When The FBI Knocks, A First-Person Account

Ever wondered what happens when your IRC chatter draws the attention of the public servants at the FBI? dilinger writes: "I wrote up a description of what happened to me last weekend. The FBI confiscated my computers for checking out yankees.com, after it had been defaced. If this doesn't make you paranoid, nothing will. :)"

Don't confuse the FBI with lawyers/barristers

To be fair, you should have labelled the FBI lines "lawyer" or "barrister". The FBI may be intrusive and power-mad and have an over-inflated opinion of their own value to society, but at least they're not the totally amoral, logic distorting scum of the earth that roam the courtroom.

The FBI are just misguided protectors of an obsolescent social order with their backs against the wall in a desperate and impossible fight to keep up with the times. They need to be kept at arms length, but ultimately some sympathy is due to them. They think they're fighting the good fight, and it just so happens that their fight is based on false premises. Sigh.

But that contrasts markedly with the lower officers of the bar, the only human social group that institutionalizes moral bankruptcy in an official medium built on professional sophistry while having the gall to call the result justice. No punishment is bad enough for them. Douglas Adams had the right idea with his Ark 'B'.

the warrants in warrants

actually, it is not safe to rely on this.

the supreme court has ruled, for instance, that if officers have a warrant to search your house for guns and they find drugs, they can bring you up on drug charges (or vice versa).

In fact, in the Bowers case in Georgia, officers had a out of date warrant to search Bowers' house (for drugs, I think). They didn't find any drugs, but when they entered the house they found him with another man and prosecuted him on sodomy charges. Bowers appealed, trying to get the evidence thrown out; but the Supreme Court upheld the ruling.

Re:Paranoia

I think that would be very impractical. I actually did some experiments on erasing magnetic media for a science project when I was in school. I tried to see how difficult it was to shield VHS tapes from magnetic erasure. The thing I found was that it was so hard to erase a tape in the first place that there's pretty much no way you can accidentally erase those damn things. I can tell you it would take a very powerful magnetic field to erase VHS tapes from a distance, and that probably applies to most other forms of magnetic storage as well.

Here's a desciption of my little science project: At first, I figured I could take a small dime-store magnet and pass it within few inches of a VHS tape, and it would wreak total havoc. Nope. Nothing happened. There was no noticeable degradation of the video signal at all. So, I went to Radio Shack and asked for some bigger magnets. I discovered that a device existed for just what I wanted -- a high capacity bulk eraser. This was a small hand-held device that contained a monster electromagnet and was powered by plugging it directly into 120V wall socket. Apparently it didn't even bother converting the power to DC, since it had a very loud 60Hz hum when turned on. To give you an idea just how powerful this sucker was, I was able to place a set of keys on the floor, then hold the bulk eraser in the air about 6 inches above it, when I turned it on the keys would jump up and stick to the magnet (rattling very loudly with that same 60Hz hum I mentioned).

So I bought one of these erasers and took it home to try it out. The instructions said that in order to truly erase information stored on magnetic media (that is, sufficiently randomize the data so that the media became indistinguishable from blank, unrecorded media), you needed a decaying magnetic field. To produce this using the bulk eraser, one had to start with the eraser right up against the media to be erased, then while moving the eraser in circles, slowly pull back to a distance of a few feet. So I decided to try this using the videotape. When I turned on the eraser, the tape actually stuck to the damn thing, it was so powerful. Wow. What little metal there was inside the VHS tape was still enough to actually lift it off the table when it was within reach of the bulk eraser's uber-magnet. I figured the tape must have been erased instantly, so I didn't even bother with the decaying field bit -- I just turned off the eraser and popped the tape in the player expecting to see static. To my suprise, the test pattern I had recorded was virtually unscathed! There was just a little bit of signal degradation visible, and that was it!

Turns out, the instructions for the bulk eraser weren't kidding. In order to erase a VHS tape I had to very slowly pull back from the tape while moving it in circles, starting with the magnet right up against the cassette's outer shell and taking a good 30 seconds to a mintue to pull the eraser back away from it while going around in circles. Even when I did this as carefully as I could, I found that although the tape was reduced to mostly static, there was still a little bit of signal left behind on the tape -- enough, in fact, to tell what was once on it. No matter how much I tried, I was never able to completely erase a VHS tape, even with an extremely powerful electromagnet at close range. I also found that if I put the tape inside small lockbox so that I could only get within few inches of it, the eraser was pretty much useless, even when I pressed it right up against the outside of the lockbox's surface. Just a couple of inches of distance were enough to prevent erasure from one of the most powerful magnets I'd ever seen. The conclusion I reached from this project was that magnetic media is actually quite durable, and that all you need to protect it is to just keep people from getting to close to it.

If you were to install something in a doorway with the intention of erasing a computer's hard drive as it passed through, the magnets would have to be so powerful that they would yank people's keys out of their pockets. The FBI goons would probably be able to feel their firearms being tugged on, which might make them a wee bit suspicious. And even with extremely powerful magnets, you still would have a hard time creating the "decaying" field effect necessary to sufficiently randomize the data.

Now, I know what some people reading this are going to think. A VHS tape is a very different beast from one of today's high-capacity hard disks. For one thing, a hard disk has its information stored digitally, meaning it's an all-or-nothing situation. The data doesn't get degraded, it just becomes unreadable. Also, if any of the filesystem's metadata gets erased, it will also render the disk unreadable. Finally, information on hard disks is recorded at much higher density than the VHS tapes I was experimenting with, so they are much more sensitive to erasure my magnetic fields. Well, all of those points are valid, and yes, it probably would take a little less to erase a HD than a VHS tape, but even damaged or partially erased disks can be read by data recovery facitilties, which have clean room equipment and can go through and scan disks at the lowest possible level. To prevent the Feds from getting any data off your disks, you would have to make absolutely sure that the magnetic media were totally randomized, and that would take some pretty elaborate and specific conditions. I just don't think it would be practical to set up a doorway device that could erase a disk that passed through it.

