The Unusual FBI Raid of a Dallas Datacenter
It’s a couple days old, but still worth commenting on. Via CBS 11 News, early Thursday morning the FBI raided a Core IP, a Dallas company providing datacenter services. However, rather than target certain servers, the feds took all the computers, including machines certainly not pertaining to any investigation. According to the company’s owner, Matthew Simpson, a former customer of his is the target of investigation, but no longer does business with his company. He is understandably angry at what is going on:
Currently nearly 50 businesses are completely without access to their email and data. Citizen access to Emergency 911 services are being affected, as Core IP’s primary client base consists of telephone companies.
Rumors have been abound that the raid is linked to the leaking of the soon to be released X-Men Origins: Wolverine, but there is no evidence of this, only speculation. In any case, that leak was on bittorrent, making it unlikely that any server at the datacenter was actually hosting the file (Bittorent is decentralized P2P between many computers), though there is precedent for the authorities going after sites that link to illegal Bittorrent downloads.
But one question remains: Is there precedent for allowing the FBI carrying out entire datacenters worth of computers, thus affecting business for more than just the criminal? I would say yes.
I have heard of it happening before in hearsay, but I now have a little bit of evidence to back up these stories. News accounts here and here, albeit on charges of fraud and receiving kickbacks, both show the FBI taking out a lot of computer equipment. I think the problem before the FBI is that they don’t know exactly where the offending files and/or programs may be, so that they need to scan all the equipment for what their investigation needs.
However, like I said, those are different cases. Fraud and corruption may have incriminating evidence on multiple computers. However, assuming that the owner’s story stands up (we still don’t know all the details), one would think the FBI could pinpoint the computers where illegal activity was taking place. It certainly isn’t that hard to do traceroute, and even if the activity was happening across multiple computers (if the customer had more than one), it would be easy enough to ask where they were located.
I’m skeptical that federal investigation into computer crimes necessitates the removal of more equipment than necessary. I know it is SOP for law enforcement agencies to not comment on ongoing investigations, but the FBI in Dallas may be wise to explain why they took so much. At the very least, it would do wonders to combat the image of overstepping bounds that they have now created.
However, the details about this story are still very hazy. It is unwise for anybody reading about it to assume anything.
a traceroute would have little to nothing to do with it other than pinpoint where DNS records are pointing to. What they do not know is if the public side is on server 32, but data is linked over to server 45.
Here is a screen-shot of the site disclosing some information about the raids before it went down:
http://imagee.org/images/qgemybz4j5b9a3v4da7.png
and a copy on sribd thanks to another person saving it
http://www.scribd.com/doc/13974347/mirror-of-wwwuwwwbcom-FBI-indiscriminate-actions-in-fascist-america
He makes the case that it was the result of an informant the FBI on a wild ride, at the cost of taxpayers, and multiple legit businesses, which the informant said were fronts and did not really exist.
http://cbs11tv.com/local/Core.IP.Networks.2.975776.html
“CBS 11 News has uncovered new information about FBI raids against Dallas companies that provide web servers for dozens of businesses in North Texas and across the country.
Court documents show it’s all part of an alleged massive fraud scheme against AT&T and Verizon.
Court records show Verizon first went to the FBI this past January, alleging some North Texas web server providers were cheating them and AT&T out of millions of dollars.”
Interested: In that case, it’s still probably easier to ask the owner where the person’s computers are.
BT: I need to analyze it again, but the fact that I’m already seeing more holes than swiss cheese is not a good sign. I also note the fact that both stories by both owners sound similar in tone.
Dan: I was wondering if something like this might come up.
