Forgot your password?
typodupeerror
Communications Government The Internet Your Rights Online

FBI Seizes Server Providing Anonymous Remailer Service 355

Posted by timothy
from the arrogance-of-power-button dept.
sunbird writes "At 16:00 ET on April 18, federal agents seized a server located in a New York colocation facility shared by May First / People Link and Riseup.net. The server was operated by the European Counter Network ("ECN"), the oldest independent internet service provider in Europe. The server was seized as a part of the investigation into bomb threats sent via the Mixmaster anonymous remailer received by the University of Pittsburgh that were previously discussed on Slashdot. As a result of the seizure, hundreds of unrelated people and organizations have been disrupted."
This discussion has been archived. No new comments can be posted.

FBI Seizes Server Providing Anonymous Remailer Service

Comments Filter:
  • What does this help? (Score:5, Interesting)

    by Anonymous Coward on Thursday April 19, 2012 @06:03PM (#39739571)

    Unless the server was keeping logs, and I presume that it wasn't, how could seizing it possibly help the investigation?

    • by Reasonable Facsimile (2478544) on Thursday April 19, 2012 @06:05PM (#39739605)

      Unless the server was keeping logs, and I presume that it wasn't, how could seizing it possibly help the investigation?

      The files are in the computer [imdb.com].

      • by cyachallenge (2521604) on Thursday April 19, 2012 @06:28PM (#39739891)
        If you remember in some of the pirate bay litigation they actually seized the computer RAM. :) The RAM contained case relevant material (at least when it had voltage going through it. Law and technical computer topics rarely mix well.
        • Especially if the RAM is cooled sufficiently, cold boot attacks [wikipedia.org] can be effective for information retrieval from "volatile" memory.

    • by Wowsers (1151731) on Thursday April 19, 2012 @06:09PM (#39739665) Journal

      It's a clear signal to people that if you run a business and your server is in the US, the US can kill your business stone dead in a raid which may have nothing to do with you other than being co-hosted at a server farm. And people wonder why less business is going to the US.

      • Re: (Score:3, Interesting)

        by Zemran (3101)

        My hosting is up for renewal next month and I am already looking to move out of the US for security even though I do not think that I am doing anything of interest to them, I do not know what else is being done at my provider. It is not just bad guys that get taken down, everyone using that service suffered. I do not want to suffer when the jackboots arrive. I want somewhere safe and stable like Switzerland. I am sure that someone will post a reply quoting a bad incident in Switzerland but we could fill

    • by Guppy06 (410832)

      and I presume that it wasn't

      Don't presume, verify.

    • Maybe instead of solving the crime, it simply stops more threats from being mailed out. Until a new anon-service is found. And in the meantime the person might mess up and reveal themselves.

    • Take your hacked router, your raspberry pi, your beagle board and fire up a remailer service off of some public wifi or other, run it off solar, coil leech, thermal gradient sucker, piezo traffic leech or whatever power you can get.

      Didn't someone do a patch to mixmaster so it could do hold and forward like fidonet?

  • by Qzukk (229616) on Thursday April 19, 2012 @06:03PM (#39739575) Journal

    Or did they just kick over all the racks and rip everything out like they seem to do on a regular basis?

  • Correction (Score:5, Funny)

    by busyqth (2566075) on Thursday April 19, 2012 @06:03PM (#39739583)
    FBI seizes terrorist server run by commies.
    Grateful American people throw candy and flowers at heroic agents.
  • When their reply was basically "If we dont let them send bomb threats, we're undermining free speech and the Internet"

    • by v1 (525388) on Thursday April 19, 2012 @06:20PM (#39739773) Homepage Journal

      If we dont let them send bomb threats, we're undermining free speech and the Internet"

      To which I reply "They need to find a different way to discourage or stop them from sending bomb threats. Inflicting me with collateral damage in the quest for better law enforcement is unacceptable, and so is removing my ability to speak with anonymity."

      Given the choice, I think I'd rather deal with the occasional bomb threat than not be able to speak anonymously.

      • by houghi (78078) on Thursday April 19, 2012 @06:27PM (#39739877)

        Given the choice, I think I'd rather deal with the occasional bomb threat than not be able to speak anonymously.

        Give me liberty or give me death.
        There: Translated that for you.
        Also: I rather die on my feet then live on my knees.

        • by v1 (525388)

          Also: I rather die on my feet then live on my knees.