One other bit of anecdotal evidence: I've got an iMac sitting on my desk at work, and it performs a monitor degaussing every time I wake up the display. The degaussing coils are so powerful they produce distortion in a 17-inch monitor sitting about two feet away. Now consider that the iMac's hard drive is inside the same case as those degaussing coils. In fact, it's just a few inches away from them. Yet it remains intact through all those magnetic disturbances.

I think a much better scheme would be to have a "kill switch" on your machine. Put a small battery-operated circuit board inside your computer that is capable of powering up the hard disk and sending it low-level format commands. Make it remote controlled. Then, using your remote control, activate it as the feds are taking your machine out the door. The hard drive would be erased by the time they got to it back to their offices.

Funny thing.

I thought a search warrant was a warrant to search a particular place for particular things.

Seraching 'a dorm room for a computer' is not good enough. Searching for 'logs indicating xxx on a computer in the dorm room' should be fine... but they should in no way be able to sieze it!

To think of one solution, I know a company in BC that was raided by the cops/fbi/irs/ and a few others in a big sting. The admins were cornered (so nobody would erase anyhting) and then, under supervision, were permitted to keep running the system, while the cops had experts take copies of relevant information.

Meanwhile, in Europe...

If you think that is bad, you should see what they are trying to sneek into the US via the "treaty provisions" backdoor - US gov interests are lobbying for europe to adopt the english RIP bill as a european measure, so they can then "reluctantly" adopt it in the US without having to worry about that bothersome constitution getting in the way;
One of the highlights of the new bill is that they can demand your encryption keys from you (on pain of 2 years emprisonment) and if you decide to mention it on your website as this guy has done? that's a five year prison sentence. Paranoia, you haven't begun to flow....
--

You have the right to remain silent

Andres Salomon is a fool for putting his explanation on the net. He should get a lawyer and SHUT HIS MOUTH.

So far, the "everything you say can and will be used againt you" has given the FBI a lot of evidence.

FBI: "Your Honor, I present the following quotes from the defendant's website into evidence. You will see that the defendant in his own words has admitted that he used the Yankee's computer in very irregular in improper ways."

*I'm simply an RPI student, admin, and programmer
(C/perl/whatever) who likes to dabble in cryptography, kernel hacking,

FBI: See, he's a hacker, by his own admission

*I know my way around

FBI: Bragging is typical for script kiddies.

*my initial reaction was "oh shit, someone's pissed about my 30 gig mp3 collection

FBI: The defendant also admits that he pirates music in large quantities.

* I then began a post-mortem inspection; I always find this to be very interesting

FBI: Get's his willies by trespassing. He's a criminal who loves crime.

*The last time I did this, I discovered the intruder had gotten in through...

FBI: The defendant did this on more than one system.

*I first checked port 21 of www.yankees.com, noticing that it was running wu-ftpd-2.6.0;

FBI: The defendant has stated exactly how he hacked the yankee website.

*So, I did a zone transfer of yankees.com (host -l
-t any yankees.com), and noticed an old.yankees.com.

FBI: The defendant admits to yet another trespass command. He is letting us see how his criminal mind works.

*I got no where with this (whether it was due to a firewall, I do not know), so I
returned to my IRC client

FBI: The defendant is describing how he dealt with an obstacle put in place by the yankee sysadmin.

*The entire thing lasted possibly five minutes,

FBI: The defendant is doing some more bragging. It is common among hackers to brag about being able to root a box quickly.

Play it safe

If anyone with a badge knocks on your door give there are only two things you should tell them.

1. Your name
2. Your lawyer's name

G. Gordon Liddy

You just need to buy a computer made by G. Gordon Liddy Systems, inc. You know, one of those 9-mm "autoloader" point-and-click devices.

;)



________________________________________

Give them the "Public Servant Questionaire" !

PUBLIC SERVANT'S QUESTIONAIRE
Public Law 93-579 states in part: "The purpose of this Act is to provide certain safeguards for an individual against invasion of personal privacy by requiring Federal agencies...to permit and individual to determine what records pertaining to him are collected, maintained, used, or disseminated by such agencies."

The following questions are based upon that act and are necessary in order that this individual may make a reasonable determination concerning divulgence of information to this agency.

1. Name of public servant...............

2. Residence......City.....State......Zip......

3. Name of department, bureau, or agency by which public servant
is employed........supervisor's name......

4. It's mailing address...........City......State....Zip......

5. Will public servant uphold the Constitution of the United States?

6. Did public servant furnish proof of identity?

7. What was the nature of proof?..............

8. Will public servant furnish a copy of the law or regulation which
authorizes this investigation?

9. Will the public servant read aloud the portion of the law authorizing
the questions he will ask?

10. Are the answers to the questions voluntary or mandatory?

11. Are the questions to be asked based upon a specific law/regulation,
or are they being used as a discovery process?

12. What other uses may be made of this information?

13. What other agencies may have access to this information?

14. What will be the effect upon me if I should choose not to answer
any part or all of these questions?

15. Name of person in government requesting that this investigation be
made...............

16. Is this investigation 'general' or is it 'special'?

17. Have you consulted, questioned, interviewed, or received information
from any third party relative to this investigation?

18. If so, the identity of such third parties..........

19. Do you reasonably anticipate either a civil or criminal action to
be initiated or pursued based upon any of the requested information?

20. Is there a file of records, information, or correspondence relating
to me being maintained by this agency? If yes, which?

21. Is this agency using any information pertaining to me which was
supplied by another agency or government source?

22. May I have a copy of that information?

23. Will the public servant guarantee that the information in these
files will not be used by any other department other than the one
by whom he is employed? If not, why not?

If any request for information relating to me is received from any
person or agency, you must advise me in writing before releasing such
information. Failure to do so may subject you to possible civil or
criminal action as provided by the act.

I swear (affirm) that the answers I have given to the foregoing
questions are complete and correct in every particular.
X ____________________________ Date: ________/_________/_____________
Witness:________________________ Witness:__________________________

Authorities for Questions:

1,2,3,4 In order to be sure you know exactly who you are giving the
information to. Residence and business addresses are needed in case you
need to serve process in a civil or criminal action upon this individual.

