Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Crime Government Networking The Internet Your Rights Online

FBI Seizes Servers In Virginia 405

Axolotl_Rose writes "The FBI has seized servers belonging to several clients of a hosting company in Reston, VA, disrupting service for many other clients. 'In an e-mail to one of its clients on Tuesday afternoon, DigitalOne’s chief executive, Sergej Ostroumow, said: “This problem is caused by the FBI, not our company. In the night FBI has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.” Mr. Ostroumow said that the FBI was only interested in one of the company’s clients but had taken servers used by “tens of clients.” He wrote: “After FBI’s unprofessional ‘work’ we can not restart our own servers, that’s why our Web site is offline and support doesn’t work.” The company’s staff had been working to solve the problem for the previous 15 hours, he said.'"
This discussion has been archived. No new comments can be posted.

FBI Seizes Servers In Virginia

Comments Filter:
  • And so it begins . . . .

    did lulzsec think they could get rid of it forever?

    • Ultimate DOS (Score:3, Insightful)

      by Anonymous Coward

      It's the ultimate Denial Of Service attack:
      1) Co-locate stuff that the FBI doesn't like with the server that you want to DOS
      2) Report your server to the FBI
      3) Sit back and let the FBI do the rest.

  • They'd have to be pretty stupid to use a server located in the USA.
  • by gmhowell ( 26755 ) <gmhowell@gmail.com> on Tuesday June 21, 2011 @11:21PM (#36523844) Homepage Journal

    Couldn't they restore their customers' sites from backup?

    • by poity ( 465672 )

      That's what I was wondering. What professional operation can't get customer data back from onsite or offsite backup withing the day?

      • Data is easy, hardware not so much.

        • by jd ( 1658 )

          Unless the clients were running specialized hardware, the backup images can be thrown onto virtual machines in the interim. A dead site gathers no hits.

      • by Dahamma ( 304068 )

        If it's just a colo, the customers may own their own servers (and be responsible for the software on them as well as backups).

        If the servers were important, it's even possible they had a few for redundancy - unfortunately, redundancy is usually designed to account for simple hardware (or software) failures, and doesn't do much good when someone takes ALL of them...

      • by CAIMLAS ( 41445 ) on Wednesday June 22, 2011 @02:17AM (#36524876)

        If the FBI has taken a full rack or more of equipment (as the article suggests), and they're a small shop, it would seem to me that a day or more is not an unreasonable recovery time.

        Also, a hosting company may not actually do backups for customers, they may just 'rack and manage' on an exigent basis, leaving day-to-day to the customer.

        Look, it's more than possible for a single guy to manage a half dozen racks of equipment on his own w/o much issue. Two, three guys, done right with good infrastructure, could do a couple dozen. We're not talking about anything complex, just simple single servers running an application or three. In this situation we're talking about a web hosting company, where they're constantly doing piddly 'little' things but almost always running short staffed. Switching is done by one guy/group, and the server maint by others. There is no room for 'disaster recovery in an instant' here. It'll be all up-hill, in the snow, in January, on Mars.With a higher than expected gravity.

        Those same three guys are going to be hard pressed to rebuild their own infrastructure in day, too, backups or no backups. Figure it's noon before they even get chassis from Dell/IBM/HP to replace the ones stolen by the FBI that had their infrastructure on it, and then they've got to rebuild the racks, too - cabling, racking, and hardware RAID (like that doesn't take forever to perform). Considering it takes, what, 10 minutes? on some of these newer IBM servers to boot, this is hardly surprising. Add to all that the fact that their tape backup system, their disk backup system, and/or infrastructure switches may have been taken, and you've got a huge, huge headache. It takes, what, a day for two guys to simply install, cable, and rack a single rack chassis (guessing here) to all 40+ Us? And realistically, you can't have many more than 2-3 guys doing the work.

        I'd be surprised if they got back up to 'fully operational' within 2-3 days. I'll be impressed if they don't go out of business.

    • not with half the datacentre gone, they can't.

      the backup system was probably in one of the _racks_ the FBI seized.

