
How the FBI raided Anonymous  - abraham
http://arstechnica.com/tech-policy/news/2011/01/two-real-guns-pointed-at-me-how-the-fbi-raided-anonymous.ars
======
kotrin
"We have noted that similar attacks have also been carried out against
Wikileaks itself, yet so far, nobody has been arrested in connection with
these attacks, nor are there even any signs of an investigation into this
issue at all,"

I think that is one of the most important points of this article.

~~~
damoncali
Does the FBI even investigate this sort of thing internationally? Does anyone?

~~~
gloob
_Does anyone?_

Countries outside America do have law enforcement agencies for the most part,
so yes.

~~~
damoncali
I meant, does anyone investigate them end-to-end, and not just in their own
country? I find it hard to believe that the FBI interacts well with law
enforcement in, say, Poland.

~~~
forensic
well the RCMP and the FBI work together very closely, for one. An American FBI
agent can get more done in Canada through RCMP connections than a rich and
powerful Canadian can.

RCMP is the Canadian FBI by the way.

~~~
fleitz
Yes, and vice versa, lets say the RCMP needs someone sent to Syria for
'questioning', then they'd phone the FBI and tip them off that such a person
is coming to the US. And the FBI would promptly send them to Syria for
'questioning' of course also ignoring their citizenship and duty to deport
people back to their country of citizenship.

<http://en.wikipedia.org/wiki/Maher_Arar>

------
sliverstorm
_TWO %REAL% GUNS POINTED AT ME_

I love this part. It's obvious that, for the first time in the lives of these
Anons, sh%t actually got real.

(I don't mind any downvotes you see fit to give me, I have always found it
laughable when Anons expect to break the law and suffer no consequences.
Whether or not it is a good law has no bearing, that's not how civil
disobedience works.)

~~~
sesqu
I'm not a fan. These are guns we are talking about, not paperwork. Paperwork
is the shit that's real, guns are just there to make you feel helpless. And
also to kill you.

~~~
sukuriant
But the kids would have laughed at paperwork until it was all over, and then
possibly still laugh at it. With the guns, they just experienced the severity
of their action that a whole armed FBI-team had to come in to deal with the
situation.

~~~
sesqu
Yeah, I don't agree with that.

If it's a paper in the mail that says "we know it's you", I'd be pretty
scared.

If it's a policeman at the door saying "come in for questioning", I'd be
shitting my pants.

If it's three policemen saying "we've come to take all your PCs", I'd be
confused and seriously contemplating future involvement with the group.

If it's a bunch of thugs breaking the door, grabbing my pcs, iphone, xboxes,
lady gaga cd's and threatening to kill me if I object, I'd start looking into
getting more involved with political activism.

At least, that's how I think I would react, before dealing with the paperwork.

~~~
roel_v
Entering with an armed team is SOP, mostly to protect policemen. These are
just guys doing a job, in the vast majority of cases a good and just job, who
want to go home to their wives and children in the evening. Some (most) raids
could theoretically be done by just knocking on the door; but sometimes some
crazy man will start shooting back, or running away, or try to destroy
evidence. Rush-entry raids with flashbangs etc. are designed to cause maximum
confusion so that the people in the house are disoriented for a short time,
hopefully long enough to be cuffed.

Anyway like I said sometimes these could be done by one guy with a briefcase,
but how are you going to decide when to raid and when to knock on the door?
And who is going to decide? When somebody makes a wrong call and a policeman
gets killed, there's going to be a ruckus (police union, other policemen
feeling unsafe causing worse performance, etc.) So the safe thing to do is to
err on the side of caution. Sucks for those being raided when it wasn't really
necessary, and even worse for those being raided in error, but as always it's
a trade off.

That's how it came to be. IMO perfectly reasonable. One can disagree with
specific cases, I do too; but try to put yourself in the shoes of someone
designing or managing a law enforcement organization or system. If you have a
solution that mitigates the problems yet addresses all the points and many
more I brought up above, many many people would love to hear about it.

~~~
radu_floricica
I'm sorry, but this is FUD. I have at least two objections to what you say
(for the record, I'm not american).

1\. Do you really want to live in a society where a visit from the police
means a busted door _just in case_? If things degenerated so badly, the police
has already failed, and failed hard. I mean Rwanda/Congo hard.

