
 The FBI took -- and mysteriously returned -- their server - wglb
http://redtape.msnbc.msn.com/_news/2012/05/11/11647813-the-fbi-took-and-mysteriously-returned-their-server-heres-their-story#.T6zg38SqLMQ.twitter
======
ahi
A smaller issue in this story but still important; what kind of data center
gets a search warrant and server pulled, and doesn't immediately notify their
client? Are they legally prohibited from doing so? Then they let the FBI put
the possibly compromised server back on the network? WTF?

~~~
maratd
> Are they legally prohibited from doing so?

Yes. They can be charged with obstruction of justice or interfering with an
investigation.

~~~
ahi
Still doesn't make much sense. The client is going to figure it out. Also, a
search warrant doesn't give the Feds the ability to put it back. Maybe with a
national security letter for the purpose of putting spyware on it? But even
then the server owner is going to notice that their server went missing for a
couple days. "Must have gone for a long walk. Glad it's back," is not how I
would approach it.

~~~
maratd
> Still doesn't make much sense.

On the contrary, it makes perfect sense. It gives the FBI or any law
enforcement agency sufficient leeway to do as they please, which is always the
intent of such laws.

> The client is going to figure it out.

The only thing the client knows is that their server isn't working. Not that
they are about to be raped by the feds.

~~~
ahi
1) Their actions don't make sense. The law is what it is.

2) In this case the Feds had already paid them a visit. If they are trying to
run a covert surveillance operation they really suck at it. Even without the
FBI visit I am still going to figure out what the hell happened to my server.

Worst wire tap job ever? Helpful FBI agents with experience in network
operations want to make up for needlessly inconveniencing someone? Some other
three letter agency tells them, "we were using that, could you put it back?" ?

------
RyanMBoland
I'm a student at the University of Pittsburgh. From that point of view, this
seems like a perfectly fine action to take. The FBI agents may have disrupted
service to a few hundred users, but these threats were affecting thousands of
people.

I don't know if these anonymous email threats were unprecedented or not, but
they certainly present a huge challenge to law enforcement. What would have
happened if the people responsible didn't just stop?

Of course, you could subscribe to the view of the conspiracy theorists among
us who feel that the FBI did actually catch the people responsible and are now
employing them. :P

~~~
BryanB55
I pretty much agree, they talked about "innocent peoples privacy" but if they
are truly innocent then it shouldn't matter if the FBI sees their information.
If my data were on that server and I was doing nothing wrong I really don't
think I would mind handing it over to the FBI to help find even the smallest
threat to our country.

~~~
RyanMBoland
But, was anyone's personal data really on that server? If it's an anonymous
emailing service I would think that just the service was disrupted.

~~~
BryanB55
Could be. I'm curious to hear why my comment was down voted though, regardless
of whether there was information on the server or not. It seems a lot of
people are always screaming "privacy!" and when I mention I'm willing to give
up some privacy to protect the safety of other people and our country others
do not agree with me. What is it you think will happen if the FBI gets a hold
of your data on a server? This of course is just my opinion and I respect
everyone else's opinion but I would like to hear a counter argument.

~~~
AkThhhpppt
You're getting downvoted because you've just rephrased the "if you've nothing
to hide, you've nothing to fear" argument. Here, have a counterargument:
[http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565...](http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565&);

~~~
BryanB55
Thanks. I'll look it over.

------
lincolnwebs
If that were my server, I'd pull the data needed and burn the hardware. Never
use it again.

~~~
Nrsolis
NFW.

I'd build a new machine from scratch, at a different datacenter, using
pristine code and data from backups.

Once a machine has been in an adversary's possession, not even the data is
safe.

That said, the FBI probably just imaged the drives. They're not as
clueful/devious as many think they are.

~~~
alecco
They do hire clueful contractors once in a while.

~~~
Nrsolis
Correct. But the guys were probably Special Agents and were from the data
forensics group that are recruited into the DoJ specifically for their IT
skills.

It's also possible that there was a Special Agent + Contractor team working.

BTW, they are probably not very happy that video evidence of their activities
was captured and published. Don't look for them to make that mistake again.

------
patrickgzill
Here is my question...

If you rent an apartment, even though you don't own the building, you have
"rights of tenant in possession". Basically the apartment is "yours" and you
have rights. If a search warrant is to be served to search your place, it gets
served on YOU, not the owner of the buildng.

If you rent server space, like a rack in a datacenter, that space is "yours".
So should the search warrant have been honored?

~~~
corin_
Generally speaking you aren't renting server space, you're renting server
equipment i.e. the rack, hardware, power, networking, so I would imagine that
would or at least could be the difference.

~~~
patrickgzill
Good point, it would in fact make a difference.

I read the article, they do say "colocation"; besides which, XO Communications
does not rent servers as far as I know. So that seems to point that they were
renting the physical space that their servers are in.

Would it make a difference if they were just renting a partial rack, or a full
rack that goes all the way down to the floor and is enclosed? I don't know ...

~~~
corin_
Surely even then the rental contract would specify the equipment they rent,
not the space - the data centre could move their rack to a different physical
location at any time.

~~~
patrickgzill
I will tell you that unless something is on fire in my rack, no one from
Level3 will even _touch_ anything - and even then they would hit the fire
suppression button and leave the room. They do not touch anything in a
customer rack. (I have two racks in a local facility owned by Level3).

The contract I signed, had a clause that said if they had to move me somewhere
else, they would pay all costs of doing so. I don't know how standard a clause
this is.

~~~
corin_
OK I simplified a little, but if there was ever any reason to move a rack and
it could be done with zero downtime, the arguments against it are never going
to be "but that's my space I rented".

I rent a furnished appartment, and while the company that owns it would never
touch it without my permission, the contract is very specific about it being
_this_ building, they would never say "mind moving next door?" whereas with a
rack in a data centre, not only does the contract not specify exactly where
the rack is placed, it makes very little difference about it's exact location.

------
matthew-wegner
I've been in a situation where a server was temporarily pulled by feds. They
almost certainly just duplicated the drives with legally-sound forensic
software.

------
cnbeuiwx
Im surprised nobody is discussing the reason for the pull. Obviously the FBI
has copied all the data on the server and are now using a backdoor in the
encryption or brute force cracking to get into the information.

There is no such thing as safe data once the physical server is confiscated,
and people shouldnt trust standard encryption algorithms to be safe from
backdoors.

Microsoft Windows has had backdoors for a long time I reckon. Some of it are
called "bugs" once its discoved and fixed with Windows Updates. Other stuff
gets introduced that way as well.

Or they could have port knocking techniques built into the closed source
kernel to allow people who know the code to enter the computer without any
trace.

~~~
corin_
If you were the FBI, and you had a backdoor already built into the software
running on that server, would you really confiscate it and take four days to
use it rather than leaving it running and hoping nobody notices you came by to
activate it, and/or having it be activated over the network?

~~~
cnbeuiwx
The server was probably not running Windows.

~~~
corin_
Was replying to " _are now using a backdoor in the encryption_ ".

------
protomyth
I wonder if we've got to the point where it might actually be worth putting a
camera into the server case that streams to another site? You really only have
to keep under an hour of video.

------
biancabronx
Scary stuff. The state of privacy in society today is nothing short of scary.

