FBI Seize Email server, then return it

Saw this in the news today. News Story - FBI Seize Server

An online company that offers encrypted re-mailers to allow users online anonymity was raided by the FBI, their server seized, when their investigation wasn't even really pointing at them to begin with.

"""I got a call from a tech who said, 'Jamie, the server isn't responding.' So he went to look for it in the rack and found that it was gone," McClelland said.
Later, Lopez and McClelland would learn that the FBI had produced a search warrant when it showed up at the XO Communications Manhattan server farm, where the MayFirst/PeopleLink server was housed, which gave agents the right to take the box. But at the time, they could only guess what happened.

___


Generally, when FBI agents seize computers as part of an investigation, they're not returned for months, or even years. But within a week, a worker in the server room noticed that the motion detector camera had been activated on April 23. When he looked at the video, the tale took an even more unusual turn.
The video shows two men in suits -- apparently FBI agents -- placing the server back in its rack. But the box isn't merely dropped off. The two appear to be plugging it in, and then watching the machine for a few minutes, perhaps looking to see if it is operating correctly."""


They go over how they clearly (and i think rightfully so) believe the FBI installed a virus or other snooping software on their server, which would compromise their service, effectively getting between the users and the re-mailers.

They also talk about how they doubt the evidence they are looking for is even on that server or that it even came from their service.

So is this how they'll undo online anonymity until they pass their SOPA's and other equally dangerous online privacy initiatives? They open an investigation, BS their way through the legal system, convince some judge to give them a warrant then march in and take servers?

The implications here are outrageous.

That's new to me.

Sure, they can get a magic document that let's them invade your property, take your property and trash everything and shoot your pets in the process.

But waltzing in and installing equipment? Totally weird. I'd rip that equipment out and go over everything else with a fine tooth comb if not completely nuke everything and start over.


Posted Via ATS Mobile: m.abovetopsecret.com

This isn't uncommon, believe it or not. I worked for a trading firm as an IT person and we had our email server and database server taken away by the FBI/SEC and we couldn't do anything about it. Ours was also gone for a week and then returned. Once the courts give an order to confiscate, nothing you can do about it. I now advise all organizations from this experience to have multiple email servers on hand in a cluster, so you don't have to worry about this.

Interesting.
But yeah. You need to have a backup server on hand or at least backups of the emails.
Which can be daunting but it's necessary in case you want to restore email service in case of a failure.

If I was that server admin I would watch the data going out to see if there was an ip or something it was pointing large amounts of data to and then block it at the firewall.

Incredible, for a company that provides this as a service for paying customers who like some measure of security, this would be disastorous, who would want to do business with a company with a potentially salted server processing their traffic.
I cannot wait for the moment when cryptographic services become so strong and simple to use the government just walks away and has to find a completely new way to breach user data, like, asking nicely to be allowed to view it.

That is outrageous.

The server they took should be isolated at once and taken apart at both hw and sw layer.

Replace it with the same type and load up userdata while you have the original one checked.

If some kind of sniffer is found either in the os or hw, you should make this public with full details.

reply to post by tpsreporter


I have a couple of links for these "remailer" sites bookmarked, one is called deadfake but Ive only ever used them as a joke on people that are unaware that these things are out there.
The reaction from a person that receives an email from themselves is hilarious.

Burn it, hit it with hammers, nuke it, but dont use it EVER again. They could have changed or even added a chip!


It occurs to me that if they went to all the trouble of putting it back then without doubt its been hacked.

I really hope CISPA doesn't make it through for this and multiple other reasons. I feel as though there's no hope for the Internet if the FBI can simply take your hardware and snoop through your information, and if that bill is passed, then they won't need a warrant to snoop at all.

reply to post by Anonymous404


Man they are monitoring everything already it's just not official yet
They do not even need humans to make their lists or points of special interest to follow up
They are looking through your walls
Listening to you snore at night ZZZZZZZZZZZZZZZZZZZZZZZZZZ
Hiding in your cupboards
Under your floors
Reading this post
HEY CIA this is for you

Maybe Iron Key needs to start making servers. A server that will self destruct if messed with would make things a bit more interesting.

I see all kinds of countermeasures to start being used becasue of this.

The fact that they stood there for several minutes after reinstalling it makes me think removing that server and burning it will do no good. They more than likely installed something on it that spread immediately. Or saved itself in multiple places on their system. Like hid in the router to reinstall itself in whatever it needs to.

You'd have to replace every single item in that network...and all at the same time to even have a chance at preventing whatever they put in there from gaining access to their system.

I've never heard of any agency like that taking the trouble to reinstall something they've taken. And the only reason there is I can think of would be to ensure that component was still used. You bring it back to me and hand it to me and I'll throw it in front of a truck.

ANy company in their right mind would realise they planted something and would shut it down as soon as they walked out before it infected all the servers. The originals would have been replaced anyway and I can't see a decent company just letting them in ??????

I would erase that hard disk reformat and overwrite every block on it and completely re-install the software with better encryption

Time to reinstall the OS or even get new servers and get bullet resistant steel doors in your server offices. I hope that the company sends out emails to everyone telling of this incident so that the people do not send out emails that would hurt themselves.

Originally posted by mikellmikell
ANy company in their right mind would realise they planted something and would shut it down as soon as they walked out before it infected all the servers. The originals would have been replaced anyway and I can't see a decent company just letting them in ??????

No one let them in. Read OP again. When they returned it they sneaked in and did it. Only way any one knew was from the monition camera. They did not plan for any one to know they had brought the old one back. That is why they plugged it up and made sure it was working. If the camera had not caught them then no one would have ever known the old server had been returned. What they did was to trade servers. They took the replacement server out that had been installed to replace the one they took and replaced it with the old one that they took in the first place. This read like a James Bond movie.

And if you go to the link in the OP and read it you will see that the server was removed with them knowing about it. It stop responding and wen they went to check on it they found it missing

Originally posted by The X
Incredible, for a company that provides this as a service for paying customers who like some measure of security, this would be disastorous, who would want to do business with a company with a potentially salted server processing their traffic.
I cannot wait for the moment when cryptographic services become so strong and simple to use the government just walks away and has to find a completely new way to breach user data, like, asking nicely to be allowed to view it.

why wait it's here now. Free.

Truecrypt.

find the idiot admin and fire his a$$ for not knowing his server was offline. sheesh.

Lmao, the video on the link is brilliant.

That's your tax dollars at work.. little kids in suits. I'm surprised the video was allowed to be shown, as it shows faces.. hrmm

reply to post by tpsreporter


Let's get one thing straight: