FBI steals Instapaper servers

Discuss

66 Responses to “FBI steals Instapaper servers”

  1. Anonymous says:

    I want to know what they are going to do if ordered to seize a cloud service? Lock down all world wide cloud data centers of that provider?

  2. Anonymous says:

    The FBI could just shut down the whole internet in the U.S., thus ridding themselves of having to deal with internet crime.

    I would then relish writing long, hand-written letters, cutting pens, ink stains and ruffled shirt cuffs, once again.

  3. jeligula says:

    What really depresses me about this is how this guy just gave up. I understand why he did, he stated it clearly enough. I had to ask myself what I would have done in his position. Probably the same thing. And that is depressing. Nothing will change if we convince ourselves that resistance is futile.

  4. ADavies says:

    Points to Instapaper for being outraged and open about this.

  5. MessengerBoy says:

    This is exactly one of the reasons the company I work for has to ask for certain features when using an ASP system. We insist that we have our own dedicated servers and environment for just this reason. Of course, there’s nothing stopping the government from seizing every server in the vendor’s building, but hopefully that is the exception and not the rule. I really don’t think there is too much that you can do except beg to have your information returned.

  6. MichaelR says:

    Fund it with http://www.kickstarter.com/ we will be there for you.

  7. Anonymous says:

    Reads like they took a blade server chassis and all the blades within it, not necessarily just arbitrarily took a rack of servers. If you’re not used to the idea of blade servers I could see it being confusing and therefore taking more servers than you were sent for.

  8. MrJM says:

    We need to do something about this problem.
    We’ve done something.
    We’ve done something about the problem.
    Repeat!

  9. JProffitt71 says:

    Jesus christ FBI you are not helping right now, go sit in a corner until we can deal with lulzsec and their wildly reckless missions, then we’ll deal with yours.

  10. Anonymous says:

    LulzSec and anons for all their happy DDoSing and SQL injections might do well in attacking such wrongful police-state actions instead. There’s more support and justification in protest against such disproportional and unjustified actions than merely vandalizing servers and messing with news media. The real oppressors are often our own police. Remember the Miami man who was harassed and arrested after filming disproportional police violence? The USA is a fucked up place to live in these days. I feel sorry for everyone state-side.

  11. dmcinnes says:

    This also affected Pinboard: http://status.pinboard.in/

  12. Anonymous says:

    Finally, note 65 gets to the heart of the matter.

    What happens as more-and-more web hosting is done through cloud platforms? If this site were at Rackspace, say, would the whole server farm be seized? And don’t these people know about copying files == how easy it is for a site to send copies of itself out somewhere?

    The scammers do. But innocent people don’t.

  13. Anonymous says:

    Luckily a bookmarking site is nothing but storage of plain text strings.

    Absolutely trivial, probably 50 character or less command to back this up, and probably takes up very little space.

    So, just restore from that very small, easily created backup. Right ?

    • Anonymous says:

      This was just a read-only mirror of the MySQL database according to Marco’s post on the subject. There was no loss of data just degraded performance.

  14. AirPillo says:

    the FBI had no way of telling the “innocent” hardware from the particular box specified in the warrant.

    Yes they did. Contact the provider, ask them to identify which hardware is used by the parties in question, and instruct the serving agents on which hardware to seize, in a way that does not cause collateral damage.

    Your arguments in this discussion thread have all been amazingly ill conceived, and over the course of the discussion they increasingly just come off as an attempt to prove that you’re the smartest person in the room.

    If you don’t respect the people you’re talking to, do everyone involved a favor and don’t speak to them at all.

  15. Ratio says:

    The FBI acted appropriately.

    Yes, it is unfortunate that other servers were seized. However, the FBI had no way of telling the “innocent” hardware from the particular box specified in the warrant. They were all in the same rack, they were physically connected to one another, and likely shared some of the same peripheral hardware.

    Had they not seized everything in the rack, a defense attorney could theoretically argue that the FBI were not sufficiently thorough in their evidence-gathering, and perhaps convince a judge to throw out the case before it even reached trial.

    Again, it’s too bad that Instapaper was caught in the crossfire, but no data was lost, and if it means that the scammers see jail time, then it’s worth it.

    • JProffitt71 says:

      Now, see, that is a failure in the judicial system, which makes this two wrongs, which as we all know does not make a right. Plus there has to be a way to identify specific boxes or DigitalOne could not have provided them with that information in the first place.

      • Anonymous says:

        But 3 do.

      • Ratio says:

        More accurately, it’s a failure of the provider, DigitalOne, for not monitoring their own servers against criminal activity.

