Feeds

back to article FBI fat-thumbs data centre raid

A bungled FBI raid on a data centre has taken out an unknown number of Web sites. Apparently targeting a particular – but unnamed – customer of DigitalOne, the G-men seized three enclosures of equipment, according to the New York Times. Among the collateral damage is New York publisher the Curbed Network, and the Pinboard …

COMMENTS

This topic is closed for new posts.

Page:

Big Brother

Cloud

All hail Cloud Computing until the Feds show up and take your data

42
0
Paris Hilton

Not just the cloud...

Not a bad point, though not completely relevant. This could easily happen to a hosting or co-location provider. I have my own servers sitting in a co-location facility which could be subject to an FBI raid one day due to another customer in proximity. Even though my servers are clearly marked as belonging to me, the feds may very well van them as well.

You know, just to be thorough.

The big question comes, can the FBI be held liable for damages as a result of taking non-involved servers offline like this? Especially if said servers are outside of the scope of the assumed warrant in-hand at the time? My guess is no, or the process would be expensive beyond the point of principle.

And, of course the resultant trickle down affecting customers of customers of customers of customers, ad nauseum. SOMEONE is going to be nailed to the wall for this.

Paris, nailed.

0
2
Silver badge
Devil

Re Cloud

No, Ray 8, that was just a data centre, and not real cloud computing. Every properly prepared executive board presentation will clearly demonstrate that if you put your data in The Cloud it will be absolutely safe and neither earth quakes not nukes from orbit will be able to hamper access to your data.

3
1
Headmaster

What?

You don't know what cloud computing is then?

This was their own servers, at a colo.

0
3

SLA?

And that won't be covered by any SLA - or rather it will be explicitly not-covered.

0
1
FAIL

This isn't cloud computing ...

It's bog-standard data centre computing.

That's the problem - This would be almost impossible to do without seizing every machine in a cloud scenario.

Do try to keep up.

0
6
Silver badge

If ones "cloud"...

...is in one location, then one really isn't getting the point.

0
2
T J
FAIL

EEEEEEEEEEEEEEEEEEEE

EEEEEEEEEEEEEEEEEDEOTZZZZZZZZZZ!!!!!!

Oh god oh god oh god we are de-evolving, DEVO was right!!!!!

0
3
Big Brother

New DoS ?

Just call the FBI.

BB, coz this world is fast becoming a Police Nation.

14
0
Silver badge
Thumb Up

Indeed

I was going to say the same thing but you beat me to it.

Have a thumb up instead.

2
1
Silver badge

Not a cloud

The whole point of the cloud is that when the Feds, mother nature, or the International Brotherhood of Careless JCB Drivers take out your server - another instance spins up on the other side of the world

0
2
neb

re: International Brotherhood of Careless JCB Drivers

the first rule of the International Brotherhood of Careless JCB Drivers is you don't talk about it!

0
0
Silver badge
Boffin

Oh yeah?

That assumes the 'cloud' isn't being used for lowest-cost and that there will be backups everywhere. Do you honestly believe that the cloud isn't a financial model?

2
0
GBE

Wots a JCB, then?

What's a JCB? I know it's a company that makes a wide range of construction equipment. From the context in this thread and other places, and from some almost useless online dictionary results, I get the impression it connotes something a little more specfic (like what we USians would call a backhoe).

0
0
Silver badge

I think

they are referring to the ubiquitous backhoe initiated network outage.

0
0
Headmaster

bloody hell

between this, and http://www.theregister.co.uk/2011/02/18/fed_domain_seizure_slammed/ and the 141 / Kentucky bullshit Im amazed there isnt a massive re-education program in place for the US Justice departments.

seriously, can you imagine this sort of shit going down in a bank? "we have no idea which deposit box. Take em all" "we know the first 6 digits of the laundering account, so freeze all of them starting with that"

someone needs to slap the fuck out of whomever approved the warrant to empty out 3 enclosures.

Wee teacher, cos someone in the DoJ chain clearly needs a tech lesson.

13
0
WTF?

right on ..

a proper warrant would have required DigitalOne to clone the *particular* customer's data and take only that *particular* customer's site(s) offline .. not necessarily in that order

if they do not have the knowledge and skill to do that, what is the fucking point of taking a bunch of racks they probably can't fire up without DigitalOne's help ? .. DigitalOne should be the first in line to sue

do hope they get sued for any damages, however it is very hard to sue the Feds, and harder to sue the FBI ( only if the scope of the warrant was violated ), and impossible to sue a Fed judge for damages

0
0
Bronze badge

I wonder whether they tagged/flagged/infiltrated

the colo/server farm site at all. Couldn't they have surreptitiously done so without tipping off the target?