2\. Since we both know this is not the case, and most visits from the police
are done in the old-fashioned knock-on-the door manner, we have to wander if a
pimpled faced computer hacker has _any_ quality making him more dangerous then
average. I suppose a bureaucrat might go and say hacking was an act of
terrorism and terrorists use bombs, but for any sane person it's pretty clear
he is not above average. He's scraping the bottom of the barrel, statistically
speaking.

I therefore tend to conclude that the busting of the doors is uses as a
deterrent. A message for the Anonymous that if you play with fire, you'll have
FBI agents with guns in your room.

~~~
roel_v
(I'm not American either)

Re: 1, maybe I didn't make it clear enough in my original post, but indeed in
general police _do_ knock on the door, so I think we agree on this point -
raids are the exception rather than the norm, but my point was that _if_ there
is any doubt at all whether or not a raid would have _any_ advantages, then
the raid option will be chosen over the knock-on-the-door option.

With this clear - re: 2, and in the specific case of computer crime, raids are
SOP because suspects have a high probability of destroying evidence; at least
here in the Netherlands (and policy here are, to put it mildly, not the Wild
West type) this is the reason and practice. There have already been a number
of cases where suspects (in child pornography cases) were literally forcefully
pulled from behind a computer because they were deleting files as soon as they
got wind of the police.

So yes, in case of computer crimes, entering with force does make sense (maybe
not always - there have also been cases of 16 year olds where the police
showed up when they were in school).

We don't know the real circumstances of these raids. Maybe there was a
deterrent/revenge component (which would be illegal and undesirable), we don't
know. Point is that the knee-jerk reaction(s) I was replying to are just that,
and lacking any nuance. Many interests have to be weighed and safety of police
officers and having a reasonable chance to save evidence are some of the
factors that have to be weighed against the interests of the suspects. This
may sound, in the limited context here, like I'm advocating a police state and
anyone who knows me IRL knows that I usually am on the far opposite of that;
but some force on entry is not a big a deal as some people make it out to be.

My (admittedly long-windedly made) point: no you're not being oppressed
because the police put a hole in your door in the course of investigating your
malicious disturbance of someone else's business.

------
lukeschlather
>The FBI yesterday reminded the public that "facilitating or conducting a DDoS
attack is illegal, punishable by up to 10 years in prison, as well as exposing
participants to significant civil liability."

What exactly is the relevant statute? As the other Ars article on the subject
states, it's the digital equivalent of a sit-in.

~~~
InclinedPlane
It's silly to pretend that a DDoS attack is the same as a sit-in, such a
contention is intellectually and morally bankrupt.

Moreover, sit-ins are not legal either. If you choose to attempt to disrupt a
place of business and you refuse to leave private property when asked to do so
you can be arrested.

~~~
steveklabnik
> such a contention is intellectually and morally bankrupt.

Could you expand on this a bit? I actually believe that it's very close to the
same thing, but I'd like to hear your reasoning.

> Moreover, sit-ins are not legal either.

You are correct. This is why it's called 'civil disobedience.' Sometimes, the
best way to change a law is to break it. And break it publicly. It doesn't
mean that you'll be spared a sentence, but the idea is that the sentence is
worth it.

~~~
InclinedPlane
Sit-ins are inherently sacrificial acts.

The purpose of a sit-in is to stage a non-violent, disruptive protest which
forces a response, typically being arrested, from a business owner or
government. If there is no response because, for example, the business owner
is too shamed to respond then either the disruption continues until the
protesters demands are met or the protesters eventually give up. If there is a
response, such as use of law enforcement, then there is the opportunity for
the protesters and their cohorts to get the message out, raise awareness, and
gain sympathy and support from the public at large.

Anonymity changes the equation entirely. Sit-in protesters blatantly flout the
law and beg to get arrested, so as to demonstrate their conviction for the
rightness of their cause and to gain publicity. Anonymous DDoSers aim only to
disrupt, whatever message they have is lost to the public because nobody can
know for sure who the people responsible (4chan also apparently DDoS'd
minecraft.net for a while, what was the purpose of that? wikileaks itself was
DDoS'd for sometime, what was the purpose of that? it's hard to say because
these are just anonymous _attacks_ rather than actual, disciplined protests).
DDoS participants don't expect to get caught, let alone to be arrested, as
witness the reactions of the folks in the main article.

An anonymous, or attempted anonymous, denial of service attack is more akin to
throwing bricks through a storefront window or arson. It is disruption
completely unmoored from personal sacrifice, civil disobedience, or the
context of a cause.

