back to article FBI fat-thumbs data centre raid

A bungled FBI raid on a data centre has taken out an unknown number of Web sites. Apparently targeting a particular – but unnamed – customer of DigitalOne, the G-men seized three enclosures of equipment, according to the New York Times. Among the collateral damage is New York publisher the Curbed Network, and the Pinboard …

COMMENTS

This topic is closed for new posts.
  1. Ray 8
    Big Brother

    Cloud

    All hail Cloud Computing until the Feds show up and take your data

    1. Alan W. Rateliff, II
      Paris Hilton

      Not just the cloud...

      Not a bad point, though not completely relevant. This could easily happen to a hosting or co-location provider. I have my own servers sitting in a co-location facility which could be subject to an FBI raid one day due to another customer in proximity. Even though my servers are clearly marked as belonging to me, the feds may very well van them as well.

      You know, just to be thorough.

      The big question comes, can the FBI be held liable for damages as a result of taking non-involved servers offline like this? Especially if said servers are outside of the scope of the assumed warrant in-hand at the time? My guess is no, or the process would be expensive beyond the point of principle.

      And, of course the resultant trickle down affecting customers of customers of customers of customers, ad nauseum. SOMEONE is going to be nailed to the wall for this.

      Paris, nailed.

    2. Evil Auditor Silver badge
      Devil

      Re Cloud

      No, Ray 8, that was just a data centre, and not real cloud computing. Every properly prepared executive board presentation will clearly demonstrate that if you put your data in The Cloud it will be absolutely safe and neither earth quakes not nukes from orbit will be able to hamper access to your data.

    3. Anonymous Coward
      Headmaster

      What?

      You don't know what cloud computing is then?

      This was their own servers, at a colo.

    4. Sam Liddicott

      SLA?

      And that won't be covered by any SLA - or rather it will be explicitly not-covered.

    5. Francis Fish
      FAIL

      This isn't cloud computing ...

      It's bog-standard data centre computing.

      That's the problem - This would be almost impossible to do without seizing every machine in a cloud scenario.

      Do try to keep up.

    6. The BigYin

      If ones "cloud"...

      ...is in one location, then one really isn't getting the point.

  2. T J
    FAIL

    EEEEEEEEEEEEEEEEEEEE

    EEEEEEEEEEEEEEEEEDEOTZZZZZZZZZZ!!!!!!

    Oh god oh god oh god we are de-evolving, DEVO was right!!!!!

  3. Goat Jam
    Thumb Up

    Indeed

    I was going to say the same thing but you beat me to it.

    Have a thumb up instead.

  4. Anonymous Coward
    Big Brother

    New DoS ?

    Just call the FBI.

    BB, coz this world is fast becoming a Police Nation.

  5. Yet Another Anonymous coward Silver badge

    Not a cloud

    The whole point of the cloud is that when the Feds, mother nature, or the International Brotherhood of Careless JCB Drivers take out your server - another instance spins up on the other side of the world

    1. Elmer Phud Silver badge
      Boffin

      Oh yeah?

      That assumes the 'cloud' isn't being used for lowest-cost and that there will be backups everywhere. Do you honestly believe that the cloud isn't a financial model?

    2. neb

      re: International Brotherhood of Careless JCB Drivers

      the first rule of the International Brotherhood of Careless JCB Drivers is you don't talk about it!

    3. GBE

      Wots a JCB, then?

      What's a JCB? I know it's a company that makes a wide range of construction equipment. From the context in this thread and other places, and from some almost useless online dictionary results, I get the impression it connotes something a little more specfic (like what we USians would call a backhoe).

      1. Goat Jam

        I think

        they are referring to the ubiquitous backhoe initiated network outage.

  6. Head
    FAIL

    Hmmm

    brings new meaning to the term

    PWNED.