5 All public servants have taken a sworn oath to uphold and
defend the constitution.

6,7 This is standard procedure by government agents and officers.
See Internal Revenue Manual, MT-9900-26, Section 242.133.

8,9,10 Title 5 USC 552a, paragraph (e) (3) (A)

11 Title 5 USC 552a, paragraph (d) (5), (e) (1)

12,13 Title 5 USC 552a, paragraph (e) (3) (B), (e) (3) (C)

14 Title 5 USC 552a, paragraph (e) (3) (D)

15 Public Law 93-579 (b) (1)

16 Title 5 USC 552a, paragraph (e) (3) (A)

17,18 Title 5 USC 552a, paragraph (e) (2)

19 Title 5 USC 552a, paragraph (d) (5)

20,21 Public Law 93-579 (b) (1)

22 Title 5 USC 552a, paragraph (d) (1)

23 Title 5 USC 552a, paragraph (e) (10)

You can find more interesting information on your rights here: Frog Farm Faq [nettrash.com]

Re:I visted a crime scene yesterday...

hmm. that holds up.

hmmm. so let's see here. you found out that your neighbor's place had been broken into (legal). you removed evidence from a crime scene (illegal). you went into your neighbor's home without their permission (tresspass. illegal). and now you think you have nothing to worry about??????? If the FBI just "questions" you, you've gotten off easy.

let me tell you another story.

this guy heard that a website had been hacked on irc (legal). So, he visited the site (legal). He then proceded to check the versions of some of the services running (legal). He did a DNS lookup to see which boxes were running on the network via such sinister and ill-used binaries as nslookup and, dare i say, dig possibly? DEAR GOD!!!!!!! (btw - also legal).

at that point. the FBI felt that they had enough evidence to make this gentleman a suspect. They seized his computers (illegal). The way i see it, the only thing this guy did wrong was not making sure he had a lawyer present.


FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network

Re:You have the right to remain silent

Which is precisely why he should speak out. His explanation makes it clear that he was just passing through. Public outrage is his best hope for getting his - and our! - rights back. If he keeps quiet, he may be reducing his chance for legal trouble, but he's encouraging this behavior by the authorities in the future.

Re:The moral of your story....

Yes, well when shit happens those in power are more often on the producing end. They are *supposed* to err on the side of the rights of citizens. Saying "shit happens" is a cop out. We employ these people with our tax dollars.

Are security groups liable for its members?

I am involved in a linux security group. We are working on cracking our own boxes, to learn about security and hardening of systems.

What implications does the law have on us? Under the law, are we allowed to crack our computers? After all if we force our way into our own house, is that breaking and entering?

One important implication would be, what happens if one of our members should be suspected of cracking system(s). Do we automatically become liable in any way?

How do hacking sites handle this problem?

The moral of your story....

Assuming complete accuracy (unlikely recalling an oft told story with high emotional connotations well after the event) is that sometimes shit happens. Thats it. Its not that the cops hate you, its not that you can't trust anyone, its that sometimes something nasty happens to someone that you had the cababilty of doing, right after that someone did something expected to piss you off. And guess what, that makes you the prime suspect. Not because of persecution, or legal incompentence, or vindictiveness, just because of what happened.

From your story, it sounds like you didn't do anything wrong except try to log into the system after you had been fired (as a kid you wouldn't know better, but you probably should have asked to arrange a time to come back and transfer files with a current sys admin) but just because you didn't do anything wrong doesn't mean that there is something evil or incompentent about suspicion towards you. Sometimes shit just happens that way.

I hope that someday you will get a little perspective and be able to think about this unfortunate event maturely, but for now, your story is an example to us on the interactions between computer users and the law - just not neccassarily the example you intended.

Kahuna Burger

Re:Time to save up for a new computer

The Steve Jackson Games case isn't all happy endings...they were illegally raided by the U.S. Government in 1990, had their computer equipment confiscated, and received their equipment back in 1994. By that time the 286s that the government stole were useless. The damages? $300,000, of which $250,000 went to attorney's fees. Who really won this case, I ask?

My Scary Experience

Last year I got a phone call paired with an email saying that I needed to make an appointment to meet with the Dean of Student Affairs of my smallish liberal arts school (and yes I realize I'm an idiot for even thiking about doing CS at a liberal arts school, but its too late now.)

Anyway I figure its something to do with my grades or something and I go to his office that afternoon. I'm sitting out in the waiting room, waiting for him to get done with whatever he's doing and I picked up one of the newsweeks on the Yahoo DDoS stuff and look at how the mainstream media presents the issue to the average Joe. Then he calls me into the room and tells me that they have evidence that I launched a DoS attack on a "Canadian Website". I am completely dumbfounded. They said that they needed to find out what happened or I would have the FBI knocking on my door.

I'm not script kiddie. Never have been. I have a little bit of an interest in security, but more in the areas of detection and protection, definitely not exploitation. Anyway, they want me to sign forms permitting the school to search my computer. This really freaked me out all these stories of people's equipment being raided flashed by in my head. I almost said no so I could call my parents and a lawyer, because I didn't know if that was the best thing to do, but then I realized I didn't have anything to hide.

So we march back to my dorm room and meet up with the people from the campus Computer Center (Motto: COBOL is our friend) who are going to search my PC. Well we get to my room and they want to have a look at my computer. I opened up a terminal window and their "UNIX guy" sits down stares at the screen for a few seconds then gets back up and asks me to pull up the machines IP address. I type ifconfig and highlight the address for him. Then there's some confusion. They figure out that my rommates Pentium 133 laptop running Win95 has the source address of the attack. I find it funny that their hard evidence thats pointed to me is the source address of a computer that isn't mine and on a DoS attack where it is most likely spoofed. They then start lecturing me for running Linux on my computer. They said they don't support Linux. I said that's great, I don't need support. In fact, I am paid to be their support in the dorms.

Anyway, they confiscated my rommates' computer, who is the classic stupid user, and "searched" it. They claimed that there was a virus on it that did it. You know, those pesky Canadian Website DoSing virii.

