FBI Seizes Servers In Virginia 405
Axolotl_Rose writes "The FBI has seized servers belonging to several clients of a hosting company in Reston, VA, disrupting service for many other clients. 'In an e-mail to one of its clients on Tuesday afternoon, DigitalOne’s chief executive, Sergej Ostroumow, said: “This problem is caused by the FBI, not our company. In the night FBI has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.” Mr. Ostroumow said that the FBI was only interested in one of the company’s clients but had taken servers used by “tens of clients.” He wrote: “After FBI’s unprofessional ‘work’ we can not restart our own servers, that’s why our Web site is offline and support doesn’t work.” The company’s staff had been working to solve the problem for the previous 15 hours, he said.'"
Restore from backup? (Score:5, Insightful)
Couldn't they restore their customers' sites from backup?
The FBI should try that on cloud hosting (Score:5, Insightful)
1. Take the servers
2. There is nothing on the servers - take the Storage
3. The storage is remotely replicated - pull the remote storage
4. You can't pull the remote storage, you don't have jurisdiction overseas
Solution (Score:5, Insightful)
Civil and criminal liability (Score:5, Insightful)
I think it's time to hold the FBI to the same standards that they would hold the rest of us. If I went in waving a gun around and demanding to walk away with somebody else's server, they'd throw my ass in jail.
If they want access to a particular client's content, they can go through the same process as a DMCA takedown request or a backup request would. They make a request, the company yanks that customer's access, then clones that customer's data onto a new drive, then hands them the drive.
As far as I'm concerned, every single client of this ISP ought to sue the FBI for the damage they caused—for the downtime, for the loss of data, for the time spent trying to reach the ISP to figure out what was going on, for the cost of any failover hardware or service that they had to pay for in lieu of that service, etc. If the FBI had to pay out a few million dollar settlements every time they pulled a stunt like this, they'd think twice about acting like a bunch of thugs, and they would go through proper channels and do their investigation in a way that doesn't cause collateral damage.
There's simply no excuse for such sloppy investigative work. If they screwed up so royally with the servers, you have to wonder how many grievous errors they made in other areas that would lead to the evidence being declared tainted, criminals going free, etc.
Act of War (Score:3, Insightful)
next time, use a drone.
FBI: Driving businesses out of the country (Score:5, Insightful)
Re:Not Surprised (Score:3, Insightful)
Well I suspect walking in and taking every server in site is not going to go over well
in the long run. Group punishment is hardly constitutional, and as soon as some deep pockets
fight back this process will stop.
Still these lulzsec clowns need to be reined in and perp walked. If they had a point to
make they've already made it, now its time to pay the piper.
Ultimate DOS (Score:3, Insightful)
It's the ultimate Denial Of Service attack:
1) Co-locate stuff that the FBI doesn't like with the server that you want to DOS
2) Report your server to the FBI
3) Sit back and let the FBI do the rest.
Re:Restore from backup? (Score:5, Insightful)
I've been around long enough to remember the Secret Service raid on Steve Jackson Games [sjgames.com], which was the triggering event for founding the EFF [eff.org].
Most companies don't have "The Feds turn up with search warrants and take all your stuff, including backup tapes" as a threat they plan for in their backup strategy. Off site backup doesn't protect against this.
I don't know what the problem is in this case - whether the backups were also seized, or that they simply lack the hardware to restore on to.
Re:Does the Constitution still mean anything? (Score:5, Insightful)
Responding to your title, "Does the constitution still mean anything", the answer is NO.
Just about here is where I get jumped on by everybody who supports the Constitution and hold it dear. Who doesn't?
But the point is, nothing written in the constitution means anything any more, and hasn't for a long time.
Every sentence and every clause has been violated and circumvented by a web of laws and rulings such that any citizen who points to the constitution in his defense is laughed out of court. In the legal profession, an appeal to the constitution is a huge inside joke. The sign of a rube. A target to be fleeced.