        • JProffitt71 says:

          Enlighten me, how does your world work.

        • Anonymous says:

          Ratio wrote, “More accurately, it’s a failure of the provider, DigitalOne, for not monitoring their own servers against criminal activity.”

          You don’t really know very much about servers or running a website, do you? Because that’s an incredibly ignorant comment to make, no matter how you look at it.

        • westbywest says:

          Is there any indication that the hosting service DigitalOne, or its lessor, was negligent in their internal policing of customers? And for that matter, what constitutes negligent? Likely, the target of the raid was expending effort to conceal their actions to everyone. It looks like DigitalOne was just as much a victim of the crime and its aftermath as Instapaper.

          CALEA applies to telcos, i.e. the pipes, but so far no actual, on-the-books legislation says what companies owning servers with customers’ (aka potential criminals) data are expected to do for compliance. The FBI may have its own wishlist for how potential raid targets (aka everybody?) should act, but it doesn’t publicize it.

    • CSMcDonald says:

      No, this was not appropriate. This is an illegal seizure without a warrant.

      Would you agree with the following scenario?

      “FBI raids and confiscates all objects in every unit of an apartment building while serving warrant on one unit.”

      This is authority acting illegally and badly.

    • Anonymous says:

      Ratio wrote, “Yes, it is unfortunate that other servers were seized. However, the FBI had no way of telling the “innocent” hardware from the particular box specified in the warrant.”

      Then perhaps they should learn how to do so, no? This *IS* the FBI, they aren’t exactly penniless and they *DO* have some fairly bright people working for them (all appearances to the contrary).

      What they did is akin to seizing an entire apartment building in order to serve a warrant on one apartment. Or arresting an entire store full of people to catch one shoplifter.

    • MrJM says:

      The FBI has no way of telling “innocent” money from the the proceeds of criminal activity. They were all in the same vault, they were physically adjacent to one another, and likely shared some of the same denominations.

      Sorry about your bank account.

      • Ratio says:

        “Sorry about your bank account.”

        “FBI raids and confiscates all objects in every unit of an apartment building while serving warrant on one unit.”

        These are compelling analogies. If only their flaws weren’t so easily realized through the application of just a few moments of critical thinking.

        • Anonymous says:

          Analogies are models, models are nessirily incomplete for the intent and usefulness is not a perfect reflection but an illustration of a particular point, quickly.
          The analogy was fine, the rack was the building, the one blade an apartment.

        • Anonymous says:

          You’ll get more respect around here if you answer people’s arguments instead of talking down to us, y’know.

        • Anonymous says:

          They should have seized the entire datacenter, nay, the entire Internet. #intimidationracket

        • snakedart says:

          These are compelling analogies. If only their flaws weren’t so easily realized through the application of just a few moments of critical thinking.

          If only those flaws could be as easily laid bare through the application of just a few moments of explication by you.

          • Ratio says:

            If only those flaws could be as easily laid bare through the application of just a few moments of explication by you.

            An apartment building does not become evidentiary in its entirety when a criminal enterprise is conducted from the unit of a single tenant.

            But what if, say, every single apartment shared the same phone line? Or the same mailbox? Or what if several adjacent apartments, including the criminal’s, were connected via a hidden corridor?

            Any properly conducted investigation would encompass the adjacent units, even if they did house innocent tenants.

            This is a better analogy to what the FBI faced when they confiscated those servers. Again, it’s unfortunate, but the risk of losing evidence would be far more dire.

          • Blackbird says:

            ‘But what if, say, every single apartment shared the same phone line? Or the same mailbox? Or what if several adjacent apartments, including the criminal’s, were connected via a hidden corridor?’

            Warrants are the difference here. IANAL, and leaving aside the shared phone line that I’m not even going to take a stab at, I’ll try to address the mailbox and hidden corridors.

            Mailbox would likely then have mail from every tenant there. They STILL can ONLY open/seize the mail with the persons name on the warrant in that case. If they want more mail, they need to get another, or update the original search warrant. Just finding all the mail together (you would expect it to be separate) would still be basically illegal.

            Hidden corridors (going to other apartments) could likely be searched with no further warrant. But not the apartments connected. If ALL the apartments are owned by him/her, you ‘might’ need another warrant. If they are separately owned, then yes, you would need a warrant, unless there was another circumstance that allows for entry without warrant.

            Though, I’m pretty certain this was an illustrative analogy, not a direct one…

    • Anonymous says:

      Digtalone must have had the ability to tell what machine traffic was going to which machine for billing purposes if nothing else.