    • by scdeimos ( 632778 ) on Tuesday June 21, 2011 @11:34PM (#36523924)
      Restore to what? From what I've read DigitalOne's a co-lo customer and the FBI's taken all their physical hardware.
      • by gmhowell ( 26755 )

        Restore to what? From what I've read DigitalOne's a co-lo customer and the FBI's taken all their physical hardware.

        That's where you went wrong: you read the article. I didn't bother.

    • by Michael Woodhams ( 112247 ) on Wednesday June 22, 2011 @12:01AM (#36524124) Journal

      I've been around long enough to remember the Secret Service raid on Steve Jackson Games [sjgames.com], which was the triggering event for founding the EFF [eff.org].

      Most companies don't have "The Feds turn up with search warrants and take all your stuff, including backup tapes" as a threat they plan for in their backup strategy. Off site backup doesn't protect against this.

      I don't know what the problem is in this case - whether the backups were also seized, or that they simply lack the hardware to restore on to.

      • by gmhowell ( 26755 )

        I've been around long enough to have had a UID on that system :p

        This shouldn't be much different than "a hellmouth opened up under the datacentre and swallowed it" or "the tsunami washed it out to sea" or "a stray SCUD hit the building". While ridiculous, it would seem that a visit by the FBI is about as catastrophic as some naturally occurring events that one might want to plan for. I'm not in disaster recovery, so I dunno.

        I'm also curious how dodgy the customer was and if the service provider knew. (IOW,

        • This is worse.

          Conventional disasters don't give you jail sentences for owning a copyrighted pic of a terrorist engaging in Pr0n.

        • by AmiMoJo ( 196126 ) on Wednesday June 22, 2011 @02:45AM (#36524980) Homepage Journal

          Is there any penalty for the FBI grabbing the wrong servers or causing massive disruption to innocent people?

          I have always found it troublesome that law enforcement seems to be able to smash your nice front door down, take all your stuff, sit on it for a year or two for "analysis", wipe the HDDs and eventually give it back to you, and meanwhile you lose your job*... Yet there is no come back for them. No matter how badly the bungle the investigation, how much collateral damage, how much it screws up your life. I can understand the need for law enforcement to operate without fear of being liable for large sums of money, but there should also be some kind of compensation fund for the wrongly accused and innocent bystanders.

          * That actually happened to the admin of the Oink BitTorrent tracker, who was eventually found innocent of all charges.

          • Re: (Score:3, Informative)

            From Professor Mark Stevens' page in California State University [ncwc.edu]

            Suing the government is the second most popular indoor sport in America, and police are often the targets of lawsuits, with over 30,000 civil actions filed against them every year, between 4-8% of them resulting in an unfavorable verdict, where the average jury award is $2 million. This isn't even counting the hundreds of cases settled thru out-of-court settlements, which probably runs in the hundreds of millions and involves about half of all cases filed. It may take up to five years to settle a police liability case.

    • by sjames ( 1099 )

      I'm sure the jackbooted thugs were ever so careful not to damage anything while they ripped the data center to shreds....

      I'm guessing by the comment that they cannot restart their own servers that said thugs trashed whatever they didn't take. So the question is, restore the backups to what?

  • by initialE ( 758110 ) on Tuesday June 21, 2011 @11:21PM (#36523846)

    1. Take the servers
    2. There is nothing on the servers - take the Storage
    3. The storage is remotely replicated - pull the remote storage
    4. You can't pull the remote storage, you don't have jurisdiction overseas

    • THIS! Although, you have to be careful. If your storage is outside of US jurisdiction (Amazon S3 Asia/EU AZs), but the company is still a US company for the most part (for this example, Amazon), it's very likely LEO will get the data they're looking for. Take into account the people who run whatever equipment/storage systems you're using outside of jurisdictions you're working against.

    • by jd ( 1658 )

      The FBI can't seize it, but due to crap security, apparently everyone else can. Hmmm. Not a great swap.

