Hacker News new | comments | show | ask | jobs | submit login
FBI seizes riseup.net server (riseup.net)
253 points by quadrahelix 2066 days ago | hide | past | web | favorite | 106 comments

I do not understand the sledgehammer approach the FBI 'cybercrimes' division deals with things with.

The FBI are not police, are not detectives, and are not competent in these matters. I'm sorry but covert monitoring of a server is going to be vastly more beneficial for an operation than taking the server and is going to net more targets and more evidence.

I remember stories of the FBI sitting on a known front for organized crime and waiting until they got someone worth catching before making a move.

It's a universal truth that any action has a reaction. If the FBI shut down a money laundering front, then the Mob would get wise and get more sophisticated and you won't hurt their operation. If you wait until you can link someone important to the Mob infrastructure and then make a move, then you've seriously effected crime in a city.

The FBI does shit like this and Megaupload before they appear to have their ducks in a row. They don't know what they're doing, and don't know what they're looking for so they consistently appear to jump the gun.

My only thoughts with this are that someone with a lot of power and influence is making this happen. What I wonder is what politician or presidential candidate/whatever has a lot vested and a lot to lose from someone finding out they/their kids/their family is pirating, or running anonymous operations, etc. Seriously, it's the only reason I can think of other than incompetency as to why the FBI is consistently jumping the gun.

> I do not understand the sledgehammer approach the FBI 'cybercrimes' division deals with things with. ... I'm sorry but covert monitoring of a server is going to be vastly more beneficial for an operation than taking the server and is going to net more targets and more evidence.

I wonder if they'll auction off the server?

Fun fact. The federal government makes ~$3 billion a year off asset seizures. They don't have to charge people with a crime to seize property - the trial is actually conducted against the property itself.) The law enforcement agencies responsible get to keep 50-80% of the proceeds.

http://reason.com/archives/2010/01/26/the-forfeiture-racket/... (disclaimer - source does not pretend to be unbiased ;)

Yeah, but they have to hold on to that stuff for a while. a 5 year old cash is still cash. a 5 year old computer is a doorstop.

I would point out the fallacy in your statement - but I will let you figure it out in the next 5-10 years.

I believe he is hinting at inflation damaging the value of cash in the next 5 to 10.

I would be very interested in the fallacy you see, yet I see none.

Servers lose 90% of their value in 5 years. Cash will not.

Readers from Argentina and Zimbabwe might disagree.

2 things.

1. Police are taking at least 20% hit right off the top. so, sure $1000 turns into $750 at 5%, the police are going to be looking at $600 profit, at the very best. a $1000 computer would be more like $100 dollars after five years, in which the police keep $80 bucks.

2. You can pirate all the copyrighted material you want in Argentina and Zimbabwe. Furthermore, neither of those countries really care about property rights. if the government wants your stuff, they just take it anyway.

Yes, but the data on the server may still be valuable (e.g. to an identity thief).

Are there any legal scholars, lawyers, or law enforcement around that can comment on why they would take this approach? Would the burden of proof required for wiretapping authorization be more stringent than for seizure of a server? Could they have actually already been tapping the communications in and out of riseup and performed the seizure to use the server as evidence in a case that was already prepared based on information pulled from the tap?

> The FBI are not police, are not detectives, and are not competent in these matters.

Actually the FBI is a law-enforcement agency with the statutory power to investigate and arrest people for the violation of certain federal laws. I'd consider that police.

Yep. It would also astound me if they didn't have at least some cyber-competent people in their organization.

I'm sorry but covert monitoring of a server is going to be vastly more beneficial for an operation than taking the server and is going to net more targets and more evidence.

They do this sometimes. You don't hear a lot about it, because it is covert, and nobody makes a stink about it in the headlines. But it is time-intensive and expensive, so you can't do it all the time to every target of interest. If you believe the servers already have all the evidence you need, and you can get the servers, it makes sense.

It's like the difference between hiring a private eye to shadow someone for a month, and simply requesting a subpoena. Both have their place.

I wouldn't say they use a sledgehammer approach. I used to own and operate an anonymous email service until the FBI called me one day for the user data. I never ended up giving it to them, but I immediately shut it down after that. They were nice, cordial and understood that I was not the one using the service maliciously.

They may well be doing that in many cases, but we only hear about the occasional dramatic seizures. And the dramatic seizures may be prompted by internal politics -- some manager needs to show that his team is doing something in order to justify his budget, so he makes a visible move and gets some publicity.

It would be interesting to correlation frequency of these stories with FBI budget cycles.

They say they took the server for investigative purposes. If true, all they needed to do was take a copy of the disks. At worst the service might have been offline a few hours.

The purpose was to disrupt and stop the service with minimal effort and without having to wait for a trial. They were able to judge and punish a business without trial.

Why would they do that? In this case it might be the very common law enforcement motivation of doing something, anything.

It was already well known that the FBI was talking with and investigating May First/People Link. Whoever is sending in the bomb threats to U Pittsburgh already knows it as well. So there was no point in 'staking out' this server.

They probably just seized it for evidence collection. May First/People Link said they don't keep any logs. Maybe the FBI didn't believe them or think they can do some 'advanced forensics' on the HDD.

This isn't a "sledgehammer" approach. The operators made an explicit choice to stick a bunch of mailing lists and websites on the same machine as a remailer. A reasonable person would expect the remailer to eventually be used to commit a crime.

It's like keeping your kids school books and a kilo of cocaine both in your cars trunk, then complaining when the FBI takes the whole car into evidence.

Its more like a commercial airplane being seized because one of the passengers smuggled drugs. I think its reasonable to assume that during the life of a commercial plane, a passenger will eventually commit a felony(smuggling drugs/contraband) on it.

Whoah whoah whoah! Is a remailer really === a kilo of cocaine? Seems like it's more like a car sans license plates, operating in a state where license plates are optional. (But hey, if you use that car to transport a cool k...)

Sure. Because you have no idea if that remailer is going to be used to leak information on civil rights abuses or to plan the assassination of an official.

I run a number of Tor nodes. I follow the Tor mailing list. I understand that what I am doing is not illegal, but is still very risky. What have I done in response to that risk? All my important shit is hosted elsewhere.

Of course, possessing a kilo of cocaine is illegal. Hosting an anonymous remailer, is not.

I have friends involved in Riseup, and I know they do good work. Software projects like monkeysphere and backupninja. Didn't realize they hosted so many mailing lists, apparently 14,000.

This is a good time to https://help.riseup.net/en/donate .. lots of options, including bitcoin and flattr.

With this rash of seize-servers-first-ask-questions-later, sounds like we're heading for a reprise of the glorious Steve Jackson Games era of blunt-weapon policing tactics when it comes to technology.

I'm sorry, but what are you referring to?

The FBI raided the offices of Steve Jackson Games because Loyd Blankenship, the author of GURPS Cyberpunk, was the subject of a crackdown for disseminating a (largely non-technical) document about the E911 system on his BBS.


Check the external links here for free versions of The Hacker Crackdown, a non-fiction account of the whole situation by Bruce Sterling.


You made me feel old. As others commented before, the documents at stake were released int he Phrack magazine (which had a HN article some days ago because of a new issue).

The E911 article is:


The funny thing is that after all the noise the FBI and government made, it was found that the same document was kind of publicly available (or easily obtainable by anyone).

Good times those :)

I don't have a written source, but according to my Russian friend, the position of the Russian govt on Bitcoin goes something like "We will have non-technical solutions for your technical mumbo-jumbo." Interestingly, Russia and Ukraine rank #1 and #2 on http://www.google.com/trends/?q=bitcoin

So if riseup.net had been hosted on, say, EC2, what would the FBI have seized? The server hosting the VM and many other completely unrelated VMs? Scary thought.

Also, if you haven't done so already I encourage you to read the FAQ at the end of the page. It has one of the best answers to "Doesn’t Mixmaster/anonymous remailers enable criminals to do bad things?" I've ever seen.

If previous seizures are any indication yes. They identify machines by IP and even if its a virtual machine they seize the server running it.

Can't comment on whether or not its effective, and of course if you have a disaster recovery plan and your site pops back up I don't know what they do, I guess they play whack-a-mole with search warrants.

Wait, seizing server running VM makes zero sense - VM can be run on different physical servers at different moments and freely migrated. What would they be seizing actually - silicon and metal in hope it somehow would given them a clue about something that happened eons (in CPU time) ago on the same hardware? That's like arresting a person because he was breathing the same air as a criminal did. Even if Amazon does not actually migrate VMs I'm sure some other cloud providers do. OTOH they could seize storage media where the images are stored. That would be a major catastrophe for any cloud provider.

Can you cite any examples of this ever happening? I am curious now.

Is there a law enforcement backdoor in Amazon TOS?

America's online law enforcement shaping up to be pretty much like the war on drugs.

No, war on drugs is causing thousands of fatalities a year throughout N and S America. The people pushing that have a shitton more blood on their hands.

I say this not to be disagreeable, but to highlight how bad the WOD really is.

In other words, useless?

Useless with respect to the purported goal, but they both certainly serve a real purpose, providing a pretext to target undesirables.

And expensive

And with lots of innocent casualties

And corrupt

And supported by morons

And boosting economies outside of the US?

Don't worry about economies in EU, we've done a really good job in hamstringing with "social" policies. Compared with other countries law enforcement in US is pretty decent.

Let's see. In the war on drugs, a number of police forces have been caught delaying drug busts so that they can make more money from seizing cash (as opposed to seizing drugs). What's the cybercrime equivalent?

If you opt to not cherry pick the comparison, and look at the larger picture instead of trying to make it a 1:1 analogous comment, you'll probably find that what the OP of this chain was referring to is that both are shows of excessive waste where government entities are faced with something much larger than what they can lasso in, and are routinely going about very questionable methods to get what they want.

You may have read sarcasm into my comment where there was none. I am, in fact, looking for an analogous operation which provides the Feds with destructive incentives in the area of cybercrime enforcement.

I do not know of any, pulling from recent memory-however the point of my post was to highlight that you (in the general sense) can't reasonably deduce from alaskamiller's post there's going to be an exact parallel with cybercrime enforcement and drug enforcement; what I took from alaskamiller's post was that cybercrime enforcement shows a lot of the same characteristics as the war on drugs, as myself and other posters have already highlighted.

This seems like a no-brainer to me. The FBI has the duty to find the Pitt bomb threatener. Perhaps Mixmaster truly does make the email untraceable, but it's the FBI's duty to try tracing it - not to take the Mixmaster claims as fact. If the FBI has evidence that criminal emails passed through that server, I absolutely want the FBI to be able to obtain and execute a warrant to seize it and search it for evidence.

Analogy: the cops need to look at a gun store's records to track down a criminal shooter. The cops have reason to believe people with access to the gun store might go in and destroy those records. Should they be able to shut down the gun store (temporarily) and block access to it while they execute a legal search warrant on it?

The biggest injustice is that innocent private parties are forced to carry the costs of something that (allegedly) will benefit the public.

Investigations of crimes benefit the public, and so the public (taxpayer) should pay the costs of the investigation, not whatever private party the costs happen to fall upon. Taking this logic to its conclusion, in a fair and just society, if a law enforcement agency executes a search warrant, it should have to pay those affected by the search warrant the reasonable costs of that seizure (e.g. the cost of renting and deploying an acceptable alternative until the equipment is returned, or the cost of lost business if it is a purely for-profit organisation and loss acceptance appears to be the cheaper based on the information available to the business at the time). This wouldn't apply if the court was satisfied following a contested hearing that the person having assets seized was a party to a crime being investigated.

While the above would be fair, it is not how the law works in many jurisdictions, because politics works on what politicians can fit in a sound bite (lower taxes! more law enforcement on the same budget!), not necessarily what is fair to minorities like innocent parties having their equipment seized.

Criminals (and worse) use all sorts of things, including technology, that everyone else uses. By your logic, the FBI should execute seizure warnings against GMail, Yahoo mail and Facebook... every time they have "evidence that criminal emails passed through that server."

Frankly, your logic makes no practical sense.

> Criminals (and worse) use all sorts of things, including technology, that everyone else uses. By your logic, the FBI should execute seizure warnings against GMail, Yahoo mail and Facebook... every time they have "evidence that criminal emails passed through that server."

They do, actually, except most of the time they don't bother with the warrant, and it doesn't make the news because neither law enforcement nor the companies involved have any interest in disclosing it.

If secure anonymization technologies become a lot more common, law enforcement organizations will eventually learn not to bother. Until then, anyone running such a service (such as a Tor exit node) should expect to have this happen to them periodically.

The FBI should absolutely execute a seizure warrant against those companies, if doing so is effective, but:

- Those companies probably have too many servers and too much data to make seizing all of it productive.

- Those companies would be less likely to be effected, as they have backups and redundant servers for handling outages.

- Those companies keep records that they provide to law enforcement when presented with a warrant or subpoena.

It's 100% ok to run an anonymizing remailer, with no backup strategy in place. It's retarded to act surprised and indignant when the server gets seized because it was probably used to commit a crime.

It's retarded to act surprised and indignant when the server gets seized because it was probably used to commit a crime.

Did you read the press release? Riseup was not running the anonymizing remailer, it just happened to be on the same physical machine as some of Riseup's infrastructure/e-mail accounts/listservs/etc.

From the press release:

The seized server was operated by the European Counter Network (“ECN”), the oldest independent internet service provider in Europe, who, among many other things, provided an anonymous remailer service, Mixmaster, that was the target of an FBI investigation into the bomb threats against the University of Pittsburgh.

Good point. Then it's ok to be surprised. This is a non-obvious risk of shared hosting.

Further, Public Enemy Number 1 (Bin Laden) purportedly used basically no direct network technology to disseminate his bidding he used a sneakernet to get info to various folks.


Obviously the person down voting me is not aware of how Bin Laden used USB sticks...


Law enforcement can of course do seizures when it's warranted. But in this case they, as I understand, did not try to get logs in regular ways (i.e. just asking for them) and there actually is no logs useful for them. So it sounds like an intimidation move - "keep logs so we could have them or we'd just take everything". Using you analogy, it's like when FBI wanted records from gun store and the owner said he doesn't have them, they would just demolish the whole store and move it to FBI facility in case they could find something hidden in the walls. Clearly looks like scenario of "you better give us what we want and quickly, or it would be a world of pain for you, regardless of your innocence and absence of connection to any crimes". Case in point: http://news.ycombinator.com/item?id=3865942

Another question pertinent to the hypothetical situation you pose: Should the FBI be able to keep the store's records of purchases made by other citizens not under investigation if they are "accidently" discovered during the process of search?

Under previous federal administrations, such information was required to be destroyed if collected. However the current administration and counter-terrorism guidelines assert that such private information may be held for 5 years, and shared between government agencies.

The building I work in and practically live in as student was evacuated two hours ago due to a bomb threat, and as of today 11 bomb threats have been made across campus. The total of bomb threats made is now 126. It is ridiculous.

I do not agree with the FBI confiscating servers to figure out where the anonymous bomb threats have been coming from, but I'm kind of glad they are and feel bad for that.

When was the last time a bomb threat was followed up with an actual bomb in the US? Maybe it's time to stop blindly evacuating buildings in response to anonymous messages.

1996: Pipe bomb at the olympics in Atlanta http://en.wikipedia.org/wiki/Centennial_Olympic_Park_bombing

But really, what you're complaining about is CYA (cover your ass) security. It's a lot easier for the person in charge to decide to clear out the building, and answer to a bit of grumbling with "just doing my job to keep you people safe" than it is to deal with the (extremely unlikely) fallout that would come from ignoring a real bomb.

Not sure if it's CYA security or just the immensely aggravating ease with which a group of people can be terrorized by an anonymous message that the poster you are responding to is complaining about.

