Don' Mess with Texas, unless you are the FBI...

More on the Raid of the Core IP Networks data center Raid. Story from the Wired Blog.

I sincerely hope that the new CIO in the Obama Administration invests heavily in training. Specifically about why what the FBI did was not based on probable cause, as the judge ruled, but a legal system sponsored 'smash and grab'. A few metaphors come to mind:

Special Agent ____________, a high school buddy of yours told me you smoked marijuana in high school and kept your stash in a Box of Cheerios. We looked into it and you bought Cheerios last week. We have a warrant to seize your entire house and its contents. We just want to make sure you high school buddy was on the up and up and that you don't have a stash. There's a Motel 6 down the street you can stay at with your family - but be careful, the Latin Kings are set up in there...

I will contact my Infragard officers to volunteer to train Special Agents on the basics of the internet and data center business.

Here is the Rest of the Story...

A company whose servers were seized in a recent FBI raid on Texas data centers applied for a temporary restraining order to force the bureau to return its servers, but was denied by a U.S. district court last week.

The company, Liquid Motors, provides inventory management and marketing services to national automobile dealers, such as AutoNation. It was one of about 50 companies put out of business last week when the FBI seized the servers at Core IP Networks, one of two data centers and co-location facilities raided by the FBI's Dallas office in the last month in an investigation into VoIP fraud.

Although Liquid Motors was not a target of the investigation, the FBI took all of the company's servers and backup tapes in the raid.

"As a result, Liquid Motors, Inc. has been put out of business and is in breach of its contracts with automobile dealers throughout the country," the company wrote in its application for the restraining order (.pdf). "Those automobile dealerships ... may hold Liquid Motors responsible for all of their lost business, and may terminate their contracts with Liquid Motors, causing permanent and irreparable harm ... for which there is no adequate remedy at law."

The company noted that it maintained duplicate servers to prevent outages and housed those servers in a building "on a five power grid with a generator that can last for thirty days."
Only "a bomb to the building" or, as it happens, an FBI raid, could cause the servers to go down, the company stated.

The U.S. District Court for the Northern District of Texas denied the request (.pdf), however, after holding an ex parte discussion with FBI Special Agent Allyn Lynd, who led the raid. Lynd told the court that the owner of the co-location facility was being investigated for fraud and that even though Liquid Motors was not part of the investigation, its equipment might have been used to facilitate fraud by others.

The court found that the FBI had probable cause for seizing the equipment.

The FBI told the court it would work over the weekend to create mirror images of the data from Liquid Motors' servers and provide it to the company by Monday of this week. In order to do so, the FBI asked the company to provide the agency with blank hard drives for copying the data.
Mark Burack, executive vice president for Liquid Motors, said his company did get its data back after supplying the FBI with hard drives, but that the company had to buy all new servers to restore its business.

"We had to replace everything," he said, noting that they won't know how much the raid cost them financially for a while. He said the company has more than 750 customers who were affected by the raid, and that they're working on restoring service to those customers.
When asked if his company planned to pursue legal action further he replied, "I don't know. There are a lot of lawyers involved. We're backed by some very large investors so we just defer everything to them."

He added that he respects the job the FBI does.

"Catching bad guys is important," he said. "We support them and we know they have a tough job. And sometimes innocent people get hurt."

Scary Stuff...

The full text of this story can be viewed HERE

I have to say as a member of Infragard, a 15 year veteran of the hosting and colocation business from tech support to Security, and as an employee of a colocation company, that this is an apalling story.

I will call it now - this case will go to the Supreme Court so that there is a clear delineation between a business and it's customers and a clear message sent to federal agencies about what is and is not ok. Just because the servers in a facility were all interconnected does not mean they were all illegally operating. Interstate Highway 10 connects Florida to Texas but does that mean that Law Enforcement has jurisdiction to impound every car on the road because someone in Little Rock who used to live in Texas said that there was a light blue speeding vehicle on I-10 ?

I liken this story to an arms dealer working out of a hotel, and the FBI seizing the entire property and everything on it - from the extra towels, to the law abiding guests personal property, to the rental car companies' vehicles, because someone who got kicked out of the hotel for destroying property said there was an arms dealer in room 201. Like they would know.

Thank God they got the kids iPods and video game consoles though. I wouldn't want those playlists falling into the wrong hands or toddlers playing grand theft auto. That would be a travesty.

Here is a quick snippet:

The FBI on Tuesday defended its raids on at least two data centers in Texas, in which agents carted out equipment and disrupted service to hundreds of businesses.

The raids were part of an investigation prompted by complaints from AT&T and Verizon about unpaid bills allegedly owed by some data center customers, according to court records. One data center owner charges that the telecoms are using the FBI to collect debts that should be resolved in civil court. But on Tuesday, an FBI spokesman disputed that charge."We wouldn’t be looking at it if it was a civil matter," says Mark White, spokesman for the FBI's Dallas office. "And a judge wouldn’t sign a federal search warrant if there wasn’t probable cause to believe that a fraud took place and that the equipment we asked to seize had evidence pertaining to the criminal violation."

