Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Seizes Servers In Virginia

Soulskill posted more than 3 years ago | from the sorry-about-your-luck dept.

Crime 405

Axolotl_Rose writes "The FBI has seized servers belonging to several clients of a hosting company in Reston, VA, disrupting service for many other clients. 'In an e-mail to one of its clients on Tuesday afternoon, DigitalOne’s chief executive, Sergej Ostroumow, said: “This problem is caused by the FBI, not our company. In the night FBI has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.” Mr. Ostroumow said that the FBI was only interested in one of the company’s clients but had taken servers used by “tens of clients.” He wrote: “After FBI’s unprofessional ‘work’ we can not restart our own servers, that’s why our Web site is offline and support doesn’t work.” The company’s staff had been working to solve the problem for the previous 15 hours, he said.'"

cancel ×

405 comments

Not Surprised (1)

OverlordQ (264228) | more than 3 years ago | (#36523816)

And so it begins . . . .

did lulzsec think they could get rid of it forever?

Re:Not Surprised (0)

OverlordQ (264228) | more than 3 years ago | (#36523822)

and by get rid, I of course meant get away with it.

Proofread Muthafucka! Fuck Yo First Post Nigga! (-1)

Anonymous Coward | more than 3 years ago | (#36523946)

and by get rid, I of course meant get away with it.

you're such a stupid fucking nigger i can't believe it

Re:Proofread Muthafucka! Fuck Yo First Post Nigga! (-1)

Anonymous Coward | more than 3 years ago | (#36524056)

da niggers know how to read and also noe how to rape. You wanna offen' us. We be coming around yo house soon. Big Tyrone just got out the joint and wants a girlfriend. We will roll up around 7pm. Bring yo tears cuz we gonna destroy yo anus.

Re:Proofread Muthafucka! Fuck Yo First Post Nigga! (-1)

Anonymous Coward | more than 3 years ago | (#36524152)

Yeah... use his tears for lube!

Re:Proofread Muthafucka! Fuck Yo First Post Nigga! (-1)

Anonymous Coward | more than 3 years ago | (#36524072)

You sure do get pissed off when you miss first post,

Maybe if you weren't so fucking lazy....

Re:Not Surprised (2, Insightful)

icebike (68054) | more than 3 years ago | (#36523968)

Well I suspect walking in and taking every server in site is not going to go over well
in the long run. Group punishment is hardly constitutional, and as soon as some deep pockets
fight back this process will stop.

Still these lulzsec clowns need to be reined in and perp walked. If they had a point to
make they've already made it, now its time to pay the piper.

Re:Not Surprised (2)

epyT-R (613989) | more than 3 years ago | (#36524064)

I see it as one crime syndicate making a hit on another. The feds are no more principled...

Re:Not Surprised (4, Insightful)

sortius_nod (1080919) | more than 3 years ago | (#36524254)

To think that a law enforcement agency, and yes, that's all they are, can walk into a premises with a warrant for specific information and take most of your equipment goes against the whole idea of "freedom".

Unfortunately this is not the first time the FBI have done stuff like this, just watch Freedom Downtime (actually about Kevin Mitnick) and see what happened to Bernie. It's been happening for decades to people who haven anything to do with hackers, why not go after company equipment now rather than your dad's computer?

not Group punishment more like hiting the main to (1)

Joe_Dragon (2206452) | more than 3 years ago | (#36524068)

not Group punishment more like hitting the main to the building trun off one office.

Re:Not Surprised (1)

kakarote (2294232) | more than 3 years ago | (#36524168)

dissertation for access the seizes servers people need this http://ow.ly/5nrhM [ow.ly] B)

Ultimate DOS (3, Insightful)

Anonymous Coward | more than 3 years ago | (#36524026)

It's the ultimate Denial Of Service attack:
1) Co-locate stuff that the FBI doesn't like with the server that you want to DOS
2) Report your server to the FBI
3) Sit back and let the FBI do the rest.

Re:Ultimate DOS (1)

geekprime (969454) | more than 3 years ago | (#36524080)

it's like a new age swatting!

Re:Not Surprised (0)

Anonymous Coward | more than 3 years ago | (#36524120)

I was just going to say.... "so we actually have no idea about any of this, right?"

I mean, for all we know someone was storing kiddie porn there, or there's a hacked machine in there being used by the chinese for espionage, etc?

Re:Not Surprised (0)

Anonymous Coward | more than 3 years ago | (#36524214)

It's like all of the sudden the FBI is a single purpose organization or something? I mean god we know what they do over kiddie porn and espionage, but LS has been in recent news so all of the sudden they're -obviously- the motive/target, right?