          [grammarnazi] I don't think you can do those two things in that order....[/grammarnazi]

          • by jpapon (1877296)
            You don't know, he could be a vampire or some other mythical creature which dies every day... then the statement would be grammatically correct. As long as dying isn't a hypothetical, it makes sense.
      • If we dont let them send bomb threats, we're undermining free speech and the Internet"

        To which I reply "They need to find a different way to discourage or stop them from sending bomb threats. Inflicting me with collateral damage in the quest for better law enforcement is unacceptable, and so is removing my ability to speak with anonymity."

        Given the choice, I think I'd rather deal with the occasional bomb threat than not be able to speak anonymously.

        Or, to totally mangle a famous quote:

        "First they came for the anonymous, but I was not anonymous, so I did nothing." That's probably true to life for most people actually....

      • by Guppy06 (410832)

        Your inconvenience in having to find yourself another anonymous remailer is outweighed by someone else's jeopardy to life and limb.

        • by Bucky24 (1943328)
          I absolutely agree with you on that. But that's not the reason I don't approve of this action. It's a form of government oversight that I don't particularly want to have.
        • The inconvenience you suffer by not being able to ride on planes without getting molested by the TSA is outweighed by someone else's jeopardy to life and limb.

      • by DdJ (10790) on Thursday April 19, 2012 @07:12PM (#39740375) Homepage Journal

        FYI, we're not dealing with "the occasional bomb threat" here.

        The University of Pittsburgh (which is down the street from where I work) has gotten multiple bomb threats per day every day for weeks now.

        Many students have been driven out of their dorms, to live off campus, because the evacuations were too disruptive. The campus police are no doubt way over budget. Classes are disrupted to the point where folks on academic probation were told this semester "doesn't count".

        At this moment, as I type this, two buildings have evacuation notices. Earlier today, eleven buildings had to be evacuated.

        And today was not exceptional.

        If you want to follow this yourselves, evacuation notices go out over the @PittTweet twitter account.

        Now, I'm not trying to say "knocking every anonymous remailer off the internet is justified". Please don't assume I think that. I'm just pointing out that this very much isn't a case of "the occasional bomb threat". It's basically a full-on ongoing multi-day denial-of-service attack on the Pitt police, Pittsburgh police, and a bunch of the university, happening in meatspace.

        • by Sipper (462582)

          "Stand back... I'm going to try LOGIC..."

          FYI, we're not dealing with "the occasional bomb threat" here.

          The University of Pittsburgh (which is down the street from where I work) has gotten multiple bomb threats per day every day for weeks now.

          Many students have been driven out of their dorms, to live off campus, because the evacuations were too disruptive.

          ...

          I agree that this situation stinks, and that obviously constantly evacuating buildings is very disruptive. However at the same time, can't the University of Pittsburgh and the Pittsburg police stop doing that and ignore the bomb threats, knowing that their leg is being pulled? I realize that there may be some legal precident why they can't... but at some point logic and common sense, along with the knowlege of "The boy who cried wolf" should also come into play.

          • by Obfuscant (592200) on Thursday April 19, 2012 @09:12PM (#39741367)

            However at the same time, can't the University of Pittsburgh and the Pittsburg police stop doing that and ignore the bomb threats, knowing that their leg is being pulled?

            No. The next time it might not be a joke.

            Universities are being sued for not doing enough to stop violence on campus when it happens, as rare as it is, and as much as they do. It's never enough for the lawyers and "grieving heirs".

            It's a large "corporation" to start with, and state schools have the combined pockets of the taxpayer to pick. You can't sue a school for being too careful, only if something happens and you can convince a judge that they might not have done enough. Why make it a slam-dunk victory for millions by ignoring the last, valid threat?

            This is the same reason that cops have to go check out 911 hangup calls. Most likely, it was someone who dialed by accident and then said "oh shit" and hung up. If they try to dodge the problem by turning their cell phone off, or not answering, the cops will show up to see if everything is ok. If the cops just ignored the call, they'd be sued by everyone involved when it turns out that the caller was forced to hang up, or the wire was ripped out of the wall, by her violent husband or vice versa, and someone wound up dead.

