
Cock.li e-mail server seized by German authorities, admin announces - aaronem
http://arstechnica.com/tech-policy/2015/12/cock-li-e-mail-server-seized-by-german-authorities-admin-announces/
======
detaro
Interesting that they only took one of the disks. a) a more aggressive
forensic approach would avoid the server to be shut down if at all possible
(getting data in RAM or on encrypted partitions) and b) it is very restrained
in comparison to other seizures.

I'd say that if they believed he were actively complicit or would do something
to hinder the investigation, they would have been more aggressive, possibly
went after machines in his home as well. Of course, if I'm right with this
assumption, why didn't they contact him, but went directly for the server via
the hoster. (I'm actually not sure how the law works with regards to seizing
data vs seizing the (probably provider-owned) media it is on)

Also, I guess the "just take one of the RAIDed disks" in this way is only
possible if you run a server provided by a known hosting provider, were it
isn't the first seizure for both police and provider. The provider knows how
the servers are set up, law enforcement trusts that the provider just wants to
get everything done as quickly as possible.

~~~
nickpsecurity
"I'd say that if they believed he were actively complicit or would do
something to hinder the investigation, they would have been more aggressive,
possibly went after machines in his home as well."

My thoughts exactly. His reputation of cooperation might have helped him out
here. Nice of them to leave enough stuff to keep the service online. Many
small-time operators hit by FBI over here aren't so lucky. They'll take down a
whole colo worth of clients sometimes.

------
doener
Discussion on 8ch.net:
[https://8ch.net/tech/res/473045.html](https://8ch.net/tech/res/473045.html)

------
jack9
> I have no idea why this is happening."

I'm very sure he does. It's been explained thoroughly.

~~~
x1798DE
Care to share with the rest of the class?

~~~
jack9
What? You mean you didn't read the article?

> Cock.li was reportedly used last week to send a bogus bomb threat e-mail
> from "madbomber@cock.li"

Of course they are going to take records (and from the files of how very
unlike-the-US-can-the-germans-be) leaving the system running and intact. If
you didn't read the US news about the trouble it caused, go back to skimming
headlines.

------
vox_mollis
How, exactly, did German authorities come to decide that California has
jurisdiction in Germany? Was this pursuant to MLAT?

~~~
s73v3r
Are you saying that one should be allowed to threaten to kill people in one
country from another, and not be held accountable?

~~~
jacquesm
No, he definitely was not saying that.

~~~
cpncrunch
That seemed to be the implication.

~~~
wrong_internet
OP specifically asked if it was pursuant to an MLAT obligation. That alone
makes it clear they were asking in earnest.

~~~
cpncrunch
And yet OP also asked how California had jurisdiction in Germany, which
implies that the question was more of a passive-aggressive disapproval. Even
if it was MLAT, California still wouldn't have jurisdiction in Germany. OP
seems to be implying "fuck off California, you have no jurisdiction in
Germany".

The whole thing seems to be more about shared moral responsibility rather than
MLAT, which is what s73v3r was getting it.

------
runn1ng
cock.li. The proud owner of nigge.rs, horsefucker.org and goat.si.

RIP in peace

~~~
leppr
The "anonymous mail service with offensive names" could be made a standard
indicator of a country's freedom of speech status.

Actually, that'd be a good research project: setup and host such a service in
as many countries as possible, wait as they get shutdown (+6
points)/subpoenaed (+3)/ddosed (+1) and make a map.

~~~
Bud
Not responsive or relevant to this situation, in two very important ways:
first, this isn't just any email service, a threat which cost millions of
dollars was made from this service. Second, and more crucially, the service
was NOT shut down.

~~~
bendykstra
> a threat which cost millions of dollars

It was the reaction to the threat which cost millions of dollars. We should be
careful to distinguish between the costs of terrorism and the costs of our
reaction to it.

~~~
cpncrunch
You might think differently if you were responsible for those children. Do you
want to take the risk that it might be a real threat? How do you tell the
difference between a real threat and one that isn't real? I'm guessing the
people at the school district thought the small risk wasn't worth it, and
decided to close the schools. Who would want to be labelled as the person who
didn't close the schools if someone ended up getting killed? Even if the
threat seems implausible, it must be a very difficult decision to make. There
have been many bomb threats recently, probably mostly implausible, but for
every one of them the airline acts as if it might be a real threat.

~~~
aaronem
You might not, too. The LA district shut down. The NY district, which also
received a threat, did not. Why? And why the difference in response?

~~~
mikeyouse
Why a difference in response? A few days earlier, less than 100 miles from the
LA school district, 14 people were killed by ISIS-inspired terrorists who also
had a garage full of pipebombs. What administrator in their right mind
wouldn't be extra cautious with specific threats?

------
bloody1
This guy deserves to be in jail. I am DISGUSTED at a human like this roaming
free after threatening to hurt millions maybe even BILLIONS of children! Shame
on this man!!!

------
necessity
Imagine if this was regular mail.

It's the equivalent of German seizing private mail from EVERYONE that uses the
hypothetical Cock Postal Service because one individual used that same service
in the US to make a threat.

This is ridiculous. Outright abuse of power and invasion of privacy. Yet
another reason to encrypt everything.

~~~
cpncrunch
It's more like seizing the customer records from Cock Postal Service
(presumably operated by James May).

My guess is that the fact this guy ran the operation from his bedroom, and
they weren't sure whether he would co-operate or not, was the reason they
seized the disk rather than just subpoena him. Presumably if it was hotmail or
gmail this wouldn't have happened.

I think it's good that this scumbag cocksucker is going to get his commuppence
(I'm talking about the idiot who sent the email, not the guy who runs the cock
email service). He's obviously a bit of an idiot to use an email service that
says "will report any illegal activity to the relevant authorities" rather
than one that is actually properly encrypted (if such a beast even exists at
the moment -- they seem to all get DDoSed out of existence by China or similar
pretty quickly).

~~~
gruez
>My guess is that the fact this guy ran the operation from his bedroom, and
they weren't sure whether he would co-operate or not, was the reason they
seized the disk rather than just subpoena him. Presumably if it was hotmail or
gmail this wouldn't have happened.

Is this somehow supposed to be acceptable? "We weren't sure you would come
down to the station and answer some questions, so we arrested you (without
charge) and held you for a day."

~~~
cpncrunch
Isn't it normal for police to seize evidence in cases like this? Your
comparison doesn't seem very helpful, as there is a big difference between
holding someone at a police station vs seizing evidence.

~~~
gruez
I admit there is a big difference between someone's property and someone's
liberty. However I still don't feel it's justified to potentially invade
thousands of other user's privacy in order to gather evidence, especially
since they could have subpoenaed him and he has a history of complying with
such requests.

------
hasenj
It sounds like someone doing an experiment to see if he can get the government
to take down a server.

Much more efficient than DDoS attacks.

Simply find a way to make the domain seem suspicious.