I had a meeting with The Dean of Student Affairs later and told him that I thought it was pretty crappy that they accused me basically because they knew I was a geek. He told me "thats what I get for being on the edge of technology". Yeah, that would be a shame for me to learn at an institution of higher learning. Then again, what do I know? I'm just a college student.

Stupid kid

Let me tell you a story:

One day, as I was heading home from work, a police car whipped around my car and proceeded down the highway at great speed. I continued on my way at the speed limit. Nearing the turn-off to my neigborhood, I saw several police cars pulled off on that road, and a civilian car pulled over. Several police officers were arrayed around the civilian car, in the stance of men ready to draw down. I continued down the highway, and took a second route to my home.

A somewhat boring story, but it illustrates my point. I could have turned off on my normal street. I was committing no crime (at least that I was aware of). However, realizing that being anywhere near a crime scene is a bad idea for anybody, I exercised common sense and avoided the scene.

This idiot started doing the very things a cracker would do to a site that had been cracked. Was he breaking the law? No. Was he being smart? NO . The site didn't ask him to do this. He had no authority to do this. He fit the profile of a cracker. He was dumb.

I'd love to learn more about how to crack cell phones - I work in the cellular industry, so it is of some bearing to my job. However, because I work in the cell industry, I have all the tools to turn that knowledge into action, and I'd have a really hard time explaining why I have that gear around (they're engineering prototypes. Honest!). As a result, I don't go to the cell phone cracking sites.

I'm not saying the FBI isn't wrong here. The way our current government conducts itself is shameful. But if I poke at a lion with a short stick, the lion may have been overreacting, but I'm still going to be the one bleeding...

Warrants Have Become Routine

The FBI seems to have lost their objectivity when it comes to requesting search warrants.

They are intended to be used for INVESTIGATIVE purposes only. That's not what happened here. If the guy had logged in 20 seconds after the server was cracked, then yes, I could understand why the Feds would take a special interest in his box, however, this is like walking into a convenience store the day after it was robbed by someone of a completely different height, weight, body-type, race, etc. And getting strip searched for it.

Right now, the FBI is under an enormous amount of pressure to catch "The evil online people who will steal our credit cards or hurt our children." The old adage, "You shouldn't be worried if you've got nothing to hide." doesn't really apply anymore (as if it ever did). Search warrants have become PREVENTATIVE measures. To scare people who have shown an interest in something illegal, even if there is no evidance to suggest they have actually done something. These days if you say or do the wrong thing online, you can get raided just like that. Even if what you did was not actually illegal itself. The search warrant saves the FBI the trouble of actually investigating you and spending some of their time following the innocent until proven guilty mantra. Just knock on enough doors at 5am and you can be sure that you will find someone guilty. The innocent ones can go back to their normal lives like nothing happened (yeah, right) and the guilty ones can give agents the professional boost they need.

"Seizure" of Data Is Unnecessary

RPoet [mailto] says:

whether the FBI should actually be allowed to take his computer stuff (even his books) is a different question.

It certainly is.

IMNSHO, there is absolutely no reason why LEOs should have a warrant to seize disks, CDs, etc. when on a fishing expe... uh, investigating a crime. They can copy whatever they need to another drive. Even books could be taken to the station to scan/microfiche any marginal notes that might seem relevant, and then returned promptly to the "suspect".

This is the difference between gathering information for an investigation, and asset forfeiture (spit).

He asked for it...

So he pokes around in a crime scene before the cops get there, and leave some fingerprints. Of course he'll be a suspect.

Of course, whether the FBI should actually be allowed to take his computer stuff (even his books) is a different question.

--

Do you live in under a police state?

Alot of mention has been made on the rights we have, is the US like Nazi Germany. I personally believe we do in fact, live in a police state. To wit, ask yourself these questions:

1) Does the United States follow, in spirit and in letter, the concept of innocence until proven guilty?

No. The broad application of warrant, search and seizure laws, and the total absence of the legal premisis of "narrowly construed" has been slowly eroded away. These days, if you have been served with a warrant, and, have been questioned by the police, the usual assumption is that you are guilty.

2) Do the police actually investigate a matter without bias, and with impartiality?

No. This has always been a major problem for both local and federal authorities. When they feel they have a prime suspect, all other leads become trivial. And not worth investigating. Even if evidence of innocence of the prime suspect could be uncovered.

3) Do we live under an unspoken law of guilt by association?

Yes. Terms like "hacker" and whatnot are used to vilify and persecute people who are innocent.

4) Are there severe loopholes in laws which allow police to run rampantly over individual liberty?

Yes. Carnivore is an example of this. If the EU type ISP laws get into the act here in the US, then we are really screwed. Because, if your forced to hand over your encryption keys, you are no longer secure in your person. And any law protecting you from unreasonable search and seizure are moot.

So lets see, unchecked police and political power, guilt by association, persecution due to label, so far so good. Sounding alot like Nazi germany to me. Lets go further:

5) Are uninformed people attempting to pass laws which label people with terms like "hacker" and "hacking" and prosecute them for associations?

Yes. In fact, there are several countries attempting this. Im sure it will only be a matter of time before this mindset gets to the United States.

Gee, whats next, will someone who is a geek be forced to wear an armband in public? How about a scarlet letter?

And, now for the kicker:

6) are the minority in almost firm control, in one way or another, of the majority.

Yes. With things like the DMCA, and minorities trying to kill off things like Reverse engineering, Donna Rice trying to censor the web, you have alot of minorities, trying to subvert the majorities. All in the name of profit, morality, and narrow mindedness.

There was a time when the law was to be kept narrowly construed. In order to make sure it wasnt used as a hammer. Now, the only thing being narrowly construed is thought and reasoning ability.

I was born an american citizen. I am embarrassed to be one these days. My father was an Air Force Vet, he fought for this country, and the way of life. Before his death, he saw this police state coming about. It upset him greatly, that police got warrants, based on suspicion, and conjecture, and, went about ruining people's lives, and they dont apologize when they are wrong. Nor are they forthcoming in returning what they steal.

Its getting worse. The United States is becoming a police state, run by corporate america, and, narrow minded politicians, who care more about themselves, their wallet, and what they want. In an ironic way, we are faced with the same dilemma as the original 13 colonies.