Re:Not Surprised (0)

malsbert (456063) | more than 3 years ago | (#36524164)

A little quick to the punch there!

How about we wait, till they actually catch someone, before we start felling all high and mighty?

Still, I do love the smell of fascisme in the morning!

On another note; is it not about time the U.S. changed that national anthem of yours?

O’er the land of the oppressed and the home of the cowards!

Cloud (1)

seepho (1959226) | more than 3 years ago | (#36523820)

Need to suffer the same repercussions that anyone fitting the loose modern definition of 'cyber criminal'?

To the cloud!

Re:Cloud (0)

Anonymous Coward | more than 3 years ago | (#36523850)

DigitalOne is not a "cloud provider", it's a traditional hosting service. Or are you suggesting that we don't use those, either? Every company should rent their own buildings and buy their own computers and hire their own physical security, etc?

That's an interesting theory you have there. I'll think about it more as I go assemble my own axe so I can cut down some trees to build my own house. Can't trust others to specialize in this for me, after all! It's my frickin' house, man!

Re:Cloud (1)

epyT-R (613989) | more than 3 years ago | (#36524088)

Not a fair comparison.. An axe is quite simple to verify because it has no hidden function. it's not a black box. (unless it's been bugged). computer equipment is the ultimate trojan horse because they are so difficult to completely audit.

Re:Cloud (5, Insightful)

billcopc (196330) | more than 3 years ago | (#36524302)

(unless it's been bugged)

You just negated your own argument. Sorry, man, do not pass go. Do not collect 200 karma.

Law enforcement needs to decide on a firm, reliable way to identify those responsible for cybercrime, to punish them and ONLY them, not the people who happen to be providing service along the way.

Do they shut down the power company every time the crooked DEA finds a grow op ? No, because the power company is simply providing a service irrespective of usage. We need to start treating the internet like any other utility, since that's what it has become. Want a site shut down ? Track the IP, look up Whois, call the ISP, follow procedure. Randomly and illegally seizing property is NOT going to solve any problem. It will only incite more to rebel against the broken legal system.

Go ahead FBI, ruin someone's business and livelihood over fabricated evidence and feeble-minded assumptions, but don't act surprised when that ex-entrepreneur shows up at your doorstep with a bottle of jack and a loaded shotgun. Actions have consequences, and abuse of power merits the harshest consequences of all.

Re:Cloud (1)

essayservices (2242884) | more than 3 years ago | (#36524092)

after all people only Need this http://bit.ly/9XE7PZ [bit.ly] ;)

Re:Cloud (-1)

Anonymous Coward | more than 3 years ago | (#36524178)

How did this get modded -1? It's a known list of lulzsec servers!

Something has to change (1)

Anonymous Coward | more than 3 years ago | (#36523824)

It is easy to acknowledge the FBI and other police force's need to obtain servers belonging to a client, but with the reality being multi-client servers that most that should be allowed is a copy that doesn't violate any other customer's right of privacy.

good point (1)

decora (1710862) | more than 3 years ago | (#36523894)

it's like if they stopped a bunch of trucks on the highway, and scanned every single one of them for nuclear weapons, drugs, and bombs, even though they had no probable cause whatsoever.

oh wait. they already do that.

( google VIPR )

Re:Something has to change (2)

n5vb (587569) | more than 3 years ago | (#36523918)

This assumes that the FBI has some clue of what they're looking for, or that they know enough to be able to get a copy of just the directory tree containing that particular client's content. I don't think that's a safe assumption in most cases. :p

That being said, if it were any hosting service I were running, there'd be enough offsite hardware and data backups to be able to get my clients' sites back up at least to a recent and consistent state, if not the current state ..

Probably a proxy box (1)

assemblerex (1275164) | more than 3 years ago | (#36523838)

They'd have to be pretty stupid to use a server located in the USA.

Re:Probably a proxy box (0)

xeon13 (2268514) | more than 3 years ago | (#36524008)

Re:Probably a proxy box (1)

michiko (2270072) | more than 3 years ago | (#36524028)

ooo.!!! people should have to know about that..

Re:Probably a proxy box (0)

Anonymous Coward | more than 3 years ago | (#36524208)

yay essay services spam! Please mod parent down.

Re:Probably a proxy box (-1)

Anonymous Coward | more than 3 years ago | (#36524344)

Hello nigger, aka Simon Stevens.

Die nigger, aka Simon Stevens.

Restore from backup? (4, Insightful)

gmhowell (26755) | more than 3 years ago | (#36523844)

Couldn't they restore their customers' sites from backup?

Re:Restore from backup? (1)

poity (465672) | more than 3 years ago | (#36523870)

That's what I was wondering. What professional operation can't get customer data back from onsite or offsite backup withing the day?