I mean, that is the Essenes of a bomb scare as opposed to a bomb threat or an actual bomb, no?

Most people don't believe a bomb will actually blow up or something on campus. I think what freaks people out is notion that the person(s) making the bomb threats are trying to observe the patterns and behaviors of how people react during an evacuation.

Pitt has the tallest educational building in the US (Cathedral of Learning - which has had 14 bomb threats), plus many other buildings on campus are rather tall too. I cannot begin to imagine how exhausting these bomb threats have been to the police. Many people don't want to evacuate the buildings either. But what if some lunatic takes advantage of how desensitized and relax people are becoming to go a shooting spree... that is the more scary thought.

Maybe the authorities should stop desensitizing these people by constantly subjecting them to false alarms, then.

Honestly it seems like person(s) making the bomb threats becomes more agressive with the threats when the university makes a public statement about it or when the police think they've caught someone or have a lead. A part of me wonders if the university might provoke the person(s) behind this to do something more extreme if the bomb threats started to be ignored.

I can imagine an awful fallout if a bomb went off, people died, and then later it was revealed that there was prior warning. Better safe than sorry works here, I think.

1993 World trade center

And today is the anniversary of the 1995 Oklahoma city bombing.

However I am uncertain if a "threat" was ever called in for either.

This is evidence that a called in thread will likely never be real - real attacks aren't called in with warnings.

If you are uncertain if a threat was ever called in for either, how are those answers to my question? I was specifically asking about threats that were first called in, then followed up upon. To the best of my knowledge, neither of those qualify.

Just because those didn't come with threats doesn't mean all attacks come without threats. Also it doesn't prove that all threats won't be followed by an attack.

The unibomber is one example. He would send mail bombs if newspapers didn't heed his threats and publish his ramblings.

Traditionally don't people that bomb things like it to be a surprise?

When they're doing it for political reasons, not always. Blowing up a building gets you plenty of publicity, and it's a lot more positive if no one was killed. For example, http://en.wikipedia.org/wiki/Manchester_bombing

We had a big series of bomb threats when I was in high school. One day the principal decided to do just that--ignore it. He was fired the next day.

I'd still like to be known if there was a bomb thread in a building I was in...

When did these bomb threats happen? At the end of term or beginning? During exam week? When a famous politican is visiting?

126 is alot. I bet if you were to investigate the timing of these threats you might find some interesting correlations...

The bomb threats began to really start picking up this month, but started after spring break. I also just got the notification of two more bomb threats made.

Here is a spread sheet about the bomb threats (not made by me): https://docs.google.com/spreadsheet/ccc?key=0AlvhxmKEu6UpdGZ...

This is great, the spreadsheet not the bomb threats. Nicely done.

The Pitt subreddit actually informs me faster about bomb threats than the school's notification service.

Here is a blog someone started to keep track of bomb threats: http://stopthepittbombthreats.blogspot.com/

I met Jamie and some others associated with May First/People Link while volunteering to support the first US Social Forum. I was really impressed with their ideals and how they applied them to their work as technologists. I hope everything works out well for them and that this seizure brings more attention to what they are doing.

In total, over 300 email accounts, between 50-80 email lists, and several other websites have been taken off the Internet by this action.

I hope Riseup posts a list of those 300 e-mail accounts that were taken offline, so the owners know that they are now on an FBI watch list.

You’re recommending a breach of trust/privacy by making this public — obviously the right thing to do is contact them directly & privately.

Learn from the pirate bay. It's no longer a matter of protecting your business from hackers, but also from corrupt governments. When you start a business you better have contingencies in place to switch domain, server, country, etc seamlessly.

FBI actually has some good agents, but the only ones I've met were on counterterrorism, either in the us or overseas trying to find foreign links to us terrorism. I know most of the other law enforcement funding got repriorirized after 9-11, and I could imagine it is still attracting the better agents. Most of the really stupid FBI stuff originates from their bush league regional offices or is pushed by idiot US Attorneys in those places (e-gold, mmj raids, etc). The Secret Service, at least on computer crime, is far more uniformly competent.