Re:Not extreme (Score:5, Insightful)
I am a federal agent (non-FBI) who has seized large amounts of digital evidence. In criminal cases, you need entire hard drives so you can do forensic extraction. Can you ask the ISP to retrieve the data for you? Yes. However, it depends on 1.) Is this an email address or a large organization with colocated servers. 2.) How much do you trust the ISP? (based on past actions, size, clientele, etc.). BTW, if you search large companies who have their congressman on speed dial, you can be assured that the agents and judge have evaluated the impact to legitimate business vs illegal activity.
I'd think that the same thing applies when the FBI sees a suspect enter a parking garage - they know he entered the garage and are pretty sure that he hid his contraband in a car. The garage owner might be working with the suspect, so they can't trust him. The question is, can they seize all 200 cars in the garage and tow them back to be disassembled and searched to be eventually returned to the owners, perhaps no longer in working order? Would any judge allow that?
If the answer is no, why is it different with servers?
Re:Not Surprised (Score:5, Insightful)
To think that a law enforcement agency, and yes, that's all they are, can walk into a premises with a warrant for specific information and take most of your equipment goes against the whole idea of "freedom".
Unfortunately this is not the first time the FBI have done stuff like this, just watch Freedom Downtime (actually about Kevin Mitnick) and see what happened to Bernie. It's been happening for decades to people who haven anything to do with hackers, why not go after company equipment now rather than your dad's computer?
Re:Cloud (Score:5, Insightful)
(unless it's been bugged)
You just negated your own argument. Sorry, man, do not pass go. Do not collect 200 karma.
Law enforcement needs to decide on a firm, reliable way to identify those responsible for cybercrime, to punish them and ONLY them, not the people who happen to be providing service along the way.
Do they shut down the power company every time the crooked DEA finds a grow op ? No, because the power company is simply providing a service irrespective of usage. We need to start treating the internet like any other utility, since that's what it has become. Want a site shut down ? Track the IP, look up Whois, call the ISP, follow procedure. Randomly and illegally seizing property is NOT going to solve any problem. It will only incite more to rebel against the broken legal system.
Go ahead FBI, ruin someone's business and livelihood over fabricated evidence and feeble-minded assumptions, but don't act surprised when that ex-entrepreneur shows up at your doorstep with a bottle of jack and a loaded shotgun. Actions have consequences, and abuse of power merits the harshest consequences of all.
Re:Restore from backup? (Score:5, Insightful)
Is there any penalty for the FBI grabbing the wrong servers or causing massive disruption to innocent people?
I have always found it troublesome that law enforcement seems to be able to smash your nice front door down, take all your stuff, sit on it for a year or two for "analysis", wipe the HDDs and eventually give it back to you, and meanwhile you lose your job*... Yet there is no come back for them. No matter how badly the bungle the investigation, how much collateral damage, how much it screws up your life. I can understand the need for law enforcement to operate without fear of being liable for large sums of money, but there should also be some kind of compensation fund for the wrongly accused and innocent bystanders.
* That actually happened to the admin of the Oink BitTorrent tracker, who was eventually found innocent of all charges.
Re:FBI: Driving businesses out of the country (Score:5, Insightful)
I think most of the smart IT people are beginning to view the U.S. as a threat to their business.
Your link leads to an article complaining about shutting down "websites involved in copyright infringement, the sale of counterfeit goods or child pornography", among other things. I doubt most smart IT people are involved in criminal enterprises. If most of the "smart" people you know are, maybe you should think about moving to a different part of the industry. And when I say different, I mean legal.
Unless you run your own data center, and have multiple upstream links, you may be relying on a data centre that someone else is hosting those things -- either knowingly, or because a single box was compromised.
If you're not a beomouth fortune 500 company, chances are you've got a couple of physical machines in a colo, or even just a VM or two. You have no control over who Rackspace rent their servers and space too, so when the FBI come calling, you lose money.
Re:Restore from backup? (Score:3, Insightful)
Really? I copy my hardware to my 3-D printer every night.
According to the media companies, you've just stolen that hardware!