Re:Restore from backup? (0)

Anonymous Coward | more than 3 years ago | (#36524038)

I'm sure the data-center was more than willing to assist clients in restoring their backups.

Re:Restore from backup? (1)

brainboyz (114458) | more than 3 years ago | (#36524192)

Data is easy, hardware not so much.

Re:Restore from backup? (1)

jd (1658) | more than 3 years ago | (#36524298)

Unless the clients were running specialized hardware, the backup images can be thrown onto virtual machines in the interim. A dead site gathers no hits.

Re:Restore from backup? (2)

Dahamma (304068) | more than 3 years ago | (#36524212)

If it's just a colo, the customers may own their own servers (and be responsible for the software on them as well as backups).

If the servers were important, it's even possible they had a few for redundancy - unfortunately, redundancy is usually designed to account for simple hardware (or software) failures, and doesn't do much good when someone takes ALL of them...

Re:Restore from backup? (2)

mug funky (910186) | more than 3 years ago | (#36523898)

not with half the datacentre gone, they can't.

the backup system was probably in one of the _racks_ the FBI seized.

Re:Restore from backup? (1)

Rudolf (43885) | more than 3 years ago | (#36524128)

the backup system was probably in one of the _racks_ the FBI seized.

No offsite backups?

Re:Restore from backup? (1)

SharpFang (651121) | more than 3 years ago | (#36524182)

Of the data, yes. Of the hardware, which is currently missing, not really.

Re:Restore from backup? (5, Funny)

Black Parrot (19622) | more than 3 years ago | (#36524222)

Of the data, yes. Of the hardware, which is currently missing, not really.

Really? I copy my hardware to my 3-D printer every night.

Re:Restore from backup? (0)

Anonymous Coward | more than 3 years ago | (#36523914)

Several problems.

1: did the FBI seize only the servers, or did they seize the backup tapes as well? It's conceivable that they could have done the latter.
2: If they seized the backup tapes, is there an offsite copy that's any good? Or was that seized as well? (I'm guessing not, but the article doesn't say; thrown in for the sake of completeness.)
3: If there is an offsite copy, or the backup tapes are still there, are the tape drives needed to read them still there, or were they seized as well?
4: If the tape drives are there, and the backup tapes are there (or the offsite copy has come back), does the company have the hardware and software to read the data off the tapes, or was the backup server one of the systems seized?
5: Assuming all the backup infrastructure (library, tapes, drives, and backup server) is still there - does the company have adequate capacity on the remaining systems to restore the seized hosts to full operation?
6: Assuming they have adequate capacity, would restoring the seized hosts to full operation cause them to be in breach of any judicial order, or potentially result in another raid on the restored hosts?

It's a question of capacity. They might not have the server power (CPU, memory, etc.) or storage (hard disk capacity) to restore everybody's system from backup and provide adequate service.

Re:Restore from backup? (4, Informative)

scdeimos (632778) | more than 3 years ago | (#36523924)

Restore to what? From what I've read DigitalOne's a co-lo customer and the FBI's taken all their physical hardware.

Re:Restore from backup? (1)

alanthenerd (639252) | more than 3 years ago | (#36524172)

This would seem to be the case as DigitalOne can't even get their own website back online.
It's pretty good going of the FBI to completely disable a companies ability to operate just to get the data of one of their clients.

Re:Restore from backup? (2)

gmhowell (26755) | more than 3 years ago | (#36524296)

Restore to what? From what I've read DigitalOne's a co-lo customer and the FBI's taken all their physical hardware.

That's where you went wrong: you read the article. I didn't bother.

Re:Restore from backup? (4, Insightful)

Michael Woodhams (112247) | more than 3 years ago | (#36524124)

I've been around long enough to remember the Secret Service raid on Steve Jackson Games [sjgames.com] , which was the triggering event for founding the EFF [eff.org] .

Most companies don't have "The Feds turn up with search warrants and take all your stuff, including backup tapes" as a threat they plan for in their backup strategy. Off site backup doesn't protect against this.

I don't know what the problem is in this case - whether the backups were also seized, or that they simply lack the hardware to restore on to.

Re:Restore from backup? (2)

gmhowell (26755) | more than 3 years ago | (#36524334)

I've been around long enough to have had a UID on that system :p

This shouldn't be much different than "a hellmouth opened up under the datacentre and swallowed it" or "the tsunami washed it out to sea" or "a stray SCUD hit the building". While ridiculous, it would seem that a visit by the FBI is about as catastrophic as some naturally occurring events that one might want to plan for. I'm not in disaster recovery, so I dunno.