          • by Culture20 (968837) on Friday April 20, 2012 @06:20AM (#39744041)

            can't the University of Pittsburgh and the Pittsburg police stop doing that and ignore the bomb threats, knowing that their leg is being pulled? [...] "The boy who cried wolf" should also come into play

            There are two morals to the story of "The boy who cried wolf":
            Don't consistently lie or you'll get eaten (the moral for children)
            Sometimes, children's lies end up being the truth, so pay attention every time or they'll get eaten (the moral for adults)
            If you want to discourage lying, punish the liars when they're caught, but don't ignore what seems like a lie because it might be the truth.

      • by nurb432 (527695)

        Only a terrorist or child molester needs anonymity. What are you hiding?

  • nonsense (Score:5, Interesting)

    by Tom (822) on Thursday April 19, 2012 @06:05PM (#39739597) Homepage Journal

    More importantly: Unless the server operator was a total dofus, this brings them exactly zero steps towards resolving their problem, because this is exactly the kind of attack that Mixmasters was designed to withstand.

    Idiots. Is nobody teaching these fools basics about the stuff they encounter?

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      More importantly: Unless the server operator was a total dofus, this brings them exactly zero steps towards resolving their problem, because this is exactly the kind of attack that Mixmasters was designed to withstand.

      Idiots. Is nobody teaching these fools basics about the stuff they encounter?

      I hate to defend them, but look at it from the FBI's point of view. Maybe the server operator was a total - or even a partial - doofus. The Feds would be even bigger doofuses (as in, negligent in their) to assum

      • Re:nonsense (Score:5, Insightful)

        by tibit (1762298) on Thursday April 19, 2012 @06:21PM (#39739789)

        So, they really need a whole big stinkin' server? If you're a professional, you'd switch the server to single user mode, dump the drive contents to a portable drive, reboot the server, and be on your merry way. If they have proper forensic data analysis tools, they should be able to deal with all popular raid arrays out there, so given those you shut the server down, use a portable disk imager to copy the drives, you then replace the drives, power the server back up, and are on your merry way. I just don't get what they need the server itself for. They are after the data, not the hardware.

        • Re:nonsense (Score:5, Interesting)

          by Em Adespoton (792954) <slashdotonly.1.adespoton@spamgourmet.com> on Thursday April 19, 2012 @06:36PM (#39739993) Homepage Journal

          Have you ever done data forensics? The first thing you learn is that it's not the same data if it's not on the original storage medium.

          Of course, what they SHOULD be able to do is shut the server down, clone the drive, pull the drive that has the warrant, and drop in the cloned drive. Of course, this requires cooperation with the victim, which obviously wasn't available in this case.

          To put it another way: they weren't after the hardware OR the data, they were after the incriminating evidence. Data by itself is hearsay (no way to prove beyond a shadow of a doubt that it was preserved in the same state and context).

          • "Wasn't available in this case." Oh, I'm sure it was available. The FBI is just carrying on its proud tradition of not giving a fuck. It's more "bad ass" that way. In fact, I can see agents rehearsing in the mirror: "That's right, mofo, I'm takin' it. Whatcha gonna do about it... Punk?"
        • by Burning1 (204959)

          I suspect they wanted the drives themselves for analysis - makes it possible to look for deleted or over-written information that might not exist on a duplicated disk.

          • Re:nonsense (Score:5, Informative)

            by bmo (77928) on Thursday April 19, 2012 @08:51PM (#39741215)

            makes it possible to look for deleted or over-written information that might not exist on a duplicated disk.

            Deleted stuff is never erased, just marked as "free space" by the OS.

            Overwritten data, these days, is unrecoverable, even if only overwritten once. There has not been a single criminal case that I can remember where data was overwritten and then recovered on modern drives. The standard of multiple overwrites for true erasure is from the days when disks were physically huge, and the recorded area was huge, and head alignment wasn't always the greatest thing in the world.

            Go read the epilogue to Peter Gutmann's paper

            http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html [auckland.ac.nz]

            A simple dd of the original drives would have given investigators all the information that was available, including deleted files.

            --
            BMO

            • Forensic investigation of a computer includes a capture of the machine's memory, not just the drive contents.