  7. Heff
    Headmaster

    bloody hell

    between this, and http://www.theregister.co.uk/2011/02/18/fed_domain_seizure_slammed/ and the 141 / Kentucky bullshit Im amazed there isnt a massive re-education program in place for the US Justice departments.

    seriously, can you imagine this sort of shit going down in a bank? "we have no idea which deposit box. Take em all" "we know the first 6 digits of the laundering account, so freeze all of them starting with that"

    someone needs to slap the fuck out of whomever approved the warrant to empty out 3 enclosures.

    Wee teacher, cos someone in the DoJ chain clearly needs a tech lesson.

    1. Flybert
      WTF?

      right on ..

      a proper warrant would have required DigitalOne to clone the *particular* customer's data and take only that *particular* customer's site(s) offline .. not necessarily in that order

      if they do not have the knowledge and skill to do that, what is the fucking point of taking a bunch of racks they probably can't fire up without DigitalOne's help ? .. DigitalOne should be the first in line to sue

      do hope they get sued for any damages, however it is very hard to sue the Feds, and harder to sue the FBI ( only if the scope of the warrant was violated ), and impossible to sue a Fed judge for damages

    2. dssf

      I wonder whether they tagged/flagged/infiltrated

      the colo/server farm site at all. Couldn't they have surreptitiously done so without tipping off the target?

      Now, the target who may have been smart enough to pay for redundant services may have had "hearbeats" or "beacons" of sorts running between the two sites so that if a take-down happened, they'd know. OTOH, if there was no heartbeat, and their criminal endeavours were disrupted, they'd know.

      Siezing 285k feet of server racks could take hundreds of techs weeks or months if they're looking for physical evidence, but, with the right cooperation from the sysadmins, might sweep all the servers' data files (contiguous and scattered) in weeks. In any case, it's going to be expensive to find whatever it is their court order specifies, and it should come out of their budget if critical services disrupted can be traced back to this scattershot takedown/confiscation. Very broad blast.

      But, I like that bank analogy:

      "seriously, can you imagine this sort of shit going down in a bank? "we have no idea which deposit box. Take em all" "we know the first 6 digits of the laundering account, so freeze all of them starting with that""

      First good chuckle of the day for me. There were other chuckles, but yours, Heff, was the best so far, hehehehe.

      But, maybe one reason they took the whole shedload was the criminals may have been dastardly and clever enough to cause dispersion of their own files so as to make taking one rack insufficient and taking them all a huge gamble and a political nightmare, as well as a CLM (career-limiting move) for all signature authorities involved.

  8. ~mico
    Joke

    Stability of network clouds...

    ...Depends on local political weather

  9. Anonymous Coward
    Anonymous Coward

    Offsite replication and redundency

    Useful for natural disasters and sudden cases of Fed

  10. Paul 25

    Cloud computing?

    @ray What has any of this got to do with cloud computing? This is an old school hosting company, not a cloud provider.

    If you had a well designed cloud based setup you could quickly rebuild your infrastructure at another location or even on another provider.

    I'd be impressed if even the FBI could confiscate enough of Amazons AWS infrastructure to cause them a serious problem.

    1. Alister Silver badge

      No...

      Amazon don't need the FBI's help, they can bugger the AWS up on their own.

    2. Black Betty
      FAIL

      And what happens when someone uses "The Cloud"...

      ...for illegal purposes. Already "white hats" have used rented cloud capacity to cheaply demonstrate proof of concept attacts which would otherwise be impossible or impractical with resources available to ordinary folk.

      So what happens when LulzSec, Anonymous, uses a cloud to carry out a DDoS or to brute force a password table? What happens if Pakistan or Iran is discovered using a cloud to run nuclear simulations?

      They WON'T be told that it's a commoditised service. They WON'T be told the evidence they are after is not there. They will take every machine (or at least datastore) within their reach and make whatever is outside that reach effectively inaccessible, at least from within the US.

      1. noodle heimer

        Already happened

        @BB: My favorite piece of news about the (probably pre-LulzSec) hack of Sony was that it was launched from an Amazon Cloud Services box.