I'm also curious how dodgy the customer was and if the service provider knew. (IOW, did the Feds bust an online pharmacy that was known about?)

The FBI should try that on cloud hosting (5, Insightful)

initialE (758110) | more than 3 years ago | (#36523846)

1. Take the servers
2. There is nothing on the servers - take the Storage
3. The storage is remotely replicated - pull the remote storage
4. You can't pull the remote storage, you don't have jurisdiction overseas

Re:The FBI should try that on cloud hosting (1)

TooMuchToDo (882796) | more than 3 years ago | (#36523956)

THIS! Although, you have to be careful. If your storage is outside of US jurisdiction (Amazon S3 Asia/EU AZs), but the company is still a US company for the most part (for this example, Amazon), it's very likely LEO will get the data they're looking for. Take into account the people who run whatever equipment/storage systems you're using outside of jurisdictions you're working against.

Re:The FBI should try that on cloud hosting (1)

jd (1658) | more than 3 years ago | (#36524314)

The FBI can't seize it, but due to crap security, apparently everyone else can. Hmmm. Not a great swap.

Solution (4, Insightful)

PPH (736903) | more than 3 years ago | (#36523848)

Host offshore.

Re:Solution (1)

countertrolling (1585477) | more than 3 years ago | (#36523878)

Name one place that won't do exactly the same thing...

Re:Solution (1)

Anonymous Coward | more than 3 years ago | (#36523994)

Keep random chunks of your data in several countries offshore so that it would be almost impossible to get together the hundred subpoenas needed to gather what you want before the data owner gets wind of it and pulls the data offline.

Re:Solution (5, Interesting)

TooMuchToDo (882796) | more than 3 years ago | (#36524024)

The hosting company I co-own with the rest of my employees is mid-sized (several million a year, but under 10 people), but we operate this way. Equipment is owned by corporations incorporated in the jurisdiction where it resides on a country-level basis. We own gear in the US, the EU, Japan, China, and Australia. No corporate entity is tied to another, and resources are redundant through the infrastructure. Come to me in the US with a subpoena for anything on any of our gear outside the US? Fark off. When the hell did people give up on their principles?

FBI: Driving businesses out of the country (5, Insightful)

mykos (1627575) | more than 3 years ago | (#36523962)

I think most of the smart IT people are beginning to view the U.S. as a threat to their business. If U.S. investigative agencies can disrupt dozens, or even thousands [dslreports.com] , of innocent individuals and businesses with impunity, why the hell would anyone take the risk hosting in the U.S.?

Re:FBI: Driving businesses out of the country (3, Funny)

MightyMartian (840721) | more than 3 years ago | (#36523996)

Because, of course, other countries are so much less intrusive.

Re:FBI: Driving businesses out of the country (1)

corbettw (214229) | more than 3 years ago | (#36524304)

While no one's going to suggest setting up a co-lo in Zimbabwe or Venezuela anytime soon, there are other countries that are safer from the risk of government seizure than the US is now. Ireland, Switzerland, any of the Nordic countries, and New Zealand all spring to mind. Any one of those places would be a much better bet for setting up a new co-lo, were one inclined to do so, than the good ol', freedom lovin', US of A.

Re:FBI: Driving businesses out of the country (0)

Anonymous Coward | more than 3 years ago | (#36524040)

The odds of something stupid like this happening to your servers are the same regardless of the country they're hosted in, if not worse outside the U.S. The only reason you perceive it as worse inside the U.S. is that the country's mass media is much more developed and far-reaching than that of any other country.

Quit falling victim to hysterics over little things, and concern yourself with the stuff that matters, such as our sorry macroeconomic trajectory.

Re:Solution (2)

tomthepom (314977) | more than 3 years ago | (#36524150)

DigitalOne is based in Switzerland, they did host offshore in the US. That might have been a mistake.

A war? (0)

Anonymous Coward | more than 3 years ago | (#36523868)

There's been kind of a slow build up of the anonymous and lulzsec script kiddie attacks lately.. while many of their attacks come off as childish, it's fairly clear given the technological level of the day, and the high disagreements between citizens and the slipping anti-citizen governments that a war for freedom can actually be fought this way. I just never thought the representatives would be so stupid.

Nevertheless, after watching the authorities response to lulz, and the efforts by lulz, i can't help but think they're in the right now, mostly. Did anyone else start to actually feel support for their doings due to all the recent events?

Re:A war? (1, Informative)

Anonymous Coward | more than 3 years ago | (#36523896)

one must admit, one begins to warm up to the goal, if that's exposing the real shenanigans and making real evildoers sweat it...