We once again, have a situation where we have no representation. We elect people who dont listen to those who elect them. We choose the lesser of two evils. And, we have no other recourse.

I give it another 100 years tops. Before you see armed revolt. *sigh*. The great experiment is at its peak, and will start its decline. Harry Truman warned that if you want to know how to avoid decline, in the United States, keep the history of the Romans close to your heart. Nobody in government has done this. And those who do not learn history, are doomed to repeat it.

Time to save up for a new computer

The most irritating thing our friend will find out is that his computer is now evidence. He's not going to get it back any time in the near, or not so near future. See Steve Jackson Games.

Warrents are about the only thing that's actually fairly close to reality in TV crime shows. They aren't hard for the cops to get. Judges don't know any better and take the DOJ/DA's word for it as far as if it's needed.

Re:Play it safe

This doesn't actually help you if they have a search warrant. If they do, you can get your lawyer there, but there's nothing they can do beyond making sure anything taken is within the scope of the warrant.

Your advice is for when they start to QUESTION you. The only words you EVER need to remember are "I want my lawyer."

This just sickens me

I live 5 blocks from the RPI campus.

The FBI should look at some things...

#1: Look at some timestamps on log files... If what was written is true he wasn't into the webpage until after it had been posted on various news sites.

#2: The that might possibly in 3000 years turn out to be evidance and now it's the governments crap of confiscating computers is ludicrous. How could looking at a site be considered grounds for a search warrent?

Things like this are pathetic.

You're missing the impetus

You're all missing the impetus behind all this! The Yankees are a high-profile organization right? The guys who run the Yankees are VERY rich people right? So imagine this, you're the manager/owner/whatever of the Yankees, you wake up one day, roll out of your four thousand dollar bed and turn on your computer. Your homepage is Yankees.com (how cute) and you notice it's been tweaked. OR you're the webmaster @ Yankees.com and you notice upon routine checking of the site/availability/whatever that it's been tweaked... you call the owner or the owner finds it on his own. Point being, the funnelling stops here and it's now the owner who makes the call to his buddies who pull some strings in the FBI to get this stuff investigated ASAP! Not tomorrow, not after breakfast, RIGHT NOW! So they do, they expedite the warrant process and get right down to business. I mean come on people, you think every hacked page gets the FBI's attention in as little as 48/72 hours? Or that they routinely pair up a field agent with someone who actually knows computers? Whether or not this guy should or shouldn't be doing his forensic checking is a WHOLE other issue. My point (cuz I think I have one) is that the Feds treatment of this is RARE! The only time the Feds take this shit seriously is when it's high-profile (i.e. big MONEY losses or GAINED) or when there's an interpersonal tie with the feds themselves. A personal relationship with someone in the bureau. I myself have been/or are currently under their "watch" and it's ONLY because of a personal tie one person had with them directly... if not for that, nothing would ever have come of my "wrong-doing".

It goes against your instincts...

.. but when people with badges are asking you questions, your only respose should be to reply with a question or to not reply at all. This is especially true in traffic cases, as the first thing the cop will try to do is get a confession out of you - "Do you know how fast you were going?" If you say something like, "I think I was going 75 or 80", even though his radar gun said 83, he can write you down for 80 and get it to stand in court (radar tickets can be easy to beat) because that's what you said. So you've answered the Public Servant's question (who you don't even really know is a public servant, he could be an imposter - just 'cause his car has a light bar in no way means that he's valid) with the very best of intentions, hopefully making him so pleased with your obedience to his will that he'll let you off. It's never worked for me. In this case, they were out to hang, details didn't matter, they were going to take your computers, no matter what you said. The side of the road is not a courtroom, and people shouldn't treat it as such.

Kiss your computers goodbye

Kiss your computers goodbye

My roommate and I called the cops my junior year in college, when we found a guy in our suite running an ftp server with kiddie porn.

When the FBI comes to take your computer, you don't get it back. They didn't just take this kid's machine, they took my machine too - since our ethernet ran through the same hub, they were able to extend the search warrant. I got my computer back 2 years later. It's still sitting in my basement, running bsd, like it was before they took it.

Remember, you live in a free society until you don't. Due process for you is going to mean that they will duly detain your computers and schoolwork till it is useless to you.

Shame on you for being so smart.

Brought to you by:

->NEW<- Carnivore

And

Carnivore Lite for making hasty decisions based upon the flimsiest coincidences!

A Reno® product


--

When an Agent Knocks

The first thing to keep in mind when the FBI knocks on your door is that you shouldn't talk with them. Don't try and crack jokes or explain what might be going on. Don't answer their questions. Don't say anything other than you want to see a lawyer.

These guys are trained professional terrorists. They have all kinds of behavioral science training and they have experience with PsyOps, which you all should read up on.

I'm glad that this brave hacker has the balls to relate his experience. The FBI wants us to fear them. They are the bad guys, but don't think you are ever in this alone. There are many people out there who don't like the FBI.

It's also important to realize that those of us who are Americans aren't living in some enlightened democracy where the cops are just our good friends because they keep the streets "clean." No, the United States has more cops than any other country and it just completed an expensive effort to militarize the police. If any of you have paid attention to the recent anti-capitalist protests, you can see that they've taken the gloves off. I had friends who were planning for the anti-World Bank demo in Washington, DC last April. The Secret Service broke into their apartment and stole research materials.

In Philadelphia, during the anti-Republican Convention protests, the police sent undercover cops into the organizing spaces being used by activists. Some cops even helped some friends of mine build a float.

So the watchword is: be careful, but don't be afraid.

Someday we'll defeat these guys.

Re:He also portscanned yankees.com

Ok.

What about ORBS.ORG?

They scan, looking for exploitable holes in e-mail programs. And log for vulnerabilites. Post the found vulnerable systems on the internet.

Re:Time to save up for a new computer

Indeed. Getting things out of evidence is a pain and a half. Once it goes in, it rarely comes out. If you can get publicity, and maybe the EFF [eff.org] involved, you might get your personal info back.