It is thus properly a more _violent_ form of protest than a sit-in and we have
all the more reason to despise such things because of it.

~~~
JoachimSchipper
If you're smart and _know_ that using your home PC for DDoS attacks is likely
to result in trouble for you, a DDoS attack is no less sacrificial than a sit-
in (in fact, due to the propaganda against "hackers", you're quite likely to
get a harsher sentence).

Also, where do you get the idea that non-violent protest doesn't hurt the
people being protested against? If someone chains himself to a tree about to
be cut down, cutting the chain _will_ disrupt the tree logging operation.
Greenpeace isn't violent, but some people/organizations _hate_ them, and with
good reason. Gandhi wasn't violent, but he did cost the British a sizable
chunk of their empire (which they'd arguably have lost anyway, but still.)

Now, DDoS is likely not as effective a protest as a sit-in, and it's entirely
possible that most of the anons figured they'd never get caught - but that's
not the point.

~~~
InclinedPlane
As I mentioned, sit-ins are non-violent, _disruptive_ protests designed to
raise awareness.

This does not mean that any form of disruption is analogous to a sit-in. If
you know that you'll be arrested for a DDoS attack then certainly that's a
sacrificial act (though to map closely to a sit-in you'd have to announce
publicly what you are doing). However, even then that doesn't necessarily
account for the damage participating in a DDoS can bring. Sit-ins rarely cause
the loss of hundreds of thousands of dollars in business.

As it stands the debate is academic and the comparison is irrelevant. To date
the number of DDoS attacks that have been carried out in public with full
listings of the names and contact information of the participants is precisely
zero.

You can hide behind a mask, or an IP, and you can throw your packets or your
molotov cocktails at those folks you consider "the bad guys", securely smug in
your knowledge that you're fighting the good fight. But that's an illusion.
You're not Ghandi, you're not Rosa Parks. You're just another jerk with an ax
to grind who doesn't have the guts to accept any consequences for his actions.

The reason sit-ins are lauded and DDoS's are shunned is because people who
abuse the disruptive power of a sit-in to fight for worthless causes or their
own self interest are simply sent to jail. Whereas most perpetrators of DoS
attacks go uncaught.

------
monochromatic
What's the justification for no-knock raids here?

~~~
cagenut
Whole drive encryption. I've seen docu-drama's where they actually break in
when they know the suspect has gotten up to go the the bathroom/kitchen so
that he can't reboot the computer.

Then, like all things with a shred of reasonableness too them, they become an
awesome "check this box every single time" way of doing business for the guys
who get their thrills kicking in doors.

~~~
w1ntermute
> I've seen docu-drama's where they actually break in when they know the
> suspect has gotten up to go the the bathroom/kitchen so that he can't reboot
> the computer.

Any specific examples? I'm interested in watching them.

~~~
cagenut
sorry no, all I can say is watch a lot of msnbc/cnbc/discovery-channel at
terrible odd hours or weekends, but thats just about the worst advice ever

------
f1gm3nt
"...and the first FBI agent in the door could be heard yelling 'FIRST'!..."

------
jtchang
My tax dollars are going to this. I feel robbed.

~~~
fleitz
Thats why taxes like robbery is done by threat of force. Otherwise no one
would hand their money over to be wasted.

------
Jach
I'm concerned about the knock-down approach by the FBI.

Say I live in a state which allows one to kill home intruders on sight, could
I not legally set up an alarm system that sprays some bullets in the direction
of the door if it's opened without being disabled? By knocking I can disable
it and let them in instead of having a few dead FBI agents on my doorstep.

~~~
mquander
Of course you couldn't legally set that up, are you insane? On what planet
would that be justifiable? Even in Texas, you need to demonstrate a reasonable
belief that you were in imminent danger of being robbed or attacked before you
are permitted to use deadly force on an intruder in your home.

~~~
burgerbrain
Somebody bursting down your door in the middle of the night isn't "reasonable
belief that you were in imminent danger of being robbed or attacked"? What
world do _you_ live in?

Ignore the silly mechanism described, and imagine you're sleeping in bed with
your wife at 3am, and are a completely law abiding citizen as far as you are
concerned. Why would you possibly have any reason to believe that the people
violently breaking down your door and and yelling have good intentions?

This isn't hypothetical, this kind of shit has actually happened. _Both_
innocent people, _and_ cops, have died in these sort of situations.

~~~
mquander
The grandparent post wasn't asking what would happen if you woke up at 3 AM
and shot a policeman mistakenly. He was asking whether it would be legal to
rig a booby trap to do it! Those are extremely different situations, to say
the least! You're arguing with a straw man.