    • It's ok, they backed up everything to S3 using Dropbox, and Dropbox has a new feature where you can log in to any account with any or no password.

    • "Hi Amazon! Here's a 42 wheel truck. All your servers are belong to us in one click. You have no chance to survive. Ha Ha Ha. Ha Ha. (Duet between Zero Wing and Nelson.)

  • Solution (Score:5, Insightful)

    by PPH ( 736903 ) on Tuesday June 21, 2011 @11:21PM (#36523848)
    Host offshore.
    • by mykos ( 1627575 ) on Tuesday June 21, 2011 @11:39PM (#36523962)
      I think most of the smart IT people are beginning to view the U.S. as a threat to their business. If U.S. investigative agencies can disrupt dozens, or even thousands [dslreports.com], of innocent individuals and businesses with impunity, why the hell would anyone take the risk hosting in the U.S.?
      • by MightyMartian ( 840721 ) on Tuesday June 21, 2011 @11:45PM (#36523996) Journal

        Because, of course, other countries are so much less intrusive.

        • While no one's going to suggest setting up a co-lo in Zimbabwe or Venezuela anytime soon, there are other countries that are safer from the risk of government seizure than the US is now. Ireland, Switzerland, any of the Nordic countries, and New Zealand all spring to mind. Any one of those places would be a much better bet for setting up a new co-lo, were one inclined to do so, than the good ol', freedom lovin', US of A.

          • It's bad enough driving downtown to punch a server in the face... I'd rather not have a 10+ hour flight as well.

          • by Anzya ( 464805 )

            Meh, this has already happened in Sweden when the police confiscated a lot of servers and disrupted service for other customers just to get at The Pirate Bay. Who cares if other gets hurt in the process for the greater good...?

      • I think most of the smart IT people are beginning to view the U.S. as a threat to their business.

        Your link leads to an article complaining about shutting down "websites involved in copyright infringement, the sale of counterfeit goods or child pornography", among other things. I doubt most smart IT people are involved in criminal enterprises. If most of the "smart" people you know are, maybe you should think about moving to a different part of the industry. And when I say different, I mean legal.

        • by isorox ( 205688 ) on Wednesday June 22, 2011 @03:41AM (#36525216) Homepage Journal

          I think most of the smart IT people are beginning to view the U.S. as a threat to their business.

          Your link leads to an article complaining about shutting down "websites involved in copyright infringement, the sale of counterfeit goods or child pornography", among other things. I doubt most smart IT people are involved in criminal enterprises. If most of the "smart" people you know are, maybe you should think about moving to a different part of the industry. And when I say different, I mean legal.

           

          Unless you run your own data center, and have multiple upstream links, you may be relying on a data centre that someone else is hosting those things -- either knowingly, or because a single box was compromised.

          If you're not a beomouth fortune 500 company, chances are you've got a couple of physical machines in a colo, or even just a VM or two. You have no control over who Rackspace rent their servers and space too, so when the FBI come calling, you lose money.

        • And you know that the domain registrar you used didn't sell a domain to a single person/enterprise that might be suspected of a crime. And the DNS provider you use doesn't have such a customer. And the hosting provider you use doesn't have such a customer. And the data center the servers are in doesn't have such a customer. And you and any of your providers and any of their customers haven't annoyed someone enough to get setup for such a raid.

          However, for a lot of the rest of us issues of size and finances

    • DigitalOne is based in Switzerland, they did host offshore in the US. That might have been a mistake.

  • by dgatwood ( 11270 ) on Tuesday June 21, 2011 @11:26PM (#36523874) Homepage Journal

    I think it's time to hold the FBI to the same standards that they would hold the rest of us. If I went in waving a gun around and demanding to walk away with somebody else's server, they'd throw my ass in jail.

    If they want access to a particular client's content, they can go through the same process as a DMCA takedown request or a backup request would. They make a request, the company yanks that customer's access, then clones that customer's data onto a new drive, then hands them the drive.