Civil and criminal liability (5, Insightful)

dgatwood (11270) | more than 3 years ago | (#36523874)

I think it's time to hold the FBI to the same standards that they would hold the rest of us. If I went in waving a gun around and demanding to walk away with somebody else's server, they'd throw my ass in jail.

If they want access to a particular client's content, they can go through the same process as a DMCA takedown request or a backup request would. They make a request, the company yanks that customer's access, then clones that customer's data onto a new drive, then hands them the drive.

As far as I'm concerned, every single client of this ISP ought to sue the FBI for the damage they caused—for the downtime, for the loss of data, for the time spent trying to reach the ISP to figure out what was going on, for the cost of any failover hardware or service that they had to pay for in lieu of that service, etc. If the FBI had to pay out a few million dollar settlements every time they pulled a stunt like this, they'd think twice about acting like a bunch of thugs, and they would go through proper channels and do their investigation in a way that doesn't cause collateral damage.

There's simply no excuse for such sloppy investigative work. If they screwed up so royally with the servers, you have to wonder how many grievous errors they made in other areas that would lead to the evidence being declared tainted, criminals going free, etc.

Re:Civil and criminal liability (0)

Anonymous Coward | more than 3 years ago | (#36523974)

Better yet, can we opt not to have our taxes go to the FBI?

Re:Civil and criminal liability (0)

Anonymous Coward | more than 3 years ago | (#36523978)

They need to have a court order (warrant) to cease property. If they do not have a warrant, then it is called larceny.

If your server has been compromised or if you are sharing server(s) with ones that FBI has a warrant for, then you are SOL.

Re:Civil and criminal liability (0)

Anonymous Coward | more than 3 years ago | (#36524022)

Seems to me that it would be a better idea for the FBI to monitor the site in question for more data and clone the drive(s) onsite. Would be a simpler way to go. Kinda an analogy of "fishing with dynamite".

Re:Civil and criminal liability (1)

phantomfive (622387) | more than 3 years ago | (#36524086)

They make a request, the company yanks that customer's access, then clones that customer's data onto a new drive, then hands them the drive.

Oh yeah, that'll be real great. Then the mafia guys the FBI is chasing get a tip off because they are the ones who own the datacenter. Not saying I like how it is, but your plan has serious holes.

Re:Civil and criminal liability (1)

corbettw (214229) | more than 3 years ago | (#36524326)

The work of cloning the data could either be supervised or actually performed by trained FBI agents (from a chain-of-evidence point-of-view, the latter would be preferable). But before going in, they should have at least as much information as is needed to know which servers and which clients on those servers they need. Fishing expeditions like this one need to stop.

Re:Civil and criminal liability (5, Informative)

icebike (68054) | more than 3 years ago | (#36524116)

You can try to file a suit, but you probably wouldn't get anywhere.

The Federal Tort Claims Act was enacted by Congress in 1946 to allow citizens to sue the federal government. Prior to that you had to get something
passed by congress in order to sue the government.

From http://www.finchmccranie.com/refresher.htm [finchmccranie.com]

While the passage of the FTCA constitutes a limited waiver of sovereign immunity, Congress specifically limited the government's amenability to suit in a variety of different circumstances. In 28 U.S.C. 2680, Congress specified that its limited waiver of immunity would not apply to the following claims:

(a) any claim based upon an act or omission of an employee of the government, exercising due care, in the execution of a statute or regulation, whether or not such statute or regulation be valid, or based upon the exercise of performance or the failure to exercise or perform a discretionary function or duty on the part of a federal agency or an employee of the government, whether or not the dis- cretion involved be abused; ...

So you see, you are effectively shut down before you get to the courthouse steps. All they need do is say "We had evidence that all servers we took were involved" and there is nothing more you can do. You will not be granted the ability to examine that evidence.

Re:Civil and criminal liability (0)

Anonymous Coward | more than 3 years ago | (#36524256)

This case is definitely an example of not exercising due care. The Tort Claims act was written to defend tax payers from enormous suits over innocent mistakes, not from officials casually rounding up and stealing property that has nothing to do with an investigation. Due care is the opposite of what happened in this case. Any care whatsoever would have prevented it from happening.

Re:Civil and criminal liability (1)

denbesten (63853) | more than 3 years ago | (#36524346)

If you were an impacted client, your next course of action is to file a claim against your business interruption insurance and to locate your off-site backup tapes.

Given the fact that defense attorneys exist, my bet is that the FBI went through the proper channels (getting a warrant) and followed well-established procedures that are geared towards preventing the destruction of evidence and towards maintaining the chain of evidence.

Attempting to sue the FBI would likely result in a lecture on sovereign immunity. Even if a miracle happened and you were to prevail, the settlement money would really just comes from the taxpayers, which would have the effect of punishing you and me, not the government employees (other than the fact that they too are taxpayers :-).