Here is the urban dictionary defition of the “special” agent in charge Allyn Lynd.
http://www.urbandictionary.com/define.php?term=lynd3d
He has a history for these kinds of raids. A whole swat team to take down some geek on a computer is a bit of overkill but I guess they have to justify their budget. And from what I hear this is the third of second data center he has hit in a month in Dallas. He has reportedly frozen the assest of the companies hit this way so they have no real recourse to fight such malicious abuse of power. I think Core IP must have had lawyers on retainer to just get as much out as he did.
http://www.wired.com/politics/law/news/2008/02/blind_hacker?currentPage=3
Is this one guy in the linked website uwwwb.com the real sole informant. Anyone know if he really is a druggie? Would be a lot to do on one druggies word.
Anyone have any “friends” who may have bought from him or dealt with him. A friend of mine said he used ot deal off SMU.
Sebastin, are you actually defending Lil’ Hacker? He’s not a simple geek but a criminal. I’m certainly not going to entertain mischaracterizations of people based on what you think I think of the FBI. I’m not anti-FBI, just anti abuse of power, which any agency can do.
I apologize in advance if this isn’t what you were getting at, but that’s what it seems like right now.
I am saying they are over reaching. The FBI to raid some kid or a geek at a computer desk. Do a little research. I think anyone with half a brain could do a better investigating job.
I read the whole article. It actually portrays him quite negatively so I’m not sure why you’re trying to mischaracterize him. Even his own friends say he’s doing bad stuff. And in any case, investigating cybercrime is one of the FBI’s jobs.
Cybercrime yes, but putting people lively hoods in jeporday is a misuse of power. Core IP is not the first data center this cyber team has hit. They hit the Infomart and 4360 Bryan street also. Shutting down 3 data centers. The reason you have only heard of the last one is that the FBI threatened the other DC owners and told them to not discuss the investiagtion publicly. Not that any of them had much ability to do so as the FBI froze all of their assests. How are they suppossed to make a living? How are the comapnies that used them suppossed to survive?
The other DC was hit on the same investigation. I read those reports, too. I have sympathy for those companies but service providers go down the tube all the time, for fraud or other reasons. These companies survive by moving to other providers.
By the way, you dodged my question on whether you’re defending Lil’ Hacker. Don’t think I didn’t notice.
@Michael Merritt
Not defending him just pointing out the tactics. For the lil guy it seems warranted. But the FBI has raided what I count as 4 datacenters in the Dallas area all in the same manner. They have, as far as I know, also frozen all of the owners accounts. How do they fight such actions. I use lawyers and they are not cheap.
Core IP,LLC who registered as an Competitive Local Exchange Carrier (CLEC) under the name CVC CLEC,LLC, in the state of North Dakota and Washington. The original Interconnection agreement with qwest for the state of North Dakota can be found at http://www.psc.state.nd.us/jurisdiction/orderlib/2009/09-0046/001-010.pdf.
And information of Washington CVC CLEC, LLC formation: http://utc.wa.gov/rms2.nsf/frm2005VwFilingWeb?OpenForm&vw2005L3CompName=Cvc%20Clec%2C%20Llc&NAV=9999CatL2CCatL3Cvc%20Clec%2C%20LlcCatL4
After reviewing the original CLEC agreements, one thing that immediately stuck out to me was the company’s balance sheet. Generally speaking, with CLEC applications there are several months of balance sheets, along with resumes of the owners, ect. In this case $100,000 showed up in Core IP, LLC’s accounts with no evidence as to how the money was deposited.
However, the companies CLEC application was granted and the state of Washington put its stamp of approval on the newly formed company. And if you like you can presumably purchase services on their website at http://cvctermination.com
Also, I should note Jason Trahan a reporter for Dallas News was able to obtain the original warrant filed on March 11, 2009 by FBI Special Agent Allyn Lynd. So apparently the Judge unsealed the original warrant as promised, or the reporter obtained the warrant by other means. However to protect myselft legally I have no evidence that the legal document was obtained illegally http://crimeblog.dallasnews.com/2323%20Bryan.pdf. http://crimeblog.dallasnews.com/archives/fbi/
and apply the prudence of something resembling patience
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9131247&taxonomyId=17&intsrc=kc_top