    As far as I'm concerned, every single client of this ISP ought to sue the FBI for the damage they caused—for the downtime, for the loss of data, for the time spent trying to reach the ISP to figure out what was going on, for the cost of any failover hardware or service that they had to pay for in lieu of that service, etc. If the FBI had to pay out a few million dollar settlements every time they pulled a stunt like this, they'd think twice about acting like a bunch of thugs, and they would go through proper channels and do their investigation in a way that doesn't cause collateral damage.

    There's simply no excuse for such sloppy investigative work. If they screwed up so royally with the servers, you have to wonder how many grievous errors they made in other areas that would lead to the evidence being declared tainted, criminals going free, etc.

    • They make a request, the company yanks that customer's access, then clones that customer's data onto a new drive, then hands them the drive.

      Oh yeah, that'll be real great. Then the mafia guys the FBI is chasing get a tip off because they are the ones who own the datacenter. Not saying I like how it is, but your plan has serious holes.

      • The work of cloning the data could either be supervised or actually performed by trained FBI agents (from a chain-of-evidence point-of-view, the latter would be preferable). But before going in, they should have at least as much information as is needed to know which servers and which clients on those servers they need. Fishing expeditions like this one need to stop.

        • It's not easy. You have to be able to figure it out on-site, because the owner cannot be considered trustworthy (although in most cases he/she probably is). How do you ensure you only get the correct computers, and also avoid giving notice to the criminals in time to hide the evidence? Obviously the FBI is mainly interested in the latter, but there needs to be balance.
    • by icebike ( 68054 ) on Wednesday June 22, 2011 @12:00AM (#36524116)

      You can try to file a suit, but you probably wouldn't get anywhere.

      The Federal Tort Claims Act was enacted by Congress in 1946 to allow citizens to sue the federal government. Prior to that you had to get something
      passed by congress in order to sue the government.

      From http://www.finchmccranie.com/refresher.htm [finchmccranie.com]

      While the passage of the FTCA constitutes a limited waiver of sovereign immunity, Congress specifically limited the government's amenability to suit in a variety of different circumstances. In 28 U.S.C. 2680, Congress specified that its limited waiver of immunity would not apply to the following claims:

      (a) any claim based upon an act or omission of an employee of the government, exercising due care, in the execution of a statute or regulation, whether or not such statute or regulation be valid, or based upon the exercise of performance or the failure to exercise or perform a discretionary function or duty on the part of a federal agency or an employee of the government, whether or not the dis- cretion involved be abused; ...

      So you see, you are effectively shut down before you get to the courthouse steps. All they need do is say "We had evidence that all servers we took were involved" and there is nothing more you can do. You will not be granted the ability to examine that evidence.

      • I wonder is the FBI could subpoena a critical control system say a Siemen's SCADA controller that had been hacked. If this control system were used to control a machine capable of causing grievous bodily harm or death, would the FBI not be negligent? If the FBI took a server legitimately housing an e-commerce site containing customer data, would that be considered a data breach under California law?(FTCA torts are determined under state law not under Federal)

        The FTCA specifically allows claims based upo
      • by sjames ( 1099 )

        They rendered even the servers they DIDN'T take unbootable. That doesn't sound like due care. They had the opportunity to have employees of the colo (who were not under investigation) which machines belonged to the party named in the warrant, but they failed to do so. Again, no care at all, much less due care.

  • by mykos ( 1627575 ) on Tuesday June 21, 2011 @11:27PM (#36523886)
    Each of the clients who had their property seized without warrant should bring suit.
    • Note being a USAnian, I am guessing here - but ISTR there's a law preventing you from suing the government? Basically - immunity from prosecution unless the government (dept) agrees to be sued, or something like that. And I always think, hearing something like that, the argument would be something like, "It's not in the national/public interest for you to be sue us, so no. Neener neener neener."
      • You can sue the government but the rules are different than suing private parties, because the government is different. There is a different set of laws that apply to the government (for example, a private party would not be able to request a warrant to seize someone else's equipment, no matter how much kiddie porn it has). Uh, YMMV if someone manages to steal your your computer because you have kiddie porn on it don't blame me
        • One of the caveats is that government has to consent to be sued. Yes, they can say "we do not agree for this lawsuit" and the result is "case dismissed."

