Hidden camera: FBI seizes - and then returns - anonymizing email server [VIDEO]

Filed Under: Data loss, Featured, Law & order, Malware, Privacy

While investigating bomb threats, the FBI seized the server of a group known as May First/People Link (MF/PL) which offers encrypted data services to people fighting oppressive regimes.

The agents hung onto the server for four days in early April, then snuck in and hooked the server back up without a word of explanation.

MF/PL is worried that some code, perhaps spyware, was installed to attempt to track down communications.

According to coverage from MSNBC.com, FBI agents first came knocking on the door of MF/PL on April 11.

MF/PL defines itself on its website as "a politically progressive member-run and controlled organization that redefines the concept of 'Internet Service Provider' in a collective and collaborative way."

Together with sister organization RiseUp, MF/PL offers email services, mailing list support and other web tools to help people organize. Most importantly for such people is the fact that the group guarantees anonymity, as all data is encrypted.

When FBI agents first flashed their badges and requested entry, MF/PL organizer Jamie McClelland refused, he told MSNBC.

The agents didn't force their way in or anything dramatic. They did show McClelland emails with full headers, telling him that they were related to a spate of bomb threats directed against the University of Pittsburgh in April.

No number of bomb threats is reasonable, but the volume at the University of Pittsburgh was boggling: by April 24, over 100 threats had emptied dorms and disrupted classes, according to an article in the New York Times.

A group calling itself the Threateners had claimed responsibility for dozens of threats that had been delivered by email to Pittsburgh-area news outlets since March 30, reported the New York Times.

The Threateners said in an open letter to the university's chancellor that it would stop the threats if the university withdrew a $50,000 reward for information leading to the arrest of those responsible for the threats.

But that was all to come later. As of April 11, the FBI only had email with headers that they said were related to the threats, the agents told McClelland. The agents asked if he knew anything about ECN.org, the server that appeared in the e-mail headers.

He knew nothing of the Threateners and hadn't heard of the bomb scares, he told the agents.

After the agents left, McClelland and his partner, Alfredo Lopez, set to work to determine if a member might have been hacked by this ECN.org group. They also contacted the Electronic Frontier Foundation for legal help.

A tangled web of sub-subcontracted server space began to reveal itself. ECN, it turns out, stands for the European Counter Network, an independent European ISP with a similar mission to that of MF/PL, hosting a parallel system for anonymizing users.

ECN website

ECN.org uses multiple servers to pass along messages, each of them stripping out and falsifying header information, making it near impossible to trace messages to original senders.

ECN.org had subcontracted space on RiseUp's New York server, and RiseUp had then subcontracted that space from MF/PL, according to MSNBC.

The FBI were apparently investigating the possibility that the threats were linked to ECN, and that's how they wound up at MF/PL's door.

The next day, the FBI subpoenaed information from MF/PL. The group responded to the all queries, but that apparently wasn't enough to satisfy the FBI.

On April 18, the FBI, without informing McClelland or Lopez or anybody else at MF/PL, went to the XO Communications Manhattan server farm. Armed with a warrant, the FBI walked off with the server they wanted, abruptly kicking offline hundreds of mailing lists, websites and email accounts.

The FBI kept the server for a mere four days - a blink of an eye in FBI time, given that the agency typically hangs on to confiscated technology devices for months or years.

At some point during those four days, MF/PL decided to install a surveillance camera with motion detection: a belated defense against a server being swiped from under their noses.

That camera was activated on April 23, the same day the FBI agents returned to reinstall the server on the rack, plugging it in and watching for a few minutes as if they wanted to make sure it was running correctly.

Why? Why take the server, keep it for a mere four days, and then sneak back in and hook it back up?

Lopez's theory: the FBI likely installed malware that could defeat the server's anonymizing software.

As Lopez told MSNBC, there's no way that thing's going back online at this point:

"There was not even a scintilla of expectation that this server would return to our rack. It's the most amazing thing," Lopez said. "It's possible they put device on it or a virus or Trojan of some kind."

MF/PL plans to run diagnostics on the server to see what they can find. The FBI, for its part, won't comment.

Even if MF/PL finds nothing, Lopez is furious that the government would cripple internet access for groups fighting for democratic rights as agents seek nonexistent evidence.

Here's what he told MSNBC:

"Look at the atrocity of them going in and taking a computer ... and disrupting all this information, and potentially getting all this information from hundreds of people not even accused of a crime. ... This is serious ... for people all over the world who depend on this stuff for their day to day work. To have it taken away by some other government, it's really unfair to them in every conceivable way."

But there is a silver lining. MF/PL came through, evidently, with shining colors. No user's anonymity was compromised.

Cartoon image courtesy of Shutterstock

, , , , , ,

You might like

16 Responses to Hidden camera: FBI seizes - and then returns - anonymizing email server [VIDEO]

  1. Mark · 1240 days ago

    Love the mission impossible music! :D

  2. 11th commandment : In the age of terrorism, Thou shall have NO privacy.
    Thou will hide no information from the eyes of Gov.


  3. Dr J S · 1240 days ago

    Anyone got the name/number of MIB there? He looks HOT - he can install a trojan in my back door any day :-)

    • Lisa Vaas · 1240 days ago

      Dude, how can you not recognize Jason Bourne??? oooo Matt Damon, YEAH!!!!

  4. dodo · 1240 days ago

    To plant trojans, no doubt. That server will need to be low-level formatted, and then reinstalled from sources and reconfigured.

    • Low-level formatting likely would only be partially useful; it won't do anything against hardware modifications.

      If I were them, I'd take out the storage and sell the server, or at least switch its purpose to something with no PII onboard.

      • Internaut · 1239 days ago

        Good idea to give it away. Maybe donate it to a girl's private school. That would keep the feds busy trying to decode what they think are coded emails.

  5. Max · 1240 days ago

    Mission impossible track is just too perfect ! Interesting article :-)

  6. Marc · 1239 days ago

    Wouldn't it be possible if malware is installed that it loads onto the other servers in the rack because its been turned back on? Therefore if this one is removed again anyway it could wipe after itself but the others in the rack could be infected?

  7. Jack · 1239 days ago

    Again, they shut down someone's access! It if definitely a problem here in the USA where they won't change any statues to support peoples privacy. They did this when the made the encryption method only use a 'hackable' length of encryption key, they didn't give seniors a raise in their SS payments, but gave them selves a raise instead! Many sr citizens have sworn not to re-elect these people I hope they keep their promise. I guess that's the only way we can control them is to vote them out.

  8. Randy · 1239 days ago

    "MF/PL is worried that some code, perhaps spyware, was installed to attempt to track down communications."

    Gee, do ya think?
    Maybe the FBI facilitated the 100 bomb threats itself to give them an excuse to get their hands on the servers. That sort of service would certainly make a tempting target for the FBI.

  9. Internaut · 1239 days ago

    It is not the stereo-type terrorists that are terrorizing our freedoms, it is George Bush's implementation of the U.S.'s New World Order Police (read his lips).

    We will be assimilated. Not by the Borg, or the Matrix, but by Government Controls. It is for our protection... and if it will save just one life... gobbledegook... gobbledegook... ad nauseum.

  10. ajax · 1239 days ago

    If you consider the regime we now have in power in Washington you are not surprised by this. Nothing that the underlings of Holder surprises me.

  11. Shouldn't you want to blur out the agent's face to protect their identity?

  12. Jerry · 1232 days ago

    And what makes anyone think this is real as opposed to a scm by MF/PL? Not like he flashed his badge at the camera, though he does seem to stare at the supposedly hidden device a lot.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.