And the SJ Games reference is here [sjgames.com] - they eventually got their equipment plus a good chunk of change back. So there is hope.

Re:Yikes

A friend of mine works in IT at a big university. The dorm IT guys not only cooperate with the cops, they will enter dorms and seize equipment THEMSELVES. This has happened a number of times when students ran, for example, a commercial porn site out of a dorm room.

The school IT guys will cooperate (bend over) for the FBI if they are smart -- you don't want to get the feds pissed at you, and what do you do when you need them? Best to maintaina good working relationship.

Besides, if the cops show up with a warrant, the school has no legal grounds to interfere. They have to show the feds to the dorm door and play along, unless they want to get in trouble for obstructing justice or something.

Let's expand on this.

The FBI managed to get a search warrant based on logs from a firewall, that showed my IP only connecting, not even logging in, hours after news of the cracking had appeared on news sites.

So essentially the FBI doesn't have a hard time getting a warrant. Does this scare anyone else concerning Carnivore? I mean, if they can get a physical search warrant this easily, what's to say it'd be more difficult to get an internet-sniff warrant?

Re:The moral of your story....

I can only hope that something like that story happens to you someday; it will knock some of the arrogance and pseudo sophistication out of you.

Maturity is not just accepting things that happen to you - it is knowing when something is malicious, and when it is not. Immature people either believe that everything is malicious - or like you - believe nothing is malicious. The 'nothing that ever happens is deliberate malice' approach is just as wrong as seeing conspiracies around every corner. You might as well fall flat on your face as to lean over too far backwards. A mature human recognizes malice when it exists.

The behavior of the police in the story was malicious. The police believed their malice was justified but their behavior was deliberate (they got a warrant) not accidental (they didn't question the wrong person - they went after the one they wanted). Keeping the equipment on the plausible lie of "its evidence" is malicious. There was no crime committed - so there is no evidence to hold.

We pay the police to be malicious toward 'criminals'. If the police decide that you are a criminal they will be malicious toward you. It is our mistaken belief that we won't ever be seen that way that gives people their sense of safety.

Newsflash! CS student possesses textbook!

They took his frickin BOOK?

I'm sorry, but his books are not evidence. The fact that he possessed such books might be, but this did not in any way require the actual siezing of the books themselves.

As a CS student the fact that he was * required * to possess the book is probably even a matter of record.

This was a pure harrassment measure, period.

As I noted in my post the other day he should have invoked his RIGHT to * shut the hell up.*

He should have called his lawyer and insisted on his right to have his lawyer present. If he didn't have a lawyer he should have picked one out of the phone book and told them " I have FBI agents in my premisises and I need a lawyer NOW."

BEFORE all this happened he should have had off site backups. One set of those backups should have been BURIED in a capsule somewhere. He should have had backups stored using stegenography in his porn and/or Mp3's. He should have burned every note that was no longer needed. He should have written 0's to his entire HD every time he did a fresh install. He should have done this every few months even if he didn't need a new install.

Once they were there he should noted to them that his monitor, speakers, keyboard, mouse, CPU, video card, etc, were NOT evidence, only his possession of such was, and they had no right to sieze them. In fact, ONLY his HD was technically evidence. If nothing else his having noted it to them could be used as evidence against THEM in a civil suit should they ignore it. He should have noted that the supreme court has extended the protection of printing presses DIRECTLY to computers that are used for printing and thus cannot be legally siezed as evidence. He should have noted that his HD contained personal corespondence totally unrelated to the crime under investigation and that they were thus under obligation to have a warrant for SPECIFIC documents to sieze, which he would then cooperate in handing over, they have no right to sieze EVERY document. He should have noted that the supreme court has ruled that EVERY person whose e-mail is compromised by siezure without a specific warrant is due a cash settlement from the government.

In point of fact, he, and his lawyer, should have actually READ the warrant and only complied with legally SPECIFIC items contained therein.

He might even have insisted on being charged. This probably wouldn't have worked in this case, but more often than not it ends the whole damn thing right there. In any case his insistence, and their refusal, would have been more evidence for his following civil action.

"Officer, if I am suspected of a crime kindly charge me with such so that I may invoke my right to a public trial by a jury of my peers in confrontation with my accusor, otherwise I'm afraid I may have to consider this an illegal fishing expedition in violation of my civil rights and take appropriate legal action."

In fact, he could have noted that even though they have a warrant the * warrant itself might not stand up to legal scrutiny.*

Again, many of these things might not have helped him at the time, but could be invaluable in a later civil suit.

Oh yeah, he should sue the bastards. We should ALL sue the bastards every chance we get, pro se if we have to, just to make them think twice about the hassle and paperwork they'll be facing if they step out of line.

Paranoia

Since I first read about it, I have wanted to install the physical security system mentioned in Cryptonomicon -- you know, the one that turns the door frame into a giant electromagnet. Sure, the "bad guys" may get your hardware, but that's about all they'll get. (And probably even less, if you can set up the magnet to pulse its field so it spikes through the electronics...)

Just out of curiosity, though, is something like this realistic? That is, would it really work the way Stephenson describes it?

At any rate, it'll have to wait until I get my own place. I think the apartment manager would get pretty pissed if I suddenly started remodeling the door to my flat.


---

URL for more information

If An Agent Knocks [harborside.com]

What worries me most about this article:

The previous day, I was doing my usual routine for a friday with no class; up at 7 AM, ...

This guy is clearly a Russian spy, no red-blooded American college student gets up at 7AM for no good reason.

I visted a crime scene yesterday...

I noticed the family's house next door had a broken window. "That's funny," I thought. So, I went over and looked in....

"Hmmm. There's a small rock, like the ones they put around their plants in their front yard. They might want to know this. I think I'll just put on in my pocket."

"Whoa. Look at the mess the robbers left. I think I'll just go straighten things up a bit. Ah, man! They took the new DVD player. I was looking forward to tonight's Halloween party. I hope they left the "Blair Witch Director's Cut" disk."

"I wonder if they got the jewlery.... Let's see, I think they kept it in that box on their dresser. Well, there's no jewels in it now. I guess I just go home."