The American version of SOPA already passed in 2008. It's called the Pro IP Act. That's how they are able to seize "local" domains like .com and .net, and I think .org, too.

I can understand the need to stop the bomb threats, but the FBI also should have respected the other users of the seized server and not removed it. And besides, nothing is stoping the person from using other anonymous email hosts.

This seizure is especially chilling because Riseup is used primarily by activists.

I agree and whom ever is doing this is motivated to keep doing it. Initially the bomb threats started in bathroom stalls and then to emails of just one bomb threat for a day. But the situation keeps escalating, today 13 bomb threats have been made.

Again? Didn't they get all their servers seized back in the late 90s early 00's too?

I want to say that they had servers seized running up to the 2004 Republican convention in Minnesota. However, I'm having a hard time finding news links about this.

I also went to check their wikipedia page to see if there was a history section, and Riseup doesn't seem to have one.

Now I'm going to go soothe my paranoia.....

If I remember correctly... it was because they were offering free hosting to political groups and someone was using it to host bomb plans without them knowing.

I'm sure the time I'm thinking of had to have been before 2004 because I remember not even having a drivers license at the time.

There are a lot of comments here, but I don't see anybody asking one particularly important question (and please forgive my ignorance of Riseup.net). Why did removing one server cause so much disruption? Do they not have back-ups? Redundant servers?

If this stuff is so gosh-darn important, I feel these users have put their faith in the wrong hosting organization...

it is an important question, but it's far away from the issue. that's why nobody is asking that, because it's not important in this specific issue.

riseup is a collective driven isp that is focused in social change activists, so they do have values and principles different than making money. the issue here is not the disrupt, it's the attack on those values.

i hope you now understand why nobody ask about that, it is important, but not the issue about this. also it's because this values people put faith in them and not in google, amazon or another money focused company, me included :)

What recourse do the people have when voter fraud occurs? How much monitoring is done through those channels?

*I know it is not a react quickly because human lives could be at stake - but considering anything tied to a presidential election could lead to a person voted to office that could jeopordize a nation.

> "In total, over 300 email accounts, between 50-80 email lists, and several other websites have been taken off the Internet by this action."

Dramatic description aside, I really hope that what they mean is - lost one copy of it, waiting for DNS change to propagate... Am I hoping for too much?

"[. . .] search warrant issued by the FBI,”

Doesn't a judge have to issue a warrant?

Pretty cheap R&D by the FBI for anonymized communications techniques.

It's not like Mixmaster (and presumably everything else running on that host) isn't FOSS. This isn't R&D; it's swatting a fly with a thermobaric device.

From a forensic evidence perspective, can an image or a drive clone suffice?

And does anyone know what was this about, e-mail threat to do ... ?

The warrant was (according to riseup) related to the recent rash of bomb threats against the University of Pittsburgh.


Or alternatively just seize the drives and let them keep a clone copy. This way they can conduct their investigation without causing so much unwarranted collateral damage.

This is a testament to why you would want to use AWS virtual instances and never have "a server" - point your domain at a new instance should one machine get ordered off by the FBI.

Good idea. "The cloud" worked real wonders for Wikileaks.

Wow, you place an awful lot of faith in amazon.

Not really actually, I just mean having a discrete server that can be "seized" is not a particularly robust solution.

... and what do you think an Amazon slice is? It sits on a physical machine that can be identified, located, and handed over by Amazon given a lawful request, all without the site operators knowing.

You think they give a fuck about the other 4 slices on your server? No. They don't. In fact it says so right in their SLA.

I used the word ROBUST

If you are trying to defy the FBI, and 100% of your site architecture resides within Amazon's infrastructure you are not robust.

Flouting law enforcement does not strike me as a good design goal. If the law wants you to stop doing something, they will make sure you stop.

Law enforcement, failed hard drive, link outage, whatever...

They are all the same == Downtime.

My point is that if you have a "server" that can be seized, you have not designed a robust system.

Imagine the FBI trying to seize Google or Amazon or Facebook (well, a lot easier in the case of facebook only because they have so few datacenters by comparison.)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact