By stretch | Thursday, April 9, 2009 at 2:00 a.m. UTC
I want to preface this article by saying I've worked with FBI agents in the past, and they are certainly not dumb people. It just seems that the department in its current form shouldn't be allowed near computer systems.
Case in point: the FBI suspects a company of defrauding telecoms Verizon and AT&T, so they obtain a warrant to confiscate and examine the equipment that comprises the company's Internet-facing infrastructure. They then proceed to rip out rack upon rack of equipment belonging to dozens of completely independent, unrelated companies who are unfortunate enough to have been leasing space in the same datacenter.
Why the shotgun approach to something which would have been easily settled with a few civilized phone calls? Mark White, a spokesman for the FBI's Dallas office, explains (as quoted in this Wired article):
"My understanding is that the way these things are hooked up is that they're interconnected to each other," he says. "Company A may be involved in some criminal activity and because of the interconnectivity of all these things, the information of what company A is doing may be sitting on company B or C or D's equipment."
Clearly not an authority to be taken lightly.
At this point I don't feel as though I can share any thought which hasn't already ocurred to any legitimate IT engineer reading this article. However, I would like to emphasize that now might be a good time to update your disaster recovery plans to consider the potential misadventures of three-letter organizations.
What concerns me most about this raid is the painfully evident lack of sufficient IT training in the Bureau. Hopefully their recent recruiting initiative will bring in some fresh talent (though it would help if they paid better).
As a footnote, my favorite part of the story is that the FBI is asking for the owners of the equipment taken to contact them and identify their hardware if they want it returned. Apparently the agents didn't even know whose gear they were taking.
About the Author
Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.
Posted in News
April 9, 2009 at 12:59 p.m. UTC
What a joke. I'd like to think that the police in the UK have more of a clue, but I doubt it. Law enforcement and intelligence are mutually exclusive.
April 9, 2009 at 7:46 p.m. UTC
April 9, 2009 at 9:04 p.m. UTC
I took the FBI exam and was granted a 2nd interview I didn't take. 55k for 6 months then topping out at around 63k for a year just doesn't cut it. Hard to get tip top talent with those numbers. There's a chance someone said don't do it that way to which some SAIC said that's what we're doin. You were AF Stretch, you know rank means infallibility.
April 13, 2009 at 11:36 p.m. UTC
April 15, 2009 at 2:33 p.m. UTC
If all the servers are connected by a hub or poorly configured switch/router is there not a chance there COULD be some info on other machines? Arp poisining thingines or anything else?
April 17, 2009 at 1:45 p.m. UTC
The Swedish police did the same thing when they confiscated The Pirate Bay's servers in '06. They even got the servers of one of the anti-piracy lobby organizations who happened to have theirs in the same center.
April 18, 2009 at 9:39 p.m. UTC
Pay peanuts, get monkeys.
May 1, 2009 at 7:33 p.m. UTC
I had applied to the FBI several years ago for an IT job. I'm not sure whether it was the interview or the second exam I failed out on - the second exam entailed questions about accounting and jurisprudence, while I was able to add up various figures to account for missing sums, I couldn't quote what illegality occurred. It did make me wonder exactly what they were hoping to find in a network engineer - I doubt there are that many lawyer / network engineers, although I'm sure there are a few. Maybe they all want to work for the FBI?
May 1, 2009 at 8:39 p.m. UTC
I can remember when the Feds raided Steve Jackson Games and basically ran him out of business because they were tracing a "illegal" file that might have been hosted on a BBS hosted on some of his hardware. As I recall the judge ended up throwing the case out and chewing the Feds out for being stupid. Check it on Wikipedia
May 11, 2009 at 9:47 a.m. UTC
The real fun thing that should keep you awake at night (in the US) is that a Federal magistrate signed the warrant that authorized them to seize it all. The gatekeeper for the 4th amendment requirements of "specificity", etc, is the magistrate.