      I know the networking people at work can easily trace IP numbers and MAC addresses back to the individual port on the campus network. And this is done by the person on duty at the help desk without requiring any special permission or access beyond their day to day rights.

      I find it hard to believe that they would need to take an entire rack for inability to determine exactly what equipment generated the traffic in question.

      As far as innocents in the blast radius, exactly where do you draw that line? Likely all the equipment in the data center was physically connected together.

      Regarding the attorney, they could theoretically argue that the FBI were not sufficiently competent in their evidence-gathering, and perhaps convince a judge to throw out the case before it even reached trial.

      Even in hot pursuit, officers are expected to take consideration for the bystanders, and this certainly was not a situation demanding that level of action. This was apparently the culmination of of an investigation into the sale of fraudulent computer security software known as “scareware.”

      As for the FBI not having the Blade equipment, I’m sure that they could rent or purchase such, although I suspect their main intent is to get an image of the hard drive, which is quite likely standard equipment and done by imaging the drive directly.

    • Anonymous says:

      If you live in a neighborhood where drugs are being sold, should they arrest everyone, knowing they’ll get the dealer?
      No.
      They have to do their research. This is guilty until proven innocent.

  16. Jack says:

    So, if these services used “the cloud” to manage their services would it necessarily be better? Or just make it easier for the F.B.I. to grab some mirrored/cloud-based box in the virtual world?

  17. Cameron says:

    As a practicing sysadmin in Silicon Valley, much of this discussion has been quite painful to read. As the guy who’s actually responsible for our physical gear in the colo, allow me to speak with some authority to a few points raised.

    1) Identification of the hardware to be seized
    Anybody insisting that there was no good or accurate way to identify the specific hardware subject to seizure is very obviously clueless about Operations. There are numerous reasons why a provider MUST know who’s stuff is on what box, among them would be billing and support. You can’t bill people accurately if you don’t know what resources you’re providing them, nor can you provision their services. Imagine a car rental company not knowing what car they’d rented to a customer. Same idea here.

    2) Seizing a blade chassis is “okay”
    Yeah, no. Not at all. Blades are still individual machines. You can pull them without impacting the rest. That’s the whole POINT. If the FBI shows up with a warrant to seize DVDs of surveillance footage (what an anachronism, “footage”), they can’t go seizing a DVD player. Again, same idea here. It’s not the provider’s problem if the FBI doesn’t know what to do with the blade. Imagine if the server they seized was an old Sun box with the goofy 25-pin video adapter. Would the provider have to give up a monitor and keyboard out of their stock just so the FBI could interact with the thing? No, absolutely not.

    3) Law enforcement incompetence is acceptable
    Again, no. Street cops are (hopefully) thoroughly trained in the maintenance and proper handling of their firearms. They’re expected to have the expertise to use them properly. Likewise, forensic technicians are expected to be well-qualified to perform their work. In what way are agents on a tech raid exempt from this? Why do we suddenly say “Oh, that’s okay, they were confused by all the blinking lights.” If they don’t understand what they’re looking at, then they need to educate themselves.
    Anybody remember Ghostbusters? Peck, the EPA guy, just keeps shouting “Shut it off!” without a goddamn clue about what’s going on there. Result: All hell (almost literally) breaks loose.

    4) “The provider should’ve been policing their servers for criminal activity”
    Uh….what? As was already mentioned above, this is just a stupid thing to even try to argue. Setting aside all the myriad legal reasons you couldn’t hope to do this (you’d need a team of lawyers monitoring every box every day, all day), the basic logistics of human-to-computer ratios make this a ludicrous idea. The amount of human time it’d take to audit a server for any sort of “illicit” activity (when you don’t even know what you’re looking for!) would be huge. Multiply by the many dozens to many thousands of servers per human, and this quite obviously is insane.

    And, to make specific mention of one user:
    @Ratio, you’re pretty straight-up wrong (see above) in your arguments and analogies. Your attitude just makes your wrongness more irritating. I doubt you’d be attempting to score points in such a flawed fashion if you had any experience with this kind of work. If I’m wrong and you do have direct experience, then I stand in awe of your willful ignorance of your own profession. Your employers have my sympathy in any event. I’ll be happy engage you in discussion, but your attitude is going to require some improvement first.

    • Cameron says:

      Oh, and a cop that shows up with a warrant to seize my car doesn’t get to take my entire keychain just because he doesn’t know which key goes to my car.

  18. CSMcDonald says:

    To save the village we had to destroy the village sir!

  19. Blackbird says:

    Admittedly I don’t know a lot about this, but would it be possible to ‘freeze’ the servers, make a ‘rack copy’ take the original as evidence and then make the copy live again? Obviously still needing to take the ‘offending’ site offline, but this would solve the whole problem of evidence AND messing up a lot of other sites.

  20. Anonymous says:

    I will withhold judgment until I am sure how it sorts out in the end. I do not have the psychic predictive powers everyone else seems to have…but…on the surface? This is crap. His property should be returned with an apology. Mistakes are made of course but…they should be rectified.

  21. Anonymous says:

    I’ve only taken an intro to computer forensics class, but even in that they were adamant about evidence integrity. To me the FBI was simply keeping the evidence in the most native state possible. Possibly also punishing the hosting center for doing business with malware peddlers. But primarily for unadulterated forensics purposes, which denies the defense any chance of having it thrown out.

  22. HikingStick says:

    This crap has been going on for far too long–since the days of public BBSs. My old scout troop put up its own website in the early 1990s–they were one of the first. The service provider that hosted their site was shut down as the result of a raid, and all the subscriber domains and sites were locked up in the legal dispute. Even after 15 years, the troop was never given back its domain or access to its content (all still part of the “evidence” that was the collection of hard disks and other storage media).

    This is absolute BS. There needs to be a means whereby those affected by such seizures may appeal for the recovery of their IP in a reasonable amount of time. Talk about collateral damage. They’re trouncing on the innocent in pursuit of the malefactors. They might as well install cow-catchers on the front of police cars and let them plow through crowds of pedestrians when responding to calls. It’s the same concept–disregarding the rights and liberty of the innocent in the name of capturing the guilty.

  23. jpollock says:

    Of course, not booting the server doesn’t mean they didn’t image the drive.

  24. Anonymous says:

    I heard about this, however the story I heard (from an insider) was a bit different.

    The “Rack” was a blade center, and they removed the bladecenter, and all of its blades, which is not entirely surprising, unless you expect the FBI to have spare bladecenters fitting every potential configuration, for every vendor (obscure or otherwise) just kicking around.

    Part of the price of using proprietary blade systems I suppose.

  25. Anonymous says:

    It seems very risky to colocate a server in the United States with law enforcement able to operate indiscriminately like this. I’d almost say the FBI, with their unbounded seizure of domains and servers, is more of a disruption to the internet than LulzSec.

  26. Anonymous says:

    Ask your lawyer about filing a writ of replevin against the FBI. Looking around a bit, it still seems to be done against government agencies on occasion. (IANAL,YMMV, yadda, yadda)

    It should probably be filed in the bankruptcy court (Federal District Court) and should be served by the U.S. Marshal’s Service. (They go to the FBI and take your stuff back. See the US Marshals page on replevin: http://www.usmarshals.gov/process/replevin.htm ) Both the Federal rules of procedure and the state’s rules on replevin apply.

    Replevin is an ancient writ which is pretrial (or even no-trial in some instances). It is to recover physical property which was unlawfully distrained (“distraint” originally meant the practice of seizing property by a superior from a vassal until a duty owed was performed, its meaning expanded to mean other unlawful seizures and possessions.) A bond may be required to regain physical possession prior to judgement.

    • Nonentity says:

      “Replevin is [...] to recover physical property which was unlawfully distrained”

      The person in this article, however, did not own the physical property – he was renting hosting time from a service provider (who, in turn, may quite possibly have been renting the hardware from SoftLayer). In this kind of situation, there isn’t much the end user can do, since they usually don’t even have any real idea what kind of hardware was involved, and wouldn’t have any standing to do anything about the hardware if they did. The only thing that has actually been taken from the end user is pure data.

  27. Micklak says:

    This happened to Curbed as well. They were down for a day, sorta back up the next and down again the last couple days.

  28. Mockiavelli says:

    Without using this as an excuse to rag on the FBI, let’s solve the problem.
    Could server farms or other intangible possession educators make a class on IP and data storage for law enforcement?
    I would hope a course in handling and identifying stored information could help their cases become more defensible while reducing collateral damage like this.

    • daev says:

      I would hope a course in handling and identifying stored information could help their cases become more defensible while reducing collateral damage like this.

      I like the way you think.

  29. jacques45 says:

    If we’re playing the tortured analogy game, how’s this one?

    Alice owns a van. Every day, she drives Bob, Chuck, and Dave (none of whom own their own cars) to and from work. The cops notice Chuck is selling drugs out of the back of the van and think he may have hidden some inside the upholstery. They confiscate the van, even though it belongs to Alice (who will eventually get the van back once things are sorted out). Alice, Bob, and Dave are SOL for getting to work now.