Machines won't be coming back (1)

Anonymous Coward | more than 3 years ago | (#36523880)

Every time I hear this story, and in the one situation where I witnessed federal agents confiscating equipment, the equipment never returns.

Re:Machines won't be coming back (1)

countertrolling (1585477) | more than 3 years ago | (#36523908)

They can buy it back at the auction... Probably at a pretty good price

Does the Constitution still mean anything? (3, Informative)

mykos (1627575) | more than 3 years ago | (#36523886)

Each of the clients who had their property seized without warrant should bring suit.

Re:Does the Constitution still mean anything? (1)

DavidRawling (864446) | more than 3 years ago | (#36523940)

Note being a USAnian, I am guessing here - but ISTR there's a law preventing you from suing the government? Basically - immunity from prosecution unless the government (dept) agrees to be sued, or something like that. And I always think, hearing something like that, the argument would be something like, "It's not in the national/public interest for you to be sue us, so no. Neener neener neener."

Re:Does the Constitution still mean anything? (1)

phantomfive (622387) | more than 3 years ago | (#36524114)

You can sue the government but the rules are different than suing private parties, because the government is different. There is a different set of laws that apply to the government (for example, a private party would not be able to request a warrant to seize someone else's equipment, no matter how much kiddie porn it has). Uh, YMMV if someone manages to steal your your computer because you have kiddie porn on it don't blame me

Re:Does the Constitution still mean anything? (1)

SharpFang (651121) | more than 3 years ago | (#36524218)

One of the caveats is that government has to consent to be sued. Yes, they can say "we do not agree for this lawsuit" and the result is "case dismissed."

Re:Does the Constitution still mean anything? (1)

DarkTempes (822722) | more than 3 years ago | (#36524278)

You can definitely sue the US government. Separation of powers and such say, in theory, that the FBI/executive branch people can't just make it disappear. From my understanding you are sort of correct in that the executive branch can ask the judicial to not hear the case in the best interest of the nation.

Remember when ICE took down all those websites via domain seizures? Some of those companies are suing over it. I dunno if it'll actually go anywhere but I believe they weren't thrown right out. Lots of important historical changes have happened in the courts in party vs state/government/whatever...

Re:Does the Constitution still mean anything? (4, Insightful)

icebike (68054) | more than 3 years ago | (#36524180)

Responding to your title, "Does the constitution still mean anything", the answer is NO.

Just about here is where I get jumped on by everybody who supports the Constitution and hold it dear. Who doesn't?

But the point is, nothing written in the constitution means anything any more, and hasn't for a long time.
Every sentence and every clause has been violated and circumvented by a web of laws and rulings such that any citizen who points to the constitution in his defense is laughed out of court. In the legal profession, an appeal to the constitution is a huge inside joke. The sign of a rube. A target to be fleeced.

Re:Does the Constitution still mean anything? (1)

CodeBuster (516420) | more than 3 years ago | (#36524226)

The sign of a rube. A target to be fleeced.

Even lawyers must choose their targets with some care. Filing a lawsuit against the "wrong" people can result in an "out of court settlement". You can use your own imagination as to what constitutes an "out of court settlement" in that context...

Act of War (3, Insightful)

sanzibar (2043920) | more than 3 years ago | (#36523922)

next time, use a drone.

Digital Forensics (0)

Anonymous Coward | more than 3 years ago | (#36523952)

DigitalOne provided all necessary information to pinpoint the servers for a specific I.P. address, Mr. Ostroumow said. However, the agents took entire server racks, perhaps because they mistakenly thought that “one enclosure is = to one server,” he said in an e-mail.

I thought digital forensics started at the scene, especially in situations like this were the systems are still live. How could such a stupid mistake happen or is it simply a case of taking too much evidence?

Re:Digital Forensics (1)

geminidomino (614729) | more than 3 years ago | (#36523992)

perhaps because they mistakenly thought that âoeone enclosure is = to one server"

More likely, they realized that one enclosure would bring in more at auction than one server...

The reason they took the whole rack.... (1, Informative)

Wingman 5 (551897) | more than 3 years ago | (#36524084)

... is they did not want to power down the server.

Law enforcement is trained that if you are seizing a computer, if possible, do not let it be shut down/locked. Forensics can snapshot the RAM and possibly get encryption keys that would be lost if the server was powered down. Worst case there could be a whole drive encryption that needs a password every boot, if you let the computer shut down you lose everything and all you will have is a worthless box without the password.

It is likely there was no way to remove the server from the enclosure while keeping it supplied with power. So what they likely did is they spliced in their own UPS to the cabinet and rolled the whole thing out. to their truck where they could keep it powered till a expert could get in and get a dump of the system state.

Re:The reason they took the whole rack.... (1)

icebike (68054) | more than 3 years ago | (#36524198)

Sounds like wild speculation to me. And a great deal of fantasizing.
If you physically have the server, you simply power it down, even by yanking the cord, (not nearly as harmful to a modern server as you've been lead to believe) then pull the hard drives and clone those, and deal with their content as mere data. Taking the entire cabinet is the sign of fools and novices.

Re:The reason they took the whole rack.... (2)

Wingman 5 (551897) | more than 3 years ago | (#36524262)

If I keep all of my data in a strongly encrypted container (that does not have a password that is brute force able in a reasonable amount of time), how do you expect to gain anything meaningful "dealing with it as mere data" without the decryption key which was stored in ram till you shut the machine off to clone the drive?

Re:The reason they took the whole rack.... (1)

Anonymous Coward | more than 3 years ago | (#36524270)

Nope,

From my forensics class - The drives may have an encryption with a bit width that would make decryption a serious task.
While the machine is on the decrytion key is in memory somewhere (or more probably in the TPM) As long as the machine
remains on you have access to the hard drive. Shut the machine down and you loose the key. Try getting it out of the owner
of the machine (well there *is* always water-boarding).

Re:The reason they took the whole rack.... (1)

cold fjord (826450) | more than 3 years ago | (#36524342)

Taking the entire cabinet is the sign of fools and novices.

Or someone concerned about the chain of custody for evidence.

Re:The reason they took the whole rack.... (0)

Anonymous Coward | more than 3 years ago | (#36524362)

Clearly you have no concept of data encryption. Good day.

Re:The reason they took the whole rack.... (1)

hawguy (1600213) | more than 3 years ago | (#36524204)

It is likely there was no way to remove the server from the enclosure while keeping it supplied with power. So what they likely did is they spliced in their own UPS to the cabinet and rolled the whole thing out. to their truck where they could keep it powered till a expert could get in and get a dump of the system state

And if they have this magic splicing capability (as opposed to relying on redundant power supplies to let them transparently hook up their UPS), are you saying that it was easier to supply 10KW of power to an entire cabinet than it would have been to supply 400W of power to a single server?

They'd need 1000 pounds of batteries to keep the cabinet powered for any appreciable amount of time.

Re:The reason they took the whole rack.... (1)

Wingman 5 (551897) | more than 3 years ago | (#36524310)

They don't need to keep the whole rack powered, just the one machine they are interested in, they could power down the rest of the rack and a off the shelf UPS could run it for plenty of enough time to get it to a truck with a inverter on it.

As for the "magic splicing" it is not hard to do, anyone with a basic understanding of electric circuits can splice two live cables together.

you can splice cables to a single server (1)

dutchwhizzman (817898) | more than 3 years ago | (#36524248)

so I don't see the reason to take several racks. The risk that the server powers down that way is roughly the same as for an entire rack. Also, the reason why things were taken is not given. For all we know, there may be an illegal mp3 hosted on one machine and the MAFIAA had it seized for "economic terrorism". The feds better come up with a pretty good explanation, or there will be a lot of damages to be paid by the USA tax payer.

Re:you can splice cables to a single server (1)

Wingman 5 (551897) | more than 3 years ago | (#36524338)

Have you tried to remove a server from a rack without accidentally detaching the power cable? They went with the option that had the lest chance of failure.

Re:The reason they took the whole rack.... (0)

Anonymous Coward | more than 3 years ago | (#36524300)

... is they did not want to power down the server.

Law enforcement is trained that if you are seizing a computer, if possible, do not let it be shut down/locked. Forensics can snapshot the RAM and possibly get encryption keys that would be lost if the server was powered down. Worst case there could be a whole drive encryption that needs a password every boot, if you let the computer shut down you lose everything and all you will have is a worthless box without the password.

It is likely there was no way to remove the server from the enclosure while keeping it supplied with power. So what they likely did is they spliced in their own UPS to the cabinet and rolled the whole thing out. to their truck where they could keep it powered till a expert could get in and get a dump of the system state.