          • At which you talk to your judicial (appeal) - and if that can't/won't work, the legislature. Congress can pretty much do what they want, if you can convince them to do it! Unfortunately these days that's less about presenting a problem vs presenting a check.

      • You can definitely sue the US government. Separation of powers and such say, in theory, that the FBI/executive branch people can't just make it disappear. From my understanding you are sort of correct in that the executive branch can ask the judicial to not hear the case in the best interest of the nation.

        Remember when ICE took down all those websites via domain seizures? Some of those companies are suing over it. I dunno if it'll actually go anywhere but I believe they weren't thrown right out. Lots of imp

    • by icebike ( 68054 ) on Wednesday June 22, 2011 @12:10AM (#36524180)

      Responding to your title, "Does the constitution still mean anything", the answer is NO.

      Just about here is where I get jumped on by everybody who supports the Constitution and hold it dear. Who doesn't?

      But the point is, nothing written in the constitution means anything any more, and hasn't for a long time.
      Every sentence and every clause has been violated and circumvented by a web of laws and rulings such that any citizen who points to the constitution in his defense is laughed out of court. In the legal profession, an appeal to the constitution is a huge inside joke. The sign of a rube. A target to be fleeced.

      • The sign of a rube. A target to be fleeced.

        Even lawyers must choose their targets with some care. Filing a lawsuit against the "wrong" people can result in an "out of court settlement". You can use your own imagination as to what constitutes an "out of court settlement" in that context...

  • Act of War (Score:3, Insightful)

    by sanzibar ( 2043920 ) on Tuesday June 21, 2011 @11:33PM (#36523922)

    next time, use a drone.

  • ... is they did not want to power down the server.

    Law enforcement is trained that if you are seizing a computer, if possible, do not let it be shut down/locked. Forensics can snapshot the RAM and possibly get encryption keys that would be lost if the server was powered down. Worst case there could be a whole drive encryption that needs a password every boot, if you let the computer shut down you lose everything and all you will have is a worthless box without the password.

    It is likely there was no way to re

    • by icebike ( 68054 )

      Sounds like wild speculation to me. And a great deal of fantasizing.
      If you physically have the server, you simply power it down, even by yanking the cord, (not nearly as harmful to a modern server as you've been lead to believe) then pull the hard drives and clone those, and deal with their content as mere data. Taking the entire cabinet is the sign of fools and novices.

      • If I keep all of my data in a strongly encrypted container (that does not have a password that is brute force able in a reasonable amount of time), how do you expect to gain anything meaningful "dealing with it as mere data" without the decryption key which was stored in ram till you shut the machine off to clone the drive?

      • Taking the entire cabinet is the sign of fools and novices.

        Or someone concerned about the chain of custody for evidence.

    • by hawguy ( 1600213 )

      It is likely there was no way to remove the server from the enclosure while keeping it supplied with power. So what they likely did is they spliced in their own UPS to the cabinet and rolled the whole thing out. to their truck where they could keep it powered till a expert could get in and get a dump of the system state

      And if they have this magic splicing capability (as opposed to relying on redundant power supplies to let them transparently hook up their UPS), are you saying that it was easier to supply 10KW of power to an entire cabinet than it would have been to supply 400W of power to a single server?

      They'd need 1000 pounds of batteries to keep the cabinet powered for any appreciable amount of time.

      • They don't need to keep the whole rack powered, just the one machine they are interested in, they could power down the rest of the rack and a off the shelf UPS could run it for plenty of enough time to get it to a truck with a inverter on it.

        As for the "magic splicing" it is not hard to do, anyone with a basic understanding of electric circuits can splice two live cables together.

        • by jamesh ( 87723 )

          As for the "magic splicing" it is not hard to do, anyone with a basic understanding of electric circuits can splice two live cables together.