Now, the target who may have been smart enough to pay for redundant services may have had "hearbeats" or "beacons" of sorts running between the two sites so that if a take-down happened, they'd know. OTOH, if there was no heartbeat, and their criminal endeavours were disrupted, they'd know.

Siezing 285k feet of server racks could take hundreds of techs weeks or months if they're looking for physical evidence, but, with the right cooperation from the sysadmins, might sweep all the servers' data files (contiguous and scattered) in weeks. In any case, it's going to be expensive to find whatever it is their court order specifies, and it should come out of their budget if critical services disrupted can be traced back to this scattershot takedown/confiscation. Very broad blast.

But, I like that bank analogy:

"seriously, can you imagine this sort of shit going down in a bank? "we have no idea which deposit box. Take em all" "we know the first 6 digits of the laundering account, so freeze all of them starting with that""

First good chuckle of the day for me. There were other chuckles, but yours, Heff, was the best so far, hehehehe.

But, maybe one reason they took the whole shedload was the criminals may have been dastardly and clever enough to cause dispersion of their own files so as to make taking one rack insufficient and taking them all a huge gamble and a political nightmare, as well as a CLM (career-limiting move) for all signature authorities involved.

0
0
FAIL

Hmmm

brings new meaning to the term

PWNED.

0
1
Anonymous Coward

Offsite replication and redundency

Useful for natural disasters and sudden cases of Fed

4
0

Cloud computing?

@ray What has any of this got to do with cloud computing? This is an old school hosting company, not a cloud provider.

If you had a well designed cloud based setup you could quickly rebuild your infrastructure at another location or even on another provider.

I'd be impressed if even the FBI could confiscate enough of Amazons AWS infrastructure to cause them a serious problem.

0
1
Bronze badge

No...

Amazon don't need the FBI's help, they can bugger the AWS up on their own.

2
0
FAIL

And what happens when someone uses "The Cloud"...

...for illegal purposes. Already "white hats" have used rented cloud capacity to cheaply demonstrate proof of concept attacts which would otherwise be impossible or impractical with resources available to ordinary folk.

So what happens when LulzSec, Anonymous, uses a cloud to carry out a DDoS or to brute force a password table? What happens if Pakistan or Iran is discovered using a cloud to run nuclear simulations?

They WON'T be told that it's a commoditised service. They WON'T be told the evidence they are after is not there. They will take every machine (or at least datastore) within their reach and make whatever is outside that reach effectively inaccessible, at least from within the US.

0
0

Already happened

@BB: My favorite piece of news about the (probably pre-LulzSec) hack of Sony was that it was launched from an Amazon Cloud Services box.

Lots of bandwidth, Amazon quite obviously has no effing idea what anyone's doing in there, their own router teams included, and who wants to be Sony had lots of permit ecs2.* rules in their firewalls - and that's assuming they bothered with firewalls on those connections at all.

They might not have; they might have believed the bandwidth salesmen who told them MPLS=VPN.

0
0
Joke

Stability of network clouds...

...Depends on local political weather

3
0
Facepalm

Meanwhile

Congress bitches about China doing the same thing

2
0
Unhappy

FBI trying to kill US cloud computing centers

Another reason why putting your data in the hands of another company is a bad idea. Wonder how many companies might bite the dust because of the FBI's inconsiderate tactics and how much US tax payers might wind up paying as the results of lawsuits by affected companies. This is a good reason for companies to consider just where they off site data to the clouds. FBI stupidity like this might just keep the US from being a major player in cloud computing. Hopefully the more details on how many companies were affect will be published when it becomes available.

2
0
Coat

I wouldn't hold your breath...

"Hopefully the more details on how many companies were affect will be published when it becomes available."

If they've REALLY f**d up as we expect they have there'll be a cover-up "In the interests of National Security" (translation:- they're likely to get their asses sued off and they can't afford it) OR they'll miraculously "find" something dodgy on all of the siezed drives and lock up all of the owners. (More paperwork bu thte headlines will read "US winning the war on terror")

Me, cynical, never.. (it's the one with the RAID 5 pockets)

3
0
Anonymous Coward

Typical American attitude

Go in ... shoot first ... shoot some more ... when everybody's dead, then try and ask a few questions.

Prats.

5
3

Not really cloud but...

The way the installation is described it is not really Cloud, but if your servers are hosted or virtually hosted at a third party data center it might be worth finding out who your "neighbours" are in the racking. Impossible I know, but it could be an embarrassing question to ask your hosting company.

"Excuse me, but are any .xxx websites hosted in the same rack as my mega corp server?"

0
0
Facepalm

Breaking News

"unable to determine which cloud resource was hosting the kiddie pron site and collection of Blind Faith Artwork, the FBI seized the Internet"

ALL YOUR DATA BELONG US

3
0
FAIL

Perhaps they should have got better Intel (TM)...