I enjoy how everyone assumes that the FBI went in with an old fashion western "guns a blazin' " approach. I agree with Wingman 5. They took the entire rack because it was least damaging to do so to the investigation, and as an American who believes in fairness and equality I think that Digital One should have seen this coming. There is freedom, but there is also harboring fugitives and fugitives data. It so happens that Digital One did not inform their clients that the server (property) that their data was hosted on was also hosting data of known illegal (under US law) and immoral organizations. If Digital One believes in LulzSec and Anonymous' cause then they should have taken steps to either ensure the security of the group or minimize casualties in the situation. What we have to look at here is that these so called "Hacktivist" groups have compromised and published the data of unsuspecting and trusting individuals without regard to their privacy. It is the equivalent of calling someone out for crimes against humanity while committing crimes against humanity, and Lulzing over it as people flock to your popularity and charm. The fact is, what they are doing isn't necessarily wrong, but how they are doing it is. I believe that the web security of today is a joke, many companies are tossing out copy-and-paste security code without worrying about back doors, and other vulnerabilities. Even so, the people should not be compromised due to a lack of proper infrastructure. It should be the Hacktivist's goal to identify security holes, make public their findings (without revealing passwords, credit cards, etc. (though all of that info SHOULD be encrypted with at least MD5 hash)), and encourage a world wide community to hold companies and developers accountable for their lack of caring and attention to the privacy of their customers and clients. In short, we are at war, not as any single nation, but as a world. It is up to all of us to recognize what is right, and protect those who are innocent and uninformed about the woes of our security world. After all, a black smith does not expect you to know the intricacies of his trade, but we trust that he will not cut our hands off with his near perfectly balanced blade. Get my drift?

Not extreme (0)

Anonymous Coward | more than 3 years ago | (#36524108)

I am a federal agent (non-FBI) who has seized large amounts of digital evidence. In criminal cases, you need entire hard drives so you can do forensic extraction. Can you ask the ISP to retrieve the data for you? Yes. However, it depends on 1.) Is this an email address or a large organization with colocated servers. 2.) How much do you trust the ISP? (based on past actions, size, clientele, etc.). BTW, if you search large companies who have their congressman on speed dial, you can be assured that the agents and judge have evaluated the impact to legitimate business vs illegal activity.

Re:Not extreme (4, Insightful)

hawguy (1600213) | more than 3 years ago | (#36524236)

I am a federal agent (non-FBI) who has seized large amounts of digital evidence. In criminal cases, you need entire hard drives so you can do forensic extraction. Can you ask the ISP to retrieve the data for you? Yes. However, it depends on 1.) Is this an email address or a large organization with colocated servers. 2.) How much do you trust the ISP? (based on past actions, size, clientele, etc.). BTW, if you search large companies who have their congressman on speed dial, you can be assured that the agents and judge have evaluated the impact to legitimate business vs illegal activity.

I'd think that the same thing applies when the FBI sees a suspect enter a parking garage - they know he entered the garage and are pretty sure that he hid his contraband in a car. The garage owner might be working with the suspect, so they can't trust him. The question is, can they seize all 200 cars in the garage and tow them back to be disassembled and searched to be eventually returned to the owners, perhaps no longer in working order? Would any judge allow that?

If the answer is no, why is it different with servers?

Re:Not extreme (1)

icebike (68054) | more than 3 years ago | (#36524242)

As a federal agent (non-FBI) you should have been trained that the "entire hard drive" does not extend to the entire RACK of servers.

Good hosting providers outside the US? (1)

Lord Juan (1280214) | more than 3 years ago | (#36524136)

Call me paranoid but I am starting to look around for hosting options outside the US. The stories of the massive collateral damage when they take away shared servers and seize domain names is getting me nervous.

Re:Good hosting providers outside the US? (1)

Skuto (171945) | more than 3 years ago | (#36524230)

Other countries, specifically developed ones who are "allies" of the US, probably do exactly the same.

Government is "fire first, respect the law later" pretty much everywhere.

promotethislogo (0)

Anonymous Coward | more than 3 years ago | (#36524158)

We are updating our information for this website as of right now. Please note that if you find an item on EspOnline that you want, and that same item does not show up on our website, please give us a call at (678)-380-6022; or shoot us an email regarding that and we will update as needed. Our email address is logo123@comcast.net. If you could please send all your order requests, digitizing & contract embroidery work, screen printing work, and quotes to our email address at logo123@comcast.net, we will gladly assist you! If you would like to fax the information to us, you can easily fax it to us through our fax number: (678)-804-1800.

Tempted to start a demolition company. (1)

SharpFang (651121) | more than 3 years ago | (#36524188)

I'm tempted to start a building demolition company. Using tactical nukes. You point out the town your building you want to demolish is in, and we guarantee it's razed to the ground, no other details needed.

Hosting centre is at fault (3, Interesting)

jamesh (87723) | more than 3 years ago | (#36524358)

The hosting centre is at fault here. "Naughty Servers" should be clearly labelled as such so they can't be mistaken for "Benign Servers". If those fatcats in Washington had just listened when the 'Evil Bit' was first proposed we wouldn't be in this mess now!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...