Risk
4/20/2012
09:55 AM
50%
50%

FBI Seizes Anonymizing Email Service Server

Privacy activists criticize the FBI's anonymous remailer server takedown that resulted from a bomb threat investigation.

Did an FBI server seizure go too far? FBI agents investigating a University of Pittsburgh bomb threat Thursday seized a server, apparently because it was being used to host an anonymous remailer service that had been used to send bomb threats. But the takedown, which was backed by a search warrant, has drawn condemnation from activist groups, who have characterized the seizure as an "attack on anonymous speech."

Service provider May First/People Link said the FBI seized the server--used by European Counter Network (ECN), an Italian service provider--because it hosts an anonymous remailer service called MixMaster, which was allegedly used to send the bomb threats. The server was also used by ECN to host numerous newsletters and several websites, all of which were knocked offline after the takedown.

Members of May First/People Link, which bills itself as a cooperative, progressively run Internet service provider that counts many organizers and activists as members, told the FBI that they believed an outsider had hacked into the ECN service and used it to send the messages, the Pittsburgh Post-Gazette first reported.

But May First/People Link director Jamie McClelland told Forbes that the server, which it co-hosts with Riseup Networks, hadn't been hijacked or hacked. Rather, someone had simply used the remailer.

[ Proposed Cyber Intelligence Sharing and Protection Act is under attack from privacy groups. Is CISPA Worth Saving? ]

McClelland said that his company, as well as Riseup and ECN, have been cooperating with the bureau on the bomb threat probe since early in the week. But Wednesday, FBI agents then seized the server used by ECN from a New York City colocation facility shared by May First/People Link and Riseup.

What might be recovered from the anonymous remailer service? According to McClelland, the service involves chains of anonymizing servers, each of which removes the header information from emails to keep the sender's identity private. In addition, the underlying software maintains no logs, meaning that--by design--there was simply no relevant data to be shared with the FBI.

Riseup, which says that it "provides online communication tools for people and groups working on liberatory social change," said that no data relating to its users, keys, or certificates, were on the seized server, and that the root file system was encrypted. It strongly condemned the seizure, which it said knocked offline more than 300 email accounts, roughly 50 to 80 email lists, and several websites.

"The FBI is using a sledgehammer approach, shutting down service to hundreds of users due to the actions of one anonymous person," said Riseup spokesman Devin Theriot-Orr in a statement. "This is particularly misguided because there is unlikely to be any information on the server regarding the source of the threatening emails."

While the bomb threats have been "horribly disruptive," Theriot-Orr further emphasized to Forbes that many people have a legitimate need to communicate anonymously. "I'd much rather live in a country with anonymous speech and a small number of bomb threats than one that has no bomb threats and no anonymity," he said, characterizing the FBI's server seizure as "an attack on all forms of anonymous communications."

The FBI Wednesday also seized a personal computer, laptop, router, cellphone, and CDs from the apartment of two people in Jackson, Penn., who are under scrutiny in the investigation, reported the Pittsburgh Post-Gazette. Seamus Johnston, 22, who shares the apartment with Katherine Anne McCloskey, 56, told the newspaper that he'd been unable to see a copy of the affidavit linking them to the crime under investigation, as the court papers remain sealed.

"Until I can look at the affidavit of probable cause and see for myself what evidence they have against us, I consider what happened simply an armed break-in," he said. "I have no idea when we'll get the stuff back and no idea why they took it."

An FBI spokesman didn't immediately respond to a request for comment about the server takedown or broader investigation.

This isn't the first time that an FBI server takedown created some collateral damage, or at least inconvenience. Last year, in an apparent scareware-related investigation, the bureau seized 62 servers from a data center in Virginia, which was apparently 59 more than they were due to seize. While extra servers were returned within 24 hours, in that case, about 160 sites were temporarily knocked offline.

Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/21/2012 | 1:31:58 AM
re: FBI Seizes Anonymizing Email Service Server
"I'd much rather live in a country with anonymous speech and a small number of bomb threats than one that has no bomb threats and no anonymity,"

Uhm, excuse me, but what does making a bomb threat (or rather multiple bomb threats - some reports quote the number to be 128) have to do with "liberatory social change"? And to be quite honest, if social change is being pushed by a group that feels the need to protect those who terrorize other citizens, do we really need that kind of social change?

Freedom of Speech doesn't protect someone who yells fire in a crowded theater, why should it protect someone who is providing the facility for another party to bring terror to other people?

Andrew Hornback
InformationWeek Contributor
HornbackisCIA
50%
50%
HornbackisCIA,
User Rank: Apprentice
5/3/2012 | 12:53:41 AM
re: FBI Seizes Anonymizing Email Service Server
Actually Andrew, nobody said "liberatory social change" had anything to do with bomb threats.

Because of the nature of the servers, nobody knows who made the threats. To seize the servers is an attack on not only anonymous speech- that is essential to some social changes and liberation, but an attack on your right to be secure.

For all we know, a FBI or NSA agent made those threats, simply to justify destroying people's methods of being secure, and speaking freely and securely.

Your fourth amendment right to be SECURE from warrant-less searches and seizures guarantees that nobody is allowed to do this. It's not about privacy or anonymity, it's about security. The same security that keeps you from telling a creepy old man what school your daughter goes to and what route she takes walking home. Anyone violating your security, can be tried for treason, as they are levying war on the states. Just because they to be the only ones with this protection and dominate those who view it as their right, does not give anyone the authority to violate them.

Simply because free speech doesn't protect people yelling "fire" doesn't mean that your rights can be violated just because you're a coward, afraid somebody will get away with blowing you up. Cars and bee stings and malpractice kill hundreds of thousands more people every year, so why don't you ask the FBI to jail doctors and confiscate beehives, Andrew?
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
5/3/2012 | 5:14:58 PM
re: FBI Seizes Anonymizing Email Service Server
Riseup states that their tools (their systems) are for people working
on "liberatory social change" - however, the FBI has knowledge that
leads them to believe that these systems were being used for bomb
threats. I would think that the logical connection would be quite
obvious.

Nobody knows who made the threats? I certainly beg to differ from
your assertion there. Any traffic on a network can be tracked back to
the original source - no matter how fuzzed, obscured, mangled or
otherwise modified to hide the source of that transmission.

As far as calling this an attack on anonymous speech, I believe you
are equating the availability of a network service with speech -
speech takes on many forms, feel free to search the records of the
Supreme Court for anecdotal references. Does the neutralization of
one network service equate to the destruction of all anonymous speech?

It also seems that you are equating anonymous speech with free speech,
which I don't believe is exactly the case. Anonymous speech happens
in lots of different places, including those locations that have a
lack of the right to freedom of speech that we enjoy in the United
States. Logically, I fail to see how free = anonymous; however, I
would entertain your logical proof on the matter.

Fourth Amendment rights, now we're talking something concrete. Right
to be secure from warrant-less searches and seizures, I fully agree.
However, there are instances where people do waive those rights. If
you allow a law enforcement officer the permission to perform a search
- you waive your Fourth Amendment rights. If you have a Federal
Firearms License (FFL), you have waived your rights - the ATF is
allowed to search your premises to ensure that you are carrying out
your business in a proper and safe manner. One would say that this
has everything to do with privacy - a right to privacy that you waive
by taking an action. To that end, wouldn't making a bomb threat be
classified as taking an action? Are there not repercussions? What is
the more primary classification for the transmission of a bomb threat
- threat or free speech? Personally, and I think most would agree
with me, the primary classification would be threat and the
transmission would then be treated in a much different manner than if
it was simply a matter of speaking freely.

Anyone violating my security can be tried for treason? Really? I'd
love to see your definition for treason - here's mine, for the record,
"citizen's actions to help a foreign government overthrow, make war
against, or seriously injure the [parent nation]." Last time I
looked, that doesn't have the first word about personal freedoms or
security - other than that of a citizen taking an action. Sure, I
believe that the argument can be made that any actor (foreign,
domestic, group or individual) injure my security in the process of
committing a treasonous act, but for an act directed against me to be
considered treason, I believe I would need to hold a relatively high
elected office in this country. Smashing a whipped cream pie in the
face of the dog catcher of Pascagoula, MS won't rise to treason, but
at the same time will violate their security (on the basis of
violating their personal space).