        Lots of bandwidth, Amazon quite obviously has no effing idea what anyone's doing in there, their own router teams included, and who wants to be Sony had lots of permit ecs2.* rules in their firewalls - and that's assuming they bothered with firewalls on those connections at all.

        They might not have; they might have believed the bandwidth salesmen who told them MPLS=VPN.

  11. Sandy106
    Facepalm

    Meanwhile

    Congress bitches about China doing the same thing

  12. Al 4
    Unhappy

    FBI trying to kill US cloud computing centers

    Another reason why putting your data in the hands of another company is a bad idea. Wonder how many companies might bite the dust because of the FBI's inconsiderate tactics and how much US tax payers might wind up paying as the results of lawsuits by affected companies. This is a good reason for companies to consider just where they off site data to the clouds. FBI stupidity like this might just keep the US from being a major player in cloud computing. Hopefully the more details on how many companies were affect will be published when it becomes available.

    1. rototype
      Coat

      I wouldn't hold your breath...

      "Hopefully the more details on how many companies were affect will be published when it becomes available."

      If they've REALLY f**d up as we expect they have there'll be a cover-up "In the interests of National Security" (translation:- they're likely to get their asses sued off and they can't afford it) OR they'll miraculously "find" something dodgy on all of the siezed drives and lock up all of the owners. (More paperwork bu thte headlines will read "US winning the war on terror")

      Me, cynical, never.. (it's the one with the RAID 5 pockets)

  13. Anonymous Coward
    FAIL

    Perhaps they should have got better Intel (TM)...

    Perhaps they should have got better Intel (TM)...

    For instance they turn up at Amazon and they don't know which is the criminals server or its running on multiple instances - so they take the lot...

  14. Anonymous Coward
    Facepalm

    Breaking News

    "unable to determine which cloud resource was hosting the kiddie pron site and collection of Blind Faith Artwork, the FBI seized the Internet"

    ALL YOUR DATA BELONG US

  15. Anonymous Coward
    Anonymous Coward

    Typical American attitude

    Go in ... shoot first ... shoot some more ... when everybody's dead, then try and ask a few questions.

    Prats.

  16. Charles Smith

    Not really cloud but...

    The way the installation is described it is not really Cloud, but if your servers are hosted or virtually hosted at a third party data center it might be worth finding out who your "neighbours" are in the racking. Impossible I know, but it could be an embarrassing question to ask your hosting company.

    "Excuse me, but are any .xxx websites hosted in the same rack as my mega corp server?"

  17. NinjasFTW
    Unhappy

    still amazed

    I know i shouldn't be, but im still amazed that this kind of crap goes on. Peoples rights getting trampled on all in the name of terror/riaa/think of the children.

    Will this shit ever stop?!?

  18. Andy Barker

    How would this work for S3?

    I was wondering how this would work for something like S3 - being distributed and all that. I presume the FBI wanted a copy of stuff to search through, as opposed to taking a site down.

    1. John Sturdy

      an artificial distinction?

      Sure, they want to take a look at it, but if they've taken against someone to that extent, they'll be happy to cause them maximum inconvenience while doing so.

  19. Destroy All Monsters Silver badge
    Big Brother

    Out of business? Not our problem.

    You can always sign up with a new job at State.

    Mwahaha!

  20. Christoph Silver badge
    FAIL

    Machine gun your own goal

    The NYT says "the F.B.I. was actively investigating the Lulz Security group".

    So they are trying to stop the activities of a hacking group which is knocking innocent web sites off line.

    And to do this, they ... err ... whoops!

  21. Frederic Bloggs
    Thumb Down

    But they don't have to did it in such a kackhanded way

    Do they? At some point a bright spark will remember that all they have to do is tinker with CALEA et al and force the cloud to allow real time network access to whatever they want. And as we are all potential terrorists, without any court orders or indeed any other oversight.

  22. Rustybucket

    Oopsies...

    "A Smith & Wesson beats four aces".

