Outsourcing

FBI seizes servers: Reminds IT admins to have a back-up plan

If the FBI seized your Web servers by mistake, would you be able to keep your site up? Here are five tips to make sure you could.

Earlier this week, the FBI seized several servers at a hosting facility in Reston, VA. The servers were used by DigitalOne, a Web hosting company based in Switzerland. According the New York Times, the FBI was interested in just one of DigitalOne's clients, but took equipment used to host several other sites, including those run by Curbed Network, Pinboard, and Instapaper.

According to the New York Times, Sergej Ostroumo, DigitalOne's chief executive, said that the FBI took entire server racks, instead of just machines linked to a specific IP addresses:

DigitalOne provided all necessary information to pinpoint the servers for a specific I.P. address, Mr. Ostroumow said. However, the agents took entire server racks, perhaps because they mistakenly thought that "one enclosure is = to one server," he said in an e-mail.

Remember to have a backup plan

Incidents like this should remind every IT admin and Webmaster to always have a backup plan. Even if your collocation facility is protected from natural disasters, power outages, and physical theft--there's always the unexpected.

TechRepublic writer Suman Bolar suggests the following advice to ensure your organization is prepared for a Web hosting service disruption:

  1. List your own company as the administrative and technical contact when registering your domain.
  2. Identify a back-up hosting company.
  3. Maintain a mirror site with another host if the size of your operation justifies the cost.
  4. Maintain a checklist of steps to be taken if you need to switch to another host at short notice.
  5. Always maintain your own current back-up copy of your site.

Additional resources:

For advice on avoiding web hosting disruptions, check out the following TechRepublic resources:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

32 comments
l_e_cox
l_e_cox

Actually, this topic is a little out of my depth. But I thought I'd leave a note because I realize that my method is no longer much used. It's a pain in the butt, and I don't use it for my blog because that uses a CMS (Wordpress). But I use it for my little personal sites. I learned this method when I was going to school. We had a server at school where our projects were deployed. Some guys developed their sites by connecting to the server with FTP and pulling the files down to work on them then pushing them back up to see how the edits played out. That's how the instructor did it. But I wanted to be able work off line. So I had a local copy of my whole site. Some of the configuration paths were different, so I had all my configuration lines in pairs, with one of the pairs commented out depending on whether it was the local version or the server version. It was extra work for sure, but it meant that I always had a full working version of my site on my local machine.

cosmos-420man
cosmos-420man

I say that isn't this a good way for the SEC and the EEEI and last but not least the ETA and the EIFCA to get their laws, rules, regulations, and by-standers and all sorts and what not, all in order now ...???... Well, if your are a blue-and-white striped big-brother in whose like flint with your Internet Giant Regulation Committee and Foresight Engineers and don't forget Partner to partner idealist-IT form-style computing experts!!! I thinked that hey Google coulda' do that ./././ ??? /././. Soooo, why not ICANN or ESA or ANON or GALNA or ANIN or GANIN do at toooo... All of these organizations ought to o the do the saem, right, like John Stockholme, American Adventilist and Patriot , or Andrew F. Hauser, European Poet and War Strategist ( he was alos the one to solve our computing problems with the Lybian forces in Kosovo and the Cuban Missile Crisis that spread the whole entire Rogue-11 and the Techno-Riot-fs directories Top Secret in 1993, a real killer to the individualists' CIA and Anti-crime Force (ICIA) and (AACF) Right?

Dr_Zinj
Dr_Zinj

Problem is this particular court is loaded with big government favoring justices. So if you're looking for support of individual or small business rights (as opposed to major corporations who pay big money for federal representatives), you're out of luck. The FBI IS corrupt. It's kind of sad when you consider that most of the good they do is either by accident, or from a few good agents that haven't been molded by the institution. But when they screw up, they do it in a big way: Ruby Ridge, Waco, and Whitey Bulger and the Winter Hill mob are outstanding examples.

Alpha_Dog
Alpha_Dog

Innocent people are collateral damage in this war of theirs, a war in which they have no idea who is the enemy, yet they are allowed to take down the presumed innocent and completely innocent alike. Even in the heat of war, if an American soldier opened fire into a crowd to kill one bad guy, he would never again be a free man, yet the FBI can take down a server rack because one account of one machine piques their interest. For clarity let's translate this to something more common like physical real estate. A vendor at a mall is being a bad boy... do the police shut down the entire mall until the investigation is over? No, there would be many lawsuits. One person in a gated community is accused of kiddie porn. Is the entire gated community seized and every man woman and child carted off to jail? No. Again, there would be many lawsuits. How about if a small farm starts growing pot on their 40 acres. Does everyone in the original land grant and plating of 3000 acres loose their farm land? No. people would object with a truly amazing array of legal action. Why is it that the luddites in the FBI think that this is a good idea? Why is is that us IT geeks allow the bully to take our lunch money just because our server shares a rack with someone who is accused of being bad? Why are we not suing the government in civil court for lost revenue at RIAA level exaggerations and in criminal court for gross negligence? C'mon folks, sauce for the goose and all that. Until someone says no, and enforces it with lawyers or firearms, we loose rights to government arrogance. This country was not founded by helping the redcoats pillage and burn, but rather standing up for the rights of the people. To put it bluntly, this conduct by the FBI violates the reasonableness requirement of our constitutional rights under the 4th amendment. Some good reading about the remedies is at http://law.justia.com/constitution/us/amendment-04/30-exclusionary-rule.html. Other reading as it applies to the seizure of electronic evidence can be seen at http://www.eff.org/files/filenode/foia_ccips/20080123_sscoeecireu.pdf