Yelling "fire" in a crowded theater presents a situational threat to
the occupants of the theater, whether real or perceived. Crafting and
delivering a bomb threat presents a situational threat to the
occupants of whatever location is to be bombed, whether real or
perceived. There's the tape that seals this box shut - they are the
same.

Who's rights are being violated here? The users that seem to have a
legitimate use for the network service that got disrupted because of
the FBI's seizure of the servers? What right is being violated? Do
they have no other way of exercising that right than via that service?

Let me ask you this - getting blown up ruins my day, as I would
imagine it would ruin anyone's day. Now, that said, do I not have the
freedom to have an enjoyable day? After all, aren't we, as Americans,
free to enjoy life, liberty and the pursuit of happiness? If I get
blown up and I lose my life - can I still have liberty and pursue
happiness? (I'm guessing the answer hinges on your belief in the
afterlife). If I get blown up and have to go to the hospital, I still
have my life and may be able to pursue happiness (depending on how
cute the nurses are), but at that point I would have lost my liberty
(even for a short time). Again, does freedom of speech trump the
inalienable rights that Jefferson wrote about? So, at it's basest
level - this comes down to which rights trump which other rights.
Does possible preservation of life trump the right for free
(anonymous) speech in the case of a bomb threat? I believe it does.

As to your red herring fallicies at the end, why not put everyone that
makes hair dryers in prison as well? After all, don't more people die
from electrocution (having hair dryers fall into the tub) each year
than from bombs in the United States? Better yet, why not have the
Federal Government issue isolation bubbles to all Americans. That
way, there's no possibility of passing germs or disease from person to
person, etc. Yes, it's ludicrous - just as ludicrous as your
examples.

Ball's in your court...

Andrew Hornback
InformationWeek Contributor
(and no, I don't work for the CIA)
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
4/21/2012 | 11:43:00 PM
re: FBI Seizes Anonymizing Email Service Server
Andrew caught the same section which I wished to comment on, but before that I think the FBI should have provided the authorization for search and seizure to the party being searched or their legal reps.

With regard to Riseup's statement, I have found no reference in the Bill of Rights, Constitution of the USA, or anywhere guaranteeing freedom of "anonymous" speech to those without the ..lls to intelligently and respectfully express their opinion (with regard to US territories since the article references foreign entities). The tone of the exerpt sounds very familiar to the rhetoric used by anarchists (like those in Italy) where the movement is particularly vocal and has been associated to violent acts (bombings, aggressive demonstrations, etc). The only legitimate need for anonymous communications I can think of would be in regimes where freedom of speech is non existant.

In a society, individuals have a justifiable right to feel free to express their opinion to the point that expression does not intrude or oblige someone else to hold the same opinion (unless legally bound). Yelling fire causes emotional distress and could place others in physical danger, same with bomb scares (that's why it's illegal). Anonymous rants easily infringe on slander and cause damage to the honorability of the individual or institution without allowing to accused to face their accuser (in short a rather cowardly method). And I say this as a person in favor of whistle blower legislation as long as the whistleblower uses established, legal channels with the authority to investigate and deny or verify the accusations and not as an avenue for public slander. Liberatory social change comes through individuals who are not afraid to put their face to their statements and lead others with similar thoughts, not anarchists.
Bprince
50%
50%
Bprince,
User Rank: Ninja
4/22/2012 | 2:49:02 PM
re: FBI Seizes Anonymizing Email Service Server
I disagree with the previous comments somewhat. I think what the spokesperson was saying is that there is a price for free speech and anonymity on the Web, and that price is that there are always going to be some people who abuse their freedom with inappropriate behavior. I don't think the person was trying to advocate that type of behavior itself. To me, he was simply saying that he was willing to make the trade-off.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
4/22/2012 | 5:05:24 PM
re: FBI Seizes Anonymizing Email Service Server
So Riseup will have no problem providing clarity on what it considers the legitimate needs of their anonymized email communications and specifically the 50-80 mailing lists provided (clearly not for Spamming) and facts that substantiate their assertions (otherwise we may as well speak of scammers and slanderous use because there is no proof to the contrary). At least one verified use appears to have been the communication of a bomb threat (an illegitimate act in the country where the devices were found with jurisdictional responsibility).