Later that day, the cops came over to ask me some questions. "What's that in your pocket?" "How did you know the DVD player was taken?" "Can we finger-print you?"

Now I'm afraid that I may be suspected for something I didn't do. The Nerve! I was just curious and trying to help.

How false accusations ended my university career

[ This message does not state or imply an accusation of misconduct by the man dubbed 'bofh', so put those lawyers away. This is an opinion piece -- the events as I remember them. ]

Heh. I guess we all have these stories. I didn't know the whole story of what happened to me until two years later.

First, I was a student at the University of Waterloo, Canada. Very respected place, top-notch mathematics faculty that actually gives out Bachelors of Mathematics. The Computer Science Club is actually quite famous too. Anywho, U of Waterloo has a co-op program and thru co-op I got a job as a Unix Sysadmin at the Univesrity of Western Ontario, an hour's drive away. Four month contract, then back to school. I fell ill during my work term, and I had to telecommute for the last two months, but I still got stellar marks and a glowing evaluation in the end. During my time there, I spent ten minutes getting help with an SMTP server with a man reputed to be an RCMP (Americans: read FBI) toadie I'll call 'bofh' for reasons that will later become apparent.

Back at Waterloo, I was going thru a bad episode (breaking up with live-in girlfriend), and during spring break I faked a USENET posting. Not a spoof, because I wasn't pretending to be anyone, just a faked "From:" header line. I did it (in the "let's see if I can do it" fashion) by telnetting to a mail server at U of Western Ontario, faking a mail message to be sent to U Waterloo's mail-to-news gateway. The message itself was a public announcement that some newsgroups were going to be banned due to high traffic -- Waterloo had a recent big stink about newsgroups being banned because of a feminist student group complaining about objectionable content (alt.sex.fetish.lolitas somehow escaping their scrutiny). I was successful, even though I misspelled "displatch", so I went back to slouching and playing too much Xpilot.

Next morning, I get a call at home. It's bofh (I still don't know how he got my home number).

bofh: "This is bofh. Did you telnet to port 25 on machine xxxx.uwo.ca yesterday?"
me: "Uh... yes."
bofh: "You'll never touch another machine at Western again. *click*" (that's the exact quote)

Phone rings again.

Peter (of the CompSci Club): "Moses? This is Peter. The Math Department sysadmins are bloodhounding you, but Ian [a friend] found you first. Why are they tracking you down?"
So I told Peter about the mail-to-news business yesterday.
Peter: "Oh Moses, Moses, Moses. ... you got caught."

So there was the ritual dragging me out in front of an authority figure, some tounge lashing, and a formal request to have me ousted from the CompSci Club because I was their sysadmin and couldn't be trusted (that was on the record -- off the record, nobody expected me to get kicked out over something so trivial). The CompSci Club said no, the Math Department made a politically safe "no comment," and life continued.

A week later, I'm summoned before the Asst. Dean of Mathematics, whom I'll call W. Seems the U of Western is raising a big stink, and 'something' must be done. I assume he's talking about the "displatch" event. W tells me that I can't return for a second work term at Western, and my marks will be changed to a failure for the term that just went by. I protest that this isn't fair (but actually my knees were shaking like Jell-O). He says he has to think about it. I take the chance to talk to a student ombudsman, who knows about the "displatch" event and he's surprised W. is overreacting. He suggests I approach the Student Disciplinary Committee. When next I'm summoned before W, he suggests that I be failed for the upcoming term; I protest again that I shouldn't fail something that hasn't happened yet, and it will unduely affect my chances at getting a work term somewhere else. I suggest the SD Commitee should get involved, and W threatens to expell me if I talk to the SD Commitee. I break, sorry, I was really scared. I plead that he merely suspend me for the upcoming term. He says he'll think about it. A week later when I meet with him, he tells me that he's come up with a better idea: he'll suspend me for the upcoming term. Can I agree? I point out that I gave him that idea, and I agree. I'm to be taken off the list of eligiable students for job interviews.

A week later I found out I wasn't taken off the list, and I missed three interviews. I was almost punished for not showing up to these interviews, but I badgered and pushed my way thru the department (we called it "Needless Hall") until I met a director. I told him my story to date, and he laughed and agreed to sort things out. So, I was suspended, I accepted a job offer in Toronto (which was bogus, but that's another story), and didn't have enough money to return to school for years. I got a letter from my former employer at U of Western Ontario, saying he was disappointed in me for what I've done. That kinda hurt.

Now... 2 years later, I'm working at a Toronto company, and I'm recognized as that kid who was a sysadmin at the U of Western Ontario. He says he heard what happened, so I tell him my story. He's quiet for a while, and says "That's not what I heard. Everyone at UWO was told that you were using Western computers to steal credit card numbers through the Internet."

Jumping Jehosaphat. No wonder W overreacted. And this must be what bofh ment by "You'll never touch another machine at Western again." It still burns my buns to know that W was ready to expell me when he had not even circumstantial evidence, and he wouldn't tell me what I was accused of nor listen to my side of the story. I won't return to U of Waterloo until W is no longer employed there, but I will still speak highly of it as an educational institution.

It's a frame job that changed my life forever. Thank goodness I turned it into a positive change. My friends still refer to it as the "displatch" event. I'd rather not chase after bofh for justice, beacuse I'm certain he could create some evidence against me (like the firewall logs mentioned above) and the RCMP are likely to believe him because of rumoured student-expelling 'favours' he's done them in the past. Besides, I think the false 'hacker' reputation actually helped in one job interview.

Re:Time to save up for a new computer

What planet are you living on? Check out Bruce Sterling's "Hacker Crackdown". Once your suspected, you're always suspected, regardless of any inconvenient reality. It was clear, based on the letter, that there only the most tenuous circumstantial evidence to link him to the site in the first place.

I'm sure a time will come when any Internet activity other than a browser or e-mail package will be looked on as suspicious, if not criminal.

It was his OS that tipped them off

He should have known better than to be running Freeh® BSD!


