Skip to content

OPLIN 4Cast #236: Security forces endanger cloud security

Posted in 4cast

A week ago on Tuesday (June 21), the FBI raided a data center in Virginia run by a Swiss hosting company, DigitalOne. The FBI was looking for evidence of international cyber crime rings that have been distributing “scareware,” a false alert that appears on people’s computers telling them their security software must be updated/repaired and then sends them to a link that loads malware on their machine. This would not have been particularly noteworthy, except that the FBI took machines containing servers for completely legitimate and legal businesses, and thus had possession of data that should be private. As a result, some people wonder about the wisdom of putting their data in the “cloud,” i.e., using servers hosted in large data centers.

  • FBI busts two scareware, fake AV gangs in global operation (eWeek/Fahmida Y. Rashid)  “The FBI seized three racks of servers from the hosting facility, causing several Websites and services, including Curbed, Eater, Instapaper and Pinboard, to go offline. ‘The global reach of the Internet makes every computer user in the world a potential victim of cyber-crime,’ said U.S. Attorney B. Todd Jones of the District of Minnesota. The FBI worked with police in Cyprus, Germany, Latvia, Ukraine, France and Romania as well as with Canada’s Mounted Police and London’s Met Police.”
  • Sites rebuild after F.B.I. raid on data center (New York Times/Verne G. Kopytoff)  “The agents, who were seeking the servers of a single client, nevertheless seized three enclosures filled with servers for ‘tens of clients,’ the company said. Sergej Ostroumow, DigitalOne’s chief executive, declined to name the client that was the target of the investigation. He said he did not know the reason for the raid. In an e-mail on Wednesday, Mr. Ostroumow said he was working to restore his company’s Web site, which was also taken offline by the raid, but added that ‘we have e-mail and the hope that we will receive all servers back very soon.'”
  • The FBI stole an Instapaper server in an unrelated raid (Instapaper Blog/Marco Arment)  “Possibly most importantly, though, the FBI is now presumably in possession of a complete copy of the Instapaper database as it stood on Tuesday morning, including the complete list of users and any non-deleted bookmarks. […] Instapaper stores only salted SHA-1 hashes of passwords, so those are relatively safe. But email addresses are stored in the clear, as is the saved content of each bookmark saved by the bookmarklet.”
  • FBI seizes servers in brute force raid (TG Daily/Trent Nouveau) “While most Americans probably don’t really care about a few downed sites, the brute force raid executed by the Feds surely doesn’t bode well for the future. One can’t help but wonder what comes next: mass Gmail seizures, Amazon cloud server confiscations, or perhaps entire data centers carted off in FBI trucks? Clearly, U.S. law enforcement officials must learn how to minimize ‘collateral damage’ to neutral civilian infrastructure during cyber-related raids.”

Bounty fact:
Microsoft has been offering a $250,000 bounty since early 2009 for information leading to the arrest and conviction of those responsible for launching the sophisticated Conflicker worm, which was apparently the delivery mechanism for this scareware.