FBI Seizes Server Providing Anonymous Remailer Service 355
sunbird writes "At 16:00 ET on April 18, federal agents seized a server located in a New York colocation facility shared by May First / People Link and Riseup.net. The server was operated by the European Counter Network ("ECN"), the oldest independent internet service provider in Europe. The server was seized as a part of the investigation into bomb threats sent via the Mixmaster anonymous remailer received by the University of Pittsburgh that were previously discussed on Slashdot. As a result of the seizure, hundreds of unrelated people and organizations have been disrupted."
Re:What does this help? (Score:1, Informative)
If your entire business depends on a single server you have more pressing problems to deal with. Gremlins are more likely to ruin you than jack-booted thugs. In fact, a Gremlin will on average take down your server once every two years. The odds of the FBI doing that are probably once in a thousand years, all things considered.
Re:nonsense (Score:5, Informative)
makes it possible to look for deleted or over-written information that might not exist on a duplicated disk.
Deleted stuff is never erased, just marked as "free space" by the OS.
Overwritten data, these days, is unrecoverable, even if only overwritten once. There has not been a single criminal case that I can remember where data was overwritten and then recovered on modern drives. The standard of multiple overwrites for true erasure is from the days when disks were physically huge, and the recorded area was huge, and head alignment wasn't always the greatest thing in the world.
Go read the epilogue to Peter Gutmann's paper
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html [auckland.ac.nz]
A simple dd of the original drives would have given investigators all the information that was available, including deleted files.
--
BMO
Re:Offtopic^2 (Score:3, Informative)
This is not a Rush Limbaugh forum, and your retarded post has nothing to do with the topic. If you watch the BBC documentary Madagascar, Lemurs and Spies [bbc.co.uk], you'll see that Gibson looks guilty as hell. A researcher working with an endangered group of Lemurs sees illegal logging in protected wilderness, and they get a hidden camera lawyer posing as an American wood buyer to go deep inside the logging operation, documenting the mass harvesting and lumber mills there producing pallets of fingerboard blanks with the Gibson front company name all over. The sawmill owner even brags on camera about what they are doing.
By your logic, you would shut up and go away if the justice department put people at Gibson in jail. More likely, you would be here bitching about how another American company was shut down by the feds.
Re:nonsense (Score:4, Informative)
You misunderstood what the cited article was saying. First of all, the article was essentially hearsay - a story of what Johnson said, retold by someone who didn't have much clue. Yet, obviously, nowhere did they say that they used magnetic force microscopy to recover data from the platters, as that would be the only technology that would have a chance (except, these days, it doesn't [wikipedia.org]). All they did was a regular read from the drive and found some sectors that the zero-fill didn't overwrite. What happened, most likely, was that the zero-fill was only attempted on areas declared unallocated by the filesystem. Such areas are necessarily declared conservatively -- you should never trust a free-space erase on a mounted filesystem, and that's what seems to have happened here.
Nowhere does the article disagree with what I'm saying, because, again, the legend of recovering the data from a zeroed-out hard drive is at this time nothing more. If you're lucky as in winning the lotto jackpot, and you're looking for very small amounts of data (say cryptographic keys), you may be able to recover useful error-correctable data from sectors that got reallocated because they started to fail. This doesn't require opening up the drive, merely gaining access to it via the factory/manufacturer mechanisms (there are software tools for that), so that you can read any sector, whether mapped into the space accessible via regular ATA data access calls or not. That's a slim chance, but if you're after a key or other short blurb, it's a low-hanging fruit -- and yes, in that case you need original drive, not an image.
The deal with the drive you cite was as follows: it never got fully overwritten with zeroes. Was that the case, you'd never read about any large (more than dozens or hundreds randomly scattered sectors worth) data coming off of it, because, again, it's not possible anymore. If you want to overwrite a drive, you boot a DBAN CD/dongle and do it. One set of zeroes is enough. If you really worry about the few tens of nanometers worth of possibly relevant domains left over "between" the tracks, you can always overwrite it a couple times; I'd think thrice with random data plus once with zeroes is enough. You don't muck around with free-space overwriting, OS reinstallation, or anything of that sort.
I think I posted something about it once somewhere where I argued that "obviously it's possible duh duh" -- I used to believe it until I looked at a honest-to-goodness drive platters with a magnetic force microscope. Even at a highest magnification, where a single pixel is a few nanometers across, you can't see anything but random hash "between" the tracks. At such magnification, the individual bits are huge, and any remnants would be quite obvious. They were very obvious in times of early PRML drives and before that. That time is long gone. Thus, an obvious tip: don't store sensitive data on old hard drives (say early IDE drives).