              • by bmo (77928)

                Forensic investigation of a computer includes a capture of the machine's memory,

                But that doesn't mean you need to walk away with the whole machine. Unplugging it and carrying it out the door does nothing for preservation of data in DRAM, which needs power to refresh memory. You can yank the RAM out and put it in dry ice to keep things from discharging too quickly, but you are under a pretty strict clock to get the RAM unplugged and into the analysis machine on the crash cart. If you physically unplug the

          • by tibit (1762298)

            There is no such thing and hasn't been for more than a decade. It's a legend that was once true: in times of MFM and RLL drives, and early PRML drives. Nobody offers such analysis, feel free to prove me wrong by providing someone who would quote it for any hard drive that was shipped in the last decade. The quote would be for data recovery after the drive was overwritten precisely once with zeroes.

        • by cpu6502 (1960974)

          >>>I just don't get what they need the server itself for. They are after the data, not the hardware.

          Likewise the Russian government doesn't need to grab servers in order to investigate claims of "illegally-copied software", but they do it anyway in order to shut down groups that are critical of government. The FBI is simply employing the same tactic to silence human rights groups (many of which are critical of the Congress) under the cover of an "investigation". Two birds killed with one warrant.

        • by Guppy06 (410832)

          If you're a professional, you'd switch the server to single user mode, dump the drive contents to a portable drive, reboot the server, and be on your merry way.

          If you're a professional, you don't assume that the system isn't rigged to destroy evidence in the event of an attempted seizure.

          "On site" and "controlled environment" are mutually exclusive.

          • by mysidia (191772)

            If you're a professional, you don't assume that the system isn't rigged to destroy evidence in the event of an attempted seizure.

            That can happen at a physical layer too. The chassis can be altered so that if an entry procedure is not followed, a data-destruct occurs if there is a chassis intrusion or if the chassis is moved.

            This can be done by installing an interposer circuit in between disk drives and the drive controller with an independent power supply.

            If a "destruct" event occurs; the indep

        • If you're a professional, you'd switch the server to single user mode, dump the drive contents to a portable drive, reboot the server, and be on your merry way.

          And if you were really a professional, you'd get a search warrant for a complete wiretap on the server, and track all packets coming in and out. You might also compromise the machine so you could obtain all of the unecrypted traffic entering and exiting the machine. But the FBI apparently isn't that smart.

  • by Vinegar Joe (998110) on Thursday April 19, 2012 @06:05PM (#39739603)

    I can't wait for the elections to come!

    • by cpu6502 (1960974)

      Damn you Mitt Romney!
      (I come from the future.)

    • If you don't totally support our efforts to make China and North Korea look like bastions of freedom in comparison, then you must be a terrorist! There is no in between, citizen! Why do you hate America?

      /snark
  • by jimmerz28 (1928616) on Thursday April 19, 2012 @06:06PM (#39739619)

    Whenever they take servers "down" it's like a ogre killing a spider with a tree trunk. They smash the table, furniture, and destroy the house along with the poor spider.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      don't worry the spider will not be harmed it will walk out between the debris and find a new place to hide...

      • Re:Not New (Score:4, Insightful)

        by Kjella (173770) on Thursday April 19, 2012 @06:39PM (#39740019) Homepage

        You're assuming the message was for the spider and not for everyone who has a spider in their house. And the message is that if you carry a service we don't like, we'll make sure to inflict as much damage as possible when we come for it. You get a pretty good self-censoring effect out of it. Same reason TOR doesn't scale very well, you'd have to be mildly insane to run an exit node as a private person.

    • But the disgusting spider is dead !
      Most of the time it's all that they need to know.

  • by n5vb (587569) on Thursday April 19, 2012 @06:15PM (#39739725)

    ..and the FBI seizes the server they used?

    Anyone else think this is more believable as a denial of service attack, or as a pretext for taking down a troublesome server they couldn't legally seize by any other means, than as an actual threat?

    Unless the person sending them was stupid enough to think that a remailer would protect them from ever being caught, and didn't care that it was going to mean taking down the whole service for everyone else using it..

    • by Guppy06 (410832)

      Unless the person sending them was stupid enough to think that a remailer would protect them from ever being caught, and didn't care that it was going to mean taking down the whole service for everyone else using it..

      And you've just answered your own question! Don't worry, though, as I'm sure that this remailer was only the first of his Seven Proxies.

      New to the internet much? People are stupid.

      Besides, you're assuming that the perpetrator is both smart enough to be using this as a sideways method of getting the servers taken down and yet stupid enough to do it by way of a major felony that will practically land your ass in Gitmo if it goes wrong.

