response to a hacking incident?

[by Anonymous Coward]

It is routine, however, that the FBI or police seize computer equipment and never return it. So it was reasonable to assume that this was the case here (they still haven't returned 100% of the equipment anyway). It's not obviously stated under the law one's rights when this happens, nor are there limits to how long your equipment can be held (so far as I know). This is a huge problem.

Re:In response to a hacking incident?

[orthogonal (588627)]

The fact is, this story is old because the FBI has already started returning the equipment back as of yesterday. The FBI confiscated everything on the 14th. CIT's web site says:

02/23/2004 CIT re-establishes service.

Hey, look, I tried my best, by submitting this three days ago:

2004-02-21 09:18:16 FBI confisticates (sic) ISP's servers: "more efficie (articles,usa) (rejected)

and it was rejected in about thirty minutes.

Maybe I should write more sensationalistic submissions? ;) Or to be fair, maybe it's because I misspelled "confiscate". But aren't they supposed to be editors -- oh! never mind! Ah, I guess Chope needed the Karma more than I did.

But seriously folks, yeah, the FBI is returning the equipment now, but how much damage was done to an innocent ISP just because the FBI couldn't figure out how to do on-site data mining?

And if searching for evidence on a computer requires the FBI to physically cart the equipment to some distant lab, I guess we just write off any expectation that they'll be able to find data quickly in an emergency -- like, just off the top of my head here, for instance, wholly unlikely I'm sure, an imminent terrorist act?

Well, maybe a business got ruined, maybe the FBI can't scan data quickly enough to stop a terrorist crime in progress, but at least we all feel safer now that arch-criminal Tommy Chong is in jail.

Re:Seems to blow a hole in the theory..

[vegetablespork (575101)]

That's exactly what they want you to think. Perhaps they already had sniffed the evidence illegally, and needed to extract it from the servers under the cover of a search warrant in order to subsequently be able to use it in court.

This is all just speculation, naturally, but such a scenario would be very similar to other fourth amendment workarounds--perform broad, illegal searches (e.g. infrared through walls, which is inadmissible in the U.S. without a warrant) to target homes for additional surveillance. From the results of that illegal search, "happen to" notice something "on routine patrol," then get a warrant, and voila`--untainted evidence usable in court.

No you just aren't thinking

[SmallFurryCreature (593017)]

The company itself wasn't involved in the crime just their machines. Wich means someone from OUTSIDE has access to them. Leaving the machines in place as you wade throught the evidence leaves it wide open for the outsider to erase evidence. Worse what if one of those helpfull techs has other motives?

You are a cop and arrive at a murder scene with a dozen doctors standing around the corpse. Would you really allow any of these medical experts to assist you with determining the cause of death?

A shutdown machine cannot erase data and the fbi got the tools to simply copy data from HD's without the computer it was in being involved. This prevents any chance of the data being destroyed.

Saying they replug them back in at the fbi shows you have no idea of what is involved in this kind of investigation. They copy the HD's directly and completly by taking them out and putting them in their own hardware.

How the fbi does this kinda stuff has been discussed often enough on /.

This is nothing else then the police sealing of a crime scene. Any inconvenience is considered though luck. It really is no different from streets being closed off to allow marathons or demonstrations or repairs. Yes they do attempt to minimize damage but the investigation comes first.

But lets turn it around. If the FBI raids a place like enron would you find it acceptable if the bosses were allowed to keep making phone calls and keep working on their pc's and play with their shredders as they could loose money if the police removed access and took everything away?

Of course not. Just because this is a small hosting company doesn't change the law.

Re:Not fast enough

[Handpaper (566373)]

re-plug them all in
Never. Hard drives are forensically examined by being removed from their machines and duplicated (usually using dd). No investigator would ever boot a machine which is the subject of an investigation - auto-deletion scripts are just too easy to write.

Electronic Evidence Gathering

[nologin (256407)]

Well, it is a pretty simple premise.

The FBI cart equipment away to their premises in order to duplicate the systems and environments. If ever you get into information systems forensics, they would at least perform 2 copies. One is kept as an exact duplicate (to keep for their investigation records) and at least another to actually run analysis against (since searching on an active system can change the data stored in it).

It also makes it easier to catalog what they are working with, and prevents any interference from the outside.

Kinda

[SmallFurryCreature (593017)]

Seems they are investigating the attacks against mircx and aniverse. Since mircx is now down and aniverse is barely holding on I think you might claim that they are looking for someone with mass destruction capability.

the guy behind it seems to have been boosting about about a 200k botnet. 200.000 machines under his control. I think this is no longer some harmless hacking. This is stuff the fbi needs to investigate cause quit frankly nobody else seems able to stop this.

So unless you believe the net should be total anarachy ruled by those with the most bots then this kinda off stuff is sadly needed. To bad for those caught in the crossfire but that is live. Nothing really different from when all trains are disrupted because someone jumped in front of one. A marathon closing off all the streets despite the fact you hate sports. A demonstration causing massive gridlock despite the fact that only 200 people in a million people city are taking part.

Live sucks at times. Really this story shows that /. is getting more and more tabloid. A serious tech site would have asked what the fbi was investigating and wether the hosting company was hosting the person investigated or had servers wich were hacked or was simply a place where the hacker might have left evidence.

Re:Seizing an entire data center

[bruns (75399)]

Let me fill you in on Foonet.

Foonet was the blackest of the black hat networks in existance. They hosted spammers, carders (credit card theives), DDoS drones, floodnets, and various other illegal activities and blindly turned the opposite way and let it happen.

Foonet was based out of the basement of the owners' house. There was no actual 'data center'. They had a T3 and a few T1s - nowhere near the OC-X level they were claiming.

They got tossed off of GBLX about a week before they were raided, and were humping the light at Qwest right before they got pulled.

I knew about this right after it happened.

Foonet will not be coming back, so get over it kiddies. Your DDoS drones are gone. Spammers, your mail servers are gone. Go run and hide under another rock.

A little hint for all of you who can't figure it out - the FBI doesn't usually seize all equipment if its something small. If they took all of the equipment, there is a good reason why they did (not that foonet was acting 'too slow').

I have a list of stuff about foonet on the AHBL page here [ahbl.org].