          But it's a lot more entertaining when someone without a basic understanding of electric circuits does it :)

          In any case, if I was writing malware i'd be detecting when network connectivity changed (eg my server was being loaded into a truck and no longer connected to the data centre) and initiating an erase of all the disks and RAM... keeping the server hot to run forensics would only make this easier.

          • by hawguy ( 1600213 )

            In any case, if I was writing malware i'd be detecting when network connectivity changed (eg my server was being loaded into a truck and no longer connected to the data centre) and initiating an erase of all the disks and RAM... keeping the server hot to run forensics would only make this easier.

            Or better, an inertial motion sensor located inside the server case:

            http://www.motionnode.com/ [motionnode.com]

            As soon as it detects motion, have the server erase everything.

        • by fluffy99 ( 870997 ) on Wednesday June 22, 2011 @12:45AM (#36524404)

          They don't need to keep the whole rack powered, just the one machine they are interested in, they could power down the rest of the rack and a off the shelf UPS could run it for plenty of enough time to get it to a truck with a inverter on it.

          As for the "magic splicing" it is not hard to do, anyone with a basic understanding of electric circuits can splice two live cables together.

          There is a product called HotPlug that is meant for seizing assets without powering them down. It works pretty slick. Basically, you plug it into the same power strip, flip the switch and unplug the powerstrip from the wall. You can also splice into the cord or outlet if needed.
          http://www.wiebetech.com/products/HotPlug.php [wiebetech.com]

          • Thanks, i was looking for that, I wanted to include that in with my OP but I could not find it.

          • by hawguy ( 1600213 )

            There is a product called HotPlug that is meant for seizing assets without powering them down. It works pretty slick. Basically, you plug it into the same power strip, flip the switch and unplug the powerstrip from the wall. You can also splice into the cord or outlet if needed.
            http://www.wiebetech.com/products/HotPlug.php [wiebetech.com]

            Interesting device -- I see on the specs page that it only goes up to 5 amps.

            So it looks like I might (barely) be safe on my fully loaded Sun E450 (500W power supplies) as long as I step down the input voltage to 100V.

            Of course, my original point still stands that it makes no sense to power an entire rack when all you want is one server. If you can figure out how to cut over to your own UPS, I think you can figure out how to keep power to the server while you unrack it.

        • It's not so easy if you need to keep the power in phase, or not backfeed something. It's kind of hard to just magick a transfer switch into a live circuit...

          Not to mention that even getting the thing moved 10 feet without disks shitting their pants is a whole other difficulty...

  • I'm tempted to start a building demolition company. Using tactical nukes. You point out the town your building you want to demolish is in, and we guarantee it's razed to the ground, no other details needed.

  • by jamesh ( 87723 ) on Wednesday June 22, 2011 @12:37AM (#36524358)

    The hosting centre is at fault here. "Naughty Servers" should be clearly labelled as such so they can't be mistaken for "Benign Servers". If those fatcats in Washington had just listened when the 'Evil Bit' was first proposed we wouldn't be in this mess now!

    • Re: (Score:2, Interesting)

      by Dynedain ( 141758 )

      It was a colo. And the hosting company (the owner of the machines) gave the FBI the info needed to pinpoint the one single server they were after. The FBI took several racks of equipment the hosting company had in that colo instead of just the single machine.

  • by Attila Dimedici ( 1036002 ) on Wednesday June 22, 2011 @06:54AM (#36526292)
    I am pretty sure this happened as a result of a problem that is endemic with law enforcement. A large percentage of people in law enforcement have come to believe that all people that they interact with are criminals who are acting to keep law enforcement from discovering the evidence to convict that person and/or others. As a result, they did not trust the hosting company to work with them to obtain all of the data of the target of their investigation.
    The proper way to have done this would have been to go in with someone from the FBI who was technically proficient who would then work with the hosting company to isolate and migrate all of the virtual machines containing the target's data to a single server (or several, if that was necessary) and seize that server(s).

The opossum is a very sophisticated animal. It doesn't even get up until 5 or 6 PM.

Working...