    If it was a hypervisor, the hosting company could have 60 or more virtual machines running on a single piece of hardware. If they seize it for forensic analysis, how exactly are they supposed to separate the good customers from the malicious ones? There’s no indication either way that the hosting provider assisted or didn’t assist in identifying specifically the malicious server. The hosting company should be paying for the replacement and restoring from backup, regardless.

    More concerning is that the effa-bee-eye has all your instapaper bookmarks.

    • Morrigan says:

      “jacques45
      If we’re playing the tortured analogy game, how’s this one?

      Alice owns a van. Every day, she drives Bob, Chuck, and Dave (none of whom own their own cars) to and from work. The cops notice Chuck is selling drugs out of the back of the van and think he may have hidden some inside the upholstery. They confiscate the van, even though it belongs to Alice (who will eventually get the van back once things are sorted out). Alice, Bob, and Dave are SOL for getting to work now.”

      Good analogy except the Alice’s of your scenario have been getting their vans confiscated for decades and are almost always arrested as an accessory as well. And if Alice made the mistake of putting a Grateful Dead bumper sticker on the back of her van, the above bust would happen twice as fast.

    • Anonymous says:

      But that actually happens in real life, what you just described.

  30. Anonymous says:

    Ratio wrote, “Or what if several adjacent apartments, including the criminal’s, were connected via a hidden corridor?”

    Gee, what if they were connected by, oh, I don’t know, a corridor, let’s call it a “HALLWAY” that allowed easy access to all the apartments? Not even hidden, by golly, it’s right there in plain sight. According to you, that’s justification to seize the entire building.

  31. Gordon JC Pearce says:

    Wouldn’t it be a shame if in the course of ripping the rack apart, they crashed the building control SCADA stuff? There’s a distinct risk that they could possibly lock themselves in the rack room with the lights off, no way to open the doors from the inside or the outside, with the air conditioning running at Arctic temperatures. You’ve got to be really careful with that stuff.

  32. Anonymous says:

    Welcome to THE CLOUD!

    This is exactly the sort of thing Stallman warned people about.

  33. Anonymous says:

    the FBI had no way of knowing? Umm: they could have asked the ISP. not obvious enough, hmm?

  34. genre slur says:

    Man that sucks, in a Count-Zero-as-written-by-Douglas-Adams sort of way.

  35. Anonymous says:

    Document your pecuniary losses and file a lawsuit against the FBI, the Department of Homeland Security, and the specific officers involved if you know who they are. You can probably find a lawyer who will take the case on contingency so you don’t have to pay hourly bills. Otherwise, check with the EFF if they can help you fight this.

  36. Anonymous says:

    Fight back. Sooda bastids!!

    It becomes non-productive if you let it be. Look around, there’s lots of resources. Check out Electronic Frontier Foundation. Set up a PayPal donation link to cover legal costs.

    Fight back.

  37. MoosePower says:

    I love how boingboing runs an article aghast at illegal seizure of peoples property/data immediately after an article on lulzsec.
    As if a faceless, secretive, unidentified bunch of hackers – some of whom will probably move into the private sector when they get offered enough – are somehow more intrinsically trustworthy than a faceless, secretive, monolithic government agency. Both have great power and both are run by fallible, corruptible (if not already corrupt)humans.
    Add this to the fact that many regular articles here promote ‘copyfighting’ – which is essentially stealing peoples music/movies without the owners or creators consent… would the FBI’s actions be ok if they pinched this guys data of isohunt?
    This is a good website, but – on this particular issue – I do wonder if the people running it give a shit at all about consistency in ethical argument.
    It can’t be acceptable when private individuals do it but unacceptable when government/corporations do it. Everyone needs to be held to the same standard.

  38. Aaron says:

    Seems like the EFF will be interested in this once the search warrant is made public. If Instapaper’s property isn’t mentioned in it, then the seizure could very well have been illegal.

  39. Anonymous says:

    As I understand it, the founding principle behind the US’s legal system was that no innocent person should ever have to pay for a crime, even if that means a guilty person might sometimes go free.

    Law enforcement has strained against that principle from the very start, mostly doing its best to flip it 180 degrees – no guilty person should ever go free, even if it means that innocent people suffer.

    For a while, starting in the 1960s and 1970s, the founders’ principles seemed to be finally prevailing. But not for long. The backlash has been vicious, from unwarranted (and sometimes warrantless) beatings by police officers to the evil PATRIOT act.

    Ironically, the loudest law-n-order advocates are the ones who claim to hold the framers of our Constitution in deepest reverence.

  40. stevew says:

    Whacked Cryptome too

Leave a Reply