FBI Seizes Server from Progressive Internet Service Provider

Discussion in 'Civil Rights & Privacy' started by Lisa Simeone, Apr 20, 2012.

  1. Lisa Simeone

    Lisa Simeone Original Member

    Click the link to see the press release, which has more details. I tried posting it here, but the formatting got totally messed up so I had to remove it.
  2. Mike

    Mike Founding Member Coach

    If bomb threats are being transmitted through that machine, the FBI would be remiss in not examining it.

    Naivete at its finest. The memory of a machine is its disk storage, not its RAM. Modern computers are virtual memory machines where pages of information are swapped in as needed. The disk system may well contain traces of the original inbound packets with fragments of the bomb threats along with IP addresses pointing to their source.

    A normal server would maintain logs. Since the ISP does not maintain logs on that server, then the authorities need to look at the disk itself for clues, and that requires a search warrant to seize the machine rather than a subpoena to turn over the logs.

    By placing other legitimate functions (e.g. list servers) on the same machine as the anonymous email relay, the ISP has exposed the other functions to unnecessary risk. They appear not to have thought this through very well.
  3. Mike

    Mike Founding Member Coach

    When they get it ready to go back on line, presumably with the list serves moved elsewhere) and BEFORE they use it again, they should save an image of the anonymous relay's disk drive.

    Then if it's seized again (which should be not be unexpected given that anonymous emails would be attractive to certain criminal activities), they can get it back online with a minimal interruption.

    I'm not disputing the appeal of anonymous relays (I've used anonymizers myself), but they need to plan for this.
  4. Mike

    Mike Founding Member Coach

    More ...

    Forbes: FBI Seizes Activists' Anonymizing Server In Probe Of Pittsburgh's Bomb Threats

    It sounds as though the investigation will be challenging.

    Wall Street Journal: Feds seize email server in Pitt bomb threat probe
  5. Mike

    Mike Founding Member Coach

    Another possibility here (assuming the perpetrator either doesn't read about this or thinks that it won't work) is that perhaps the FBI is looking not only for traces of packets from the perpetrator but also just looking for indications as to what the upstream relays are. The would then get (perhaps) get court order to tap & log all communications with the most likely upstream servers & (likely) conduct similar searches on those servers.

    Identifying the upstream servers will be a lot easier than finding & tracing packets from a specific (criminal) user.

    Whoever set all this up apparently wasn't bright enough to realize that anonymity won't insulate you from being drawn into criminal investigations when your servers are used to further criminal pursuits.
  6. Mike

    Mike Founding Member Coach

    Apparently surveillance cameras caught the FBI sneaking in to return the servers ...

    Wired / Threatlevel (11 May 2012): FBI Surreptitiously Returns Seized Server

  7. nachtnebel

    nachtnebel Original Member

    That surveillance vid was priceless. Are these guys trying to be sneaky? Why not just hand it back to the owners and let them deal with it. How did they get into the facility?
  8. Mike

    Mike Founding Member Coach

    Don't know, but I'd bet the FBI has tried to hack that machine at a couple levels, first by adding some stealth monitoring & logging to remote FBI computers of selected anonymous proxy traffic, and perhaps secondarily by modifying other customers' files to restore the first hack if it is removed.

    They were probably hoping that by sneaking it in & reinstalling it surreptitiously they could get some intel before it was noticed.

    Most people would call this "burglary" and "theft of services".

    I wouldn't trust that machine now under any circumstances.

    I could see a good reason for examining the machine in the first place -- if bomb threats have been delivered through the machine, due diligence would call for a forensic examination of the disk drive -- but sneaking it back in like that is really suspect.
  9. TravelnMedic

    TravelnMedic Original Member

    I would say the only thing this server is good for is a to be "Office Spaced".
  10. CelticWhisper

    CelticWhisper Founding Member

    Not necessarily - a full hardware audit (including BIOS revision) down to component serial numbers, coupled with a nice DBANing of all physical volumes, should render it fairly free of Americaware.

    Once it's been audited and had at least an 8-pass disk wipe (normally overkill but when fed-proofing a box, there is no kill like overkill), set it up in an isolated environment and monitor network traffic to/from it for a few weeks to detect anomalies. If it passes, it can go back into service.
  11. Mike

    Mike Founding Member Coach

    Probably cheaper to make an aquarium out of it & buy a new one.
    DeafBlonde likes this.
  12. CelticWhisper

    CelticWhisper Founding Member

    For the record, it's taking immense force of will to avoid making phishing jokes here.
    Lisa Simeone and TravelnMedic like this.
  13. RB

    RB Founding Member

    I'm perch on the edge of my seat.
    Rugape and Lisa Simeone like this.
  14. nachtnebel

    nachtnebel Original Member

    You guys are giving me a haddock
    Rugape, DeafBlonde and Lisa Simeone like this.
  15. DeafBlonde

    DeafBlonde Original Member

    And for the Bad Pun of the Week...the winner is...nachtnebel!! CONGRATS! :D

Share This Page