--

Re:Time to save up for a new computer

They'll probably keep the computer until the statute of limitations on the crime runs out. By then it will be an antique.

Several thoughts

1. Do NOT talk to law enforcement without your lawyer present. They are not your buddies, no matter how friendly they seem. They are trained to disarm you and get you talking, and you cannot help your case by doing so without the advice of counsel.
2. If you think the requirement for a warrant is any sort of obstacle, think again. Law enforcement develops relationships with tame judges, who will issue a warrant on virtually any pretext. You might later manage to get it and the evidence it turns up suppressed, but that isn't going to stop them from coming in and taking whatever they want.
3. For any sort of controversial access (or maybe all the time, if you don't mind the small delays it causes), use a service like ZeroKnowledge Freedom [zeroknowledge.com]. It masks your identity completely, and allows email, chat, and web browsing.
4. Encrypt your entire hard drive (keep offsite backups, because you likely won't ever get the drive back if you refuse to hand over the key). You have no idea what might be lurking on there. I have an automated program that scans newsgroups for items of interest. If it accidentally downloaded kiddie porn, I might not know it until the Gestapo has my hard drive in its hands. If you ever sent a humorous email to a friend about cracking a system, or killing your girlfriend, it might end up used against you.

The author of the article is right, you can't overdo the paranoia.

Re:What to do when unk yells "Police search warran

That's why I keep my lawn seeded with Claymore Mines(tm).

Remember, if it doesn't say Claymore(tm), you're not fraggin' with the best.

----

quick reminder

port scanning, DNS lookups (whois, nslookup, etc.) are NOT illegal.

the whole point of the story is one of a very big brother-esque denial of our civil liberties. I see alot of people who know next to nothing about computers in general beyond double-clicking on IE to get an internet connection. Nevermind that they don't know how their own box works - i don't care. But they have begun to vilify those who they do not understand simply because of a few crackers.

This can be directly equated to a situation where you hear about a liquor store that got robbed so, as a curious citizen, you drive by and take a look. Being that you left some small piece of evidence that you were there at all, the FBI or whoever comes back to your house, confiscates your car and questions you. Anyone see anything wrong with this?? Anyone???

unfortunately, hackers' rights are in serious jeopardy right now. I don't see this trend stopping as more and more 'ignorant' individuals get online. they are scared of that which they do not know, and every time they hear that someone is a 'hacker' or knows what they're doing....they will instantly brand them as criminals. The only thing you can do....get a phone number of a good lawyer and make yourself comfortable here in Salem. It's gonna be a looong witch hunt.


FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network

Re:Paranoia

Wouldn't an electromagnet strong enough to wipe a disk in one not-so-near pass (i.e., walking through the doorframe) have to be so powerful, it would induce a noticeable pull on the metal of the box?

I can just picture a g-man lugging a tower case out the door, only to have it CLANG against the frame and get stuck there and they have to get crowbars to pry the thing off. You know, they just might get a little suspicious at that point...

Re:Always use encrypted filesystems!

While there are some exceptions (breathalizer and blood tests, identity information, etc., for example) the target of an investigation is under no obligation to provide _any_ information to the authorities. This means that the target is under no obligation to provide passwords, etc. Further, if faced with one of these situations you must understand that the police are going to take your equipment, disks, etc., regardless of what you do or say, so the best thing is to say _nothing_ to them. You should politely cooperate with them in loading up your equipment, request a detailed inventory of what is being taken, including a statement that all items being taken are in good operating condition and repair. You should then tell them that you will contact them with the name and telephone number of your lawyer and that all future contact should be through your lawyer. If you are a student, most universities or student governments have legal aid programs available. One other thing to be wary of: If the law enforcement people involved are federal, and you _do_ choose to talk to them (even though that is a very dumb thing to do), be sure that you tell them the _whole_ truth and don't leave out anything. If you do, there is a possibility (slight in most cases, but definitely there) that you could be charged with making a false statement to a federal officer, a felony, even if you are not otherwise guilty of any crime. Remember Henry Cisneros, who was charged with that very thing. Cops have a lot of "tricks" for obtaining information, none of them illegal. The one I like the most is not arresting someone until they get to the station house and not saying a word to them on the drive there. Usually the suspects will happily blab away simply to fill the empty air. Anything useful can be used even though the suspect has not been Merandized because the cop didn't actually ask the suspect anything.

Re:He asked for it...

Question: How does the field agent know what is evidence and what isn't? I guess you'd like to make sure that all FBI agents are also fully trained as sysadmins for every OS/Harware combo known to man.

THe feds seized the equipment because it might be evidence and they have no way to know for sure without running it through a computer forensics lab.

The real travesty will be trying to get the equipment back after he is no loger a suspect.

Re:When an Agent Knocks

When an Agent Knocks

...you do what the rest of us do. You run. You run your ass off.

-Tal

Why the hell is the FBI investigating this anyway?

What the fuck? A baseball team's WEB SITE is defaced, and my goddamn tax dollars are paying for a massive investigation to pay for it??????? You have to be kidding me!!! It's a web site, people! For a sports team! It's not the White House, for Christ's sake. Thanks, Men in Black, for eating up my taxes.

Re:Yikes!

although the fact that he first looked at it hours after the breakin tells me about how clueful the FBI is

Actually, that behaviour is valid. Many criminals are caught because they're idiots, and do idiot things like hang around the crime scene, blab to friends, etc etc. Checking your own handiwork hours after the fact is common behaviour. Go find some decent books on Criminal Psychology, and you'll find some interesting reading material.

I'm not suprised..

One day (last week) While telling some anti-pine friends how much I love pine (over email), I decided i'd telnet to the local SMTP port of my university's mail server and teach myself SMTP headers, and send them an e-mail with telnet. Well, after attempting (it would not let me relay) i recieved a nasty email from the NOC telling me to never do it again, and that i am a hacker, etc etc. Point being, I was merely attempting to teach myself SMTP headers, not trying to hack into the system but they immediately labelled me. I replied back, explained my side of the story and never heard from them again.

ZDNet got wind of this.

Now Z DNe t knows. [zdnet.com]

Cool. Spread the word. CNN?