    I don't suppose the Dibble half-inching a bunch of hardware was very high up in the planning. If it wasn't for the damage done to other users, the FBI's ultimate low-tech hack might even be funny. Part of me really hopes they're investigating a DoS attack.

    That said, I wouldn't be laughing if my site was one of those not working.

  23. Anonymous Coward
    Thumb Up

    Lulzsec is who they are after

    Maybe Its part of Lulzsec's game plan.

    They dont need to do much more than tweak the fed;s tail for them to go round trashing the net causing more damage than Lulzsec ever did,

  24. Anonymous Coward
    WTF?

    Lawsuits

    May the multi million dollar lawsuits rain down on these jack booted thugs.

    They should be made to pay so much in compensation and punitive damages that they never again dare to unlawfully seize the property of companies who aren't connected with their investigations.

  25. rurwin
    Holmes

    In your dreams

    > another instance spins up on the other side of the world

    You might hope so, and if you've paid extra then it might do so. At least the first time. After that you tend to run out of server farms.

    The current incarnation of The Cloud is more marketing hype than engineering reality.

    1. Tim

      This is absolutely true and cannot be stated enough

      For all the hype you have to remember that we are still talking about spinning magnetic disks in boxes on racks in buildings. Excepting a couple of giants, an individual "cloud provider" is achingly vulnerable today. The cloud is *not* a distributed storage/compute system, like the kind of global RAID the mainstream press imagine it to be; it is just a contract, an SLA and Someone Else's Problem.

    2. laird cummings
      Black Helicopters

      Lawsuits..?

      Oh, there may be a few. Don't expect any victories for the Little Guy, though.

      Sovereign Immunity claims by the FBI alone will tie up the case for decades, and that's assuming the Gov't doesn't win their case. Should the gov't fail in claiming Immunity, the next steps will continue at whatever glacial pace the best government lawyers can force.

      There's little point to it all, except to make oneself a big enough nuiscance that the Fibbies releaqse the hardware just to shut the owners up. Of course, the Fibbies might instead turn their magnifying glass on the plaintiffs, too...

  26. Anonymous Coward
    Joke

    So that's ...

    ... who really ran off with the UK census data.

  27. Captain TickTock
    Joke

    "A Safe Place"

    That's where Mrs TickTock put the things she can never find again!

  28. rurwin
    Alert

    Level up

    > This would be almost impossible to do without seizing every machine in a cloud scenario.

    Not at all, you simply snapshot the virtual machine and take a back-up. Or in cheaper incarnations you just snapshot the data. On the other hand, if you want to be sure to have an evidence trail, you take the entire data store and all mirrors and backups. That would be fun for the other customers.

    In a data centre you can still point to your server. In a cloud the server is meaningless, but I do not think you can point to your disk drive.

  29. Rogerborg

    Tried and tested method, chumrades.

    They had to destroy the data centre in order to save it.

  30. 4HiMarks
    Headmaster

    Where is "North Virginia"?

    Reston, Virginia is the center of the Washington, DC area "tech corridor", but there is no such state as North Virginia. The Virginia suburbs of DC are colloquially referred to as "Northern Virginia", but there is no official designation.

    1. Anonymous Coward
      Anonymous Coward

      North Virginia

      Is right next to East Virginia (see the comic strip "Shoe")

      There are plenty of server farms in northern Virginia. This story seems to be getting a lot of coverage in the Washington, DC area, it was even mentioned on the radio. The radio report mentioned unnamed "payment processors" as affected.

  31. dssf

    I wonder if this is related to the scareware crackdown

    http://www.theregister.co.uk/2011/06/23/fbi_scareware_arrests/

  32. Anonymous Coward
    Anonymous Coward

    Instapaper

    One of the servers for the popular app Instapaper was also taken by the FBI in this raid:

    This URL has more coverage:

    http://blog.instapaper.com/post/6830514157

    "In the night F.B.I. has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.”

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019