According to the owner of one co-location facility, Crydon Technology, which was raided on March 12, FBI agents seized about 220 servers belonging to him and his customers, as well as routers, switches, cabinets for storing servers and even power strips.

Authorities also raided his home, where they seized eight iPods, some belonging to his three children, five XBoxes, a PlayStation3 system and a Wii gaming console, among other equipment. Agents also seized about $200,000 from the owner's business accounts, $1,000 from his teenage daughter's account and more than $10,000 in a personal bank account belonging to the elderly mother of his former comptroller.

Mike Faulkner, owner of Crydon, says the seizure has resulted in him losing millions of dollars in revenue. It's also put many of his customers out of business or at risk of closure.

The raids are the result of complaints filed by AT&T and Verizon about small VoIP service providers whom the telecoms say owe them money for connectivity services. But instead of focusing the raid on those companies, Faulkner and others say the FBI vacuumed up equipment and data belonging to hundreds of unrelated businesses.

What ever happened to Sky Marshalls?

I was in JFK yesterday and I was the number 2 person on the plane and it made me think back to when Sky Marshalls were #1 or #2. I havent seen one in a while.

Before someone writes the comment 'Thats the point' they were not too hard to spot - short cut hair, intimidating, trying to look like a regular passenger, always first or second on the plane, and they never sat in exit rows or 1st class.

Do I see a VH1 'Where are they now' segment?

Or a Government version of 'Where are they now?' on C-span? There's an idea to liven up C-Span - a reality show besides watching politiciand filibuster, or watching Pelosi whine about needing a bigger plane.

Facebook or Facebalk?

I have not had the time to comment on the absurdity of the Facebook 'We own your ass even if it's not yours and will do what we want with it when we see fit' privacy policy. I was also a bit disappointed that by the time I was able to comment the overwhelming voice of the users won out and relieved Facebook came to their senses.

Having been a member of the IAPP (International Association of Privacy Professionals) and seeing the balancing act that companies go through to write a solid one, I can't help but wonder if Facebook will get a free membership out of this so that they can figure it out.

It was also interesting that no one freaked out when AOL and Yahoo changed their privacy policies - although their changes had a lot less potential harm embedded - and I have to wonder why Facebook and not AOL or Yahoo?

Better designed offering?
More Users?
Different demographics?
The ability to instantly share your views with friends of friend's friends
The absurdity of it?

I hope my old friends at the Berkman Center at Harvard Law School keep on teaching law students about this kind of stuff so that students of theirs never write drivel like that policy again.

Well Coordinated ATM hack nets $9M

My Source

Hackers orchestrated a highly coordinated, global attack on ATM cards involving the theft of a staggering $9 million from bank customers — and they could strike again, according to an investigation by FOX 5 TV in New York.

Customers' personal information might also have been compromised in what federal agents are calling one of the most well-coordinated such schemes they've seen, MyFOXNY.com reported.

The FBI uncovered the plot and is investigating. The hackers are still at large and could orchestrate another attack.

In a matter of hours, thieves struck ATMs from 49 different cities — including New York, Atlanta, Chicago, Moscow and Montreal — just after 8 p.m. EST on Nov. 8.

Part of the heist was caught on security camera images obtained by the TV station. The photos show people known as "cashers" — low-level participants in the plot who used bogus ATM cards with stolen information — at the machines.

The scheme works as follows: Plotters hacked into a computer system for a company called RBS WorldPay, which allows employers to transfer workers' pay directly to a payroll card. The scam artists were then able to infiltrate the system and steal personal data needed to make duplicate ATM cards.

"We've seen similar attempts to defraud a bank through ATM machines but not, not anywhere near the scale we have here," FBI Agent Ross Rice told FOX 5. "We've never seen one this well coordinated."

The FBI has no suspects and has made no arrests thus far.

Peanut Butter Recall Products List

This is my first PSA of the year

The recalled peanut butter products list as of 2/2

Got love the logic bomb...

http://www.datacenterknowledge.com/archives/2009/01/30/disaster-averted-at-fannie-mae-data-center/

I caught this as I was catching up on some Tweets. Here is the link to the affadavitfrom the investigation.

A snippet from the article:

Had it not been found, the FBI says the code would have executed a series of other scripts designed to block the company’s monitoring system, disable access to the server on which it was running, then systematically wipe out all 4,000 Fannie Mae servers, overwriting all their data with zeroes. “This would also destroy the backup software of the servers making the restoration of data more difficult because new operating systems would have to be installed on all servers before any restoration could begin,” wrote (FBI agent Jessica) Nye. As a final measure, the logic bomb would have powered off the servers.


Suprising to me was that there was anyone left at Fannie Mae except disgruntled employees. Well at least employees not shacking up with Barney Frank.

What I am least surprised about is that it was an insider. Proactive monitoring, and more importantly well thought out access control policy and enforcement makes or breaks you. David Rowe and Matt Flynn at Netvision should be banging the drum loudly on this one.

Has anyone out there in the Identisphere deployed a solution whereby the access control is system centric the more critical the system is? I still see a lot of user centric stuff, but since humans are humans and you never know when someone will get disgruntled - should there be more attention paid to systems centric solutions the more valuable the asset?