    • by Zorque (894011)

      Whoever it was didn't care that they were disrupting people's lives by having their classes cancelled over and over (and over, and over, and over. It was a continuous and practically psychotic series of threats), so of course they didn't care about getting a remailer taken down. I've spoken with people who live on campus there and the person sending the threats is clearly unstable at best.

  • by msaroff (468853) <msaroff.pobox@com> on Thursday April 19, 2012 @06:17PM (#39739741)

    Someone bosts a gazillion bomb threats, and computers associated with OWS and other protests get seized.

    Awfully convenient.

    Any guess as to whether the bomb threats can be traced back th Langley or Ft. Meade?

    • Someone bosts a gazillion bomb threats, and computers associated with OWS and other protests get seized.

      Awfully convenient.

      Any guess as to whether the bomb threats can be traced back th Langley or Ft. Meade?

      Put down your tinfoil hat. This person has more or less paralyzed a major university campus for an entire semester and the FBI barely has anything to go on. They already subpoenaed/questioned/arrested everyone they can find that's had a major quarrel with the school in recent memory (and one nutjob from the 80s). They're grasping at straws with the remailer services they know were used because they don't have any other leads and finals week is coming up.

      While we're at it, TFA is pretty vague on the facts.

    • by DdJ (10790)

      If you're a conspiracy-minded crackpot who uses "follow the money" reasoning, then another obvious possibility is Verizon or AT&T.

      Why?

      Every time one of these bomb-threat incidents happens -- and they've been happening multiple times a day every day for quite a while now -- Pitt uses their emergency notification infrastructure to coordinate communication about them. And that means text messages to thousands of students.

      (Because of the whole "in loco parentis" thing Universities have to deal with, and be

  • Could you develop a service for allowing anonymous communication that you gave the FBI pre-emptive visibility into without compromising the anonymity of the system?

    Allow the FBI to snapshot the whole hard drive and peruse it at their leisure any time they requested.

    Perhaps the FBI wouldn't trust you and your fancy transparency, but maybe you could make it plausibly accurate enough such that a server confiscation would be equal to an unwarranted attack from a legal standpoint.

  • by milbournosphere (1273186) on Thursday April 19, 2012 @06:23PM (#39739819)
    From what I can tell, the service was providing anonymous re-mailer services, not re-mailer services to Anonymous. This being the case, they're not going after a service used by the hacker group; they're going after a service offering anonymous communications to your average citizen. Not cool, gov'mint, not cool.
  • They had a warrant. (Score:5, Interesting)

    by cpu6502 (1960974) on Thursday April 19, 2012 @06:26PM (#39739867)

    They followed proper constitutional procedure (for a change). So blame the judge not the fbi.

  • Why should a server EVER be seized as "evidence"?

    Why not just have an FBI team come in, temporarily shut down the server, clone all the data, and then leave, and the server comes back up?

    --PM

    • Even if goons knew how to clone the data onsite, the act of copying will open a huge can of worms in any subsequent court case, moreso if you allow the owner of the server to do it. It's nothing new really, they did the same thing with filing cabinets long before server rooms existed. However there must be a better way to do it, courts routinely demand 'records' be handed over without sending in the goons in to empty your server room.
  • Hey, we are in a war with something or other.. a little collateral damage is expected.

    Suck it up or get put on a dissident watched-list.

  • Is anonymous communication really a right? It's a relatively new thing in human interaction, is it really necessary, or beneficial?

    I'm not stating an opinion one way or the other, I'm honestly asking, what do we really gain from truly anonymous communication? The things we lose (i.e. accountability for things you say) are clear, so I'm just asking, what are the benefits to society?

    Isn't free speech enough? If we truly had the right to free speech, why would anonymity even be necessary?

    • I would argue that anonymous == private. If you don't know who's saying it, it doesn't really matter what's being said or who hears it: my ability to communicate with whomever is safe. To a point, of course. Giving up obvious tactical information, for example - "The Harlequin will attend the meeting at 10:00, dammit, on time!" - kind of defeats the purpose, if you're the Harlequin trying to evade capture. And, yes, I know he showed up early in that instance.

      In the Pitt case, one person is broadcasting
  • I wonder if it has occurred to the FBI that by yanking a server with other individuals and business' stuff on it, that they are conducting a DOS much like anonymous. It seems they played right into their hands even if it wasn't their intention to offer said hand. To the FBI: smooth move ex-lax.

It is surely a great calamity for a human being to have no obsessions. - Robert Bly

Working...