Delinquency (whether a bomb threat designed to instill fear, bullying that leads to suicide, or simple slander for personal gain or to vendicate a perceived slight) could not flourish without the abilitating behavior that permits it. Freedom of speech on the internet does not mean it should be considered a safehaven for scammers, identity theft, phishing, etc. in an increasingly technology based world. They're saying they are willing to accept it to preserve a perceived right to conduct illegitimate acts, I'm saying the costs, a few which I've cited above, are not acceptable to hide irresponsible behavior.
ITCowboy
50%
50%
ITCowboy,
User Rank: Apprentice
5/4/2012 | 7:56:46 PM
re: FBI Seizes Anonymizing Email Service Server
I agree with some of you and would like to add comment. I am not an expert, but I do not remember anything said in any law about a right to anonymous speech. A right to Free speech? As far as I can see if you believe in something, and are not in the moral wrong or supporting danger to others, anonymous speech is unneccisary. This country cannot prosecute you for saying what you believe, even if it is against the country, they can however prosecute you for commiting, causeing, or leading others to believe that hurting or endangering other peoples lives, property, liberty or freedoms is the right thing to do.

As far as "liberatory social change", many prominent figures over the years, and thousands of not so prominent figures have spoke out, in person for these changes. Yes, some have been crucified, by government, and or the people, for their beliefs. But it was these people that started the necessary changes. When was the last time you have heard of an anonymous person causing any change. As a people we respond to a lot of things, but anonymous letters and actions only bring most of us to the conclusion that the person or people behind them are crazy, confused, afraid of what might be really behind their motives, or just plain dismissive. In this country social change is brought about by those that are willing to stand up, show the facts, and gather the support they need. An underground action usually speaks of terrorists and guerillas.

That being said, the FBI had a warrant, or other legal preceedings behind them in order to seize the equipment. That is all there is too it. A bomb threat was made, the FBI traced a clue to the equipment, put in a request to a judge somewhere, the judge considered the validity of the warrent, and the FBI seized the equipment. Does that mean the FBI will find anything? Not necessarily, but the warrant gave them the ability to seize and attempt to find more clues. What is actually in there is irrelevent. It may cause a few upsets for others that may be doing no wrong because their services were interupted for a while, but it may also stop a group of terrorists (yes terrorists, no matter if a threat or an actual bomb, the result is still intended to cause terror, the very definition of terrorist) from communicating or changing their methods, and there is a possiblity of traceing them, or making them slip up, thereby leading to their apprehension.

This country has systems in place for exactly what happened. Sure they are not always the cleanest way to get things done. Sometimes they do not always seem right. There are checks and balances. The judge that issued the warrant for search and seizure, will be held accountable for his decision, but I can tell you that likely he made the right decision for the information he had at the time. The FBI acted in accordance with rules and regulations they had to work with, and everything was done as it should have been with the information available. The bad cops, and conspiricies you see on tv, are not as prelevent as some think they are, and part of that is due to this information age. If something is wrong, it will be found out and publicized like never before in our history. Outrage would then ensue. Law enforcement agencies everywhere do what they can to stick to the letter of the law.

So to believe in anonymous speech, is to automatically add a shodow of doubt to your cause. Stand up and say it if you have something to say, it is the only way you will be listened to. The law enforment agencies of this country are required to protect you, even if your message is completely wrong or biased, from those that would do you harm. It is not treason to talk bad about the country, a government agency, even the president, it is only illegal to threaten or otherwise harm them or anyone else. If change is needed, the people will listen and force the governments hand, that as a people is what we do.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6477
Published: 2014-11-23
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4...

CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?