~~~
burgerbrain
_As I interpreted it_ , the grandparent post foolishly tried to express his
more general question by coming up with a silly hypothetical^ device. The
purpose of the device was to injure a police officer as a result of the home-
owner not being aware of what was going on.

I've taken the hypothetical device out of the question by pointing out that
there are real-life situations where no-knock raids have causes unnecessary
loss of life. I'm not arguing with a strawman, but rather restating the
grandparents original point/question in a less absurd and tangential fashion.

^I sure as hell hope it was hypothetical anyway...

~~~
Jach
Yes, my hypothetical wasn't taken so well. I may set up a simple audio alarm
with an analog circuit if I ever feel like it, but of course a rigged gun is
stupid. (I'd end up making it disabled via remote control too but then I'd
worry about it not actually being disabled as I'm opening the door, even if it
makes a disabled noise...)

I should have stuck with the Microwave example below, that's cooler anyway.

------
a904guy
Reminds me a moment from the movie Hackers.

"You hacked a bank across state lines from your house?"

"...Stupid..."

------
jrockway
It's funny that Mastercard can't defend against an attack that my home router
is capable of defending against. (A big limit on connections per /24 per
minute should solve this problem. So will using a smart webserver or frontend
proxy that doesn't care how many idle connections there are. Then all you have
to worry about is bandwidth saturation rather than your servers crashing.)

But the lesson here is, when you visit a web page, a line in a log that
identifies you is generated. Generate too many of these lines, and, one line
of Perl later, the cops are going to be asking you some questions. Don't
participate in a DDoS attack unless you're absolutely sure that nobody is
logging your traffic. And that is something that's impossible to be sure of
these days.

~~~
axod
You can get people to participate in DDoS attacks with a malicious website
though.

Just use some JS to create image elements, script tags, iframes etc all with
sources pointing at the target, should be able to do a few hundred a second at
least.

Even trivial to get people to participate without using javascript. Just pop
in a hidden iframe with a million <img> tags in the source.

As things move on, I don't think individuals who happen to fire off a few
hundred requests at a website should be investigated/prosecuted/etc. Website
owners just need to get better at protecting their systems.

~~~
abstractbill
_Just pop in a hidden iframe with a million <img> tags in the source._

Mostly agree, but thought it worth pointing out that no browser will respond
to this by parallelizing the million requests - most browsers don't ever open
more than a dozen or so concurrent connections to one site. So this wouldn't
do as much as you might think, unless you could get lots of users to stay on
your page for a long time.

~~~
maqr
How about Flash? I'm pretty sure you can have as many open connections as you
want that way.

~~~
cft
not only that, in Flash you can write a for {} loop that will bombard the
target with requests, as long as the movie is running. The ultimate example
would be compromising Youtube's SWF player, and using it as a DDOS bot.

------
tomelders
It won't be long before someone get's shot over all this, and it'll be the
"powers that be" that drive the escalation.

Petty, fearful little people.

------
starpilot
I love the first quote: I'm not retarded ... Yes, I'm f __king dumb.

------
borism
Let me get this straight. All this fanfare, and all they got was a bunch of
teenagers (who most likely are not even legally liable) + their moms?

~~~
tptacek
What does being a teenager have to do with being liable? If they're criminally
liable, they'll be tried by a juvenile court. If they're civilly liable, their
parents will face civil suits.

~~~
ugh
Are parents civilly liable in the US when their kids do something? That’s
under most circumstances not the case in Germany. It is possible but the
barriers are extremely high.

A thirteen year-old downloading software off the internet and using it is age
appropriate (i.e. it is not reasonable for parents of teenagers to check
everything they are doing online), the parents would consequently not be
civilly liable in Germany.

(This is my personal extrapolation of the respective German laws. The case I
know about is the following: Two twelve year-olds walk home unaccompanied from
a nearby playground and decide on their way home to slash the tires of a
neighbor’s car with a small swiss army knife one of the kids received as a
present. The parents aren’t civilly liable in this case because it is age
appropriate for twelve year-olds to walk to a nearby playground and back alone
and it is also appropriate for one of the kids to own a small swiss army
knife. There is nothing reasonable the parents could have done to directly
prevent the incident.)

~~~
tptacek
The laws vary from state to state, but, generally, yes.