Perhaps they should have got better Intel (TM)...

For instance they turn up at Amazon and they don't know which is the criminals server or its running on multiple instances - so they take the lot...

0
0

How would this work for S3?

I was wondering how this would work for something like S3 - being distributed and all that. I presume the FBI wanted a copy of stuff to search through, as opposed to taking a site down.

0
0

an artificial distinction?

Sure, they want to take a look at it, but if they've taken against someone to that extent, they'll be happy to cause them maximum inconvenience while doing so.

0
0
Unhappy

still amazed

I know i shouldn't be, but im still amazed that this kind of crap goes on. Peoples rights getting trampled on all in the name of terror/riaa/think of the children.

Will this shit ever stop?!?

3
0
Silver badge
FAIL

Machine gun your own goal

The NYT says "the F.B.I. was actively investigating the Lulz Security group".

So they are trying to stop the activities of a hacking group which is knocking innocent web sites off line.

And to do this, they ... err ... whoops!

4
0
Silver badge
Big Brother

Out of business? Not our problem.

You can always sign up with a new job at State.

Mwahaha!

1
0
Thumb Down

But they don't have to did it in such a kackhanded way

Do they? At some point a bright spark will remember that all they have to do is tinker with CALEA et al and force the cloud to allow real time network access to whatever they want. And as we are all potential terrorists, without any court orders or indeed any other oversight.

0
0

Oopsies...

"A Smith & Wesson beats four aces".

I don't suppose the Dibble half-inching a bunch of hardware was very high up in the planning. If it wasn't for the damage done to other users, the FBI's ultimate low-tech hack might even be funny. Part of me really hopes they're investigating a DoS attack.

That said, I wouldn't be laughing if my site was one of those not working.

0
0
Thumb Up

Lulzsec is who they are after

Maybe Its part of Lulzsec's game plan.

They dont need to do much more than tweak the fed;s tail for them to go round trashing the net causing more damage than Lulzsec ever did,

5
0
Holmes

In your dreams

> another instance spins up on the other side of the world

You might hope so, and if you've paid extra then it might do so. At least the first time. After that you tend to run out of server farms.

The current incarnation of The Cloud is more marketing hype than engineering reality.

1
0
Tim

This is absolutely true and cannot be stated enough

For all the hype you have to remember that we are still talking about spinning magnetic disks in boxes on racks in buildings. Excepting a couple of giants, an individual "cloud provider" is achingly vulnerable today. The cloud is *not* a distributed storage/compute system, like the kind of global RAID the mainstream press imagine it to be; it is just a contract, an SLA and Someone Else's Problem.

3
0
WTF?

Lawsuits

May the multi million dollar lawsuits rain down on these jack booted thugs.

They should be made to pay so much in compensation and punitive damages that they never again dare to unlawfully seize the property of companies who aren't connected with their investigations.

3
0
Black Helicopters

Lawsuits..?

Oh, there may be a few. Don't expect any victories for the Little Guy, though.

Sovereign Immunity claims by the FBI alone will tie up the case for decades, and that's assuming the Gov't doesn't win their case. Should the gov't fail in claiming Immunity, the next steps will continue at whatever glacial pace the best government lawyers can force.

There's little point to it all, except to make oneself a big enough nuiscance that the Fibbies releaqse the hardware just to shut the owners up. Of course, the Fibbies might instead turn their magnifying glass on the plaintiffs, too...

0
0
Joke

"A Safe Place"

That's where Mrs TickTock put the things she can never find again!

0
0
Joke

So that's ...

... who really ran off with the UK census data.

2
0
Alert

Level up

> This would be almost impossible to do without seizing every machine in a cloud scenario.

Not at all, you simply snapshot the virtual machine and take a back-up. Or in cheaper incarnations you just snapshot the data. On the other hand, if you want to be sure to have an evidence trail, you take the entire data store and all mirrors and backups. That would be fun for the other customers.

In a data centre you can still point to your server. In a cloud the server is meaningless, but I do not think you can point to your disk drive.

0
0

Tried and tested method, chumrades.

They had to destroy the data centre in order to save it.

0
0
Headmaster

Where is "North Virginia"?

Reston, Virginia is the center of the Washington, DC area "tech corridor", but there is no such state as North Virginia. The Virginia suburbs of DC are colloquially referred to as "Northern Virginia", but there is no official designation.

0
0
Anonymous Coward

North Virginia

Is right next to East Virginia (see the comic strip "Shoe")

There are plenty of server farms in northern Virginia. This story seems to be getting a lot of coverage in the Washington, DC area, it was even mentioned on the radio. The radio report mentioned unnamed "payment processors" as affected.

0
0

Page:

This topic is closed for new posts.