tgreer
tgreer

It happens more than you might think... we had one client get equipment seized when a receptionist was using chat/email to try and hire a hitman for her husband! Another time it was an employee arranging to meet a minor for sex (sting). Another was a pawnshop being investigated for firearms violations. Just think of the possibilities. 'another reason to keep employess from using their business computers for private stuff.

a.portman
a.portman

I have a friend, an IT Director, who was met one morning by the FBI. They wanted all of his servers. His Network Administrator was in custody (and will be for another 15 or so years). DO YOU HAVE A BACKUP PLAN???? We do not, although, we do have local copies of our web sites and could move them over to another hosting company in a day. In the end, it does not really matter if it is the FBI, a tornado, or a revolution, you need to know where your data/site really is and if that site dissapeared, what would you do? For those of you using GoogleDocs for business, what if Google decides it doesn't want to be in the word processor business anymore? Do you have a plan for that? My friend the IT Director was able to image his servers before the FBI took them. He and an agent scanned them all for files that should not have been there. A St. Louis area company had its backup data center at 1 World Trade Center. All they will say about the new backup site is that it is more than 150 miles from St. Louis.

toad1234
toad1234

Well, like the old FBI agent said in an interview, "a lot of crime goes on over at the FBI."

jtollack
jtollack

I think the thread went off on a tangent. The vast majority of IT management does not have to actually worry about storm troopers making off with their equipment. the point is to plan for the unexpected. I like the point about DNS serivces which we all take for granted much of the time. I have seen a customer's operations come to a screeching halt for an entire day, because the cheap DNS hosting company they used went under without notifying their customers and simply "turned the lights off"

Gemmz
Gemmz

Hi everyone - there is one thing missing here: the FBI should have given out a leaflet telling the office manager where he could obtain compensation for his clients. If the FBI did wrong in taking the servers, then they are guilty of a crime, and it is then their responsibility to compensate for this.

Pruduch
Pruduch

In case you're using a hosted server, then computer hardware shouldn't be located in countries like USA or EC. Even if you use a DNS service from a US provider your website might be shut down in minutes in case the content displeases authorities. For me Iceland seems to be one of those countries where freedom of information and freedom of the internet is granted. Does anyone have a rating index of countries which is related to digital freedom?

CyberCritic
CyberCritic

If the FBI walks into a hosting company and emptied it, what recourse if any do the customers have against the FBI. Loss of income etc? Also what about the hosting company. If the servers were in FBI hands for any length of time they could go out of business, do they have any financial recourse, especially if the servers are eventually returned and no charges are filed?

bjswm
bjswm

So for non US companies, we should be very wary of any "cloud" offering that utilizes US-based servers. It just isn't worth the risk.

santeewelding
santeewelding

You're being shopped, by one side, or the other.

sissy sue
sissy sue

As long as our fellow citizens are just itching to send other fellow citizens to prison, and as long as the government can motivate by fear, this and worse are going to happen. The American people need to respect the Bill of Rights and take back their freedom. The only way that will happen is when they start giving a damn about other citizens who are unjustly persecuted by a government that is supposed to protect and defend our "life, liberty, and pursuit of happiness," but instead is the entity that is most likely to destroy them.

seanferd
seanferd

They fly too often. Not to mention all the circumstances in which Law Enfarcement is excused from needing warrants. Then there are critters like the DHS which seem to be operating way outside of their mandate.

Alpha_Dog
Alpha_Dog

We have a colo server in a foreign land. Our DNS is outsourced, so if the feds came to take away the servers, computers, and light bulbs from our hosting company because some dirtbag did something naughty, we'd be back up and running in about a minute after we noticed the outage. Considering our CRM, ERP, accounting, project management, email, web site, and eCommerce would all go down at the same time, we'd notice immediately. My biggest beef is that under Federal Criminal law, the only tried and true recourse to a 4th amendment violation is the exclusion clause. I can make the case against Mr. Dirtbag go away because the government did something naughty too. Yeah... that helps me a lot... thanks. What's the potential damage of an FBI seizure of a rack of servers when they are after one account? What is this happened to Mark Zuckerberg about the time Facebook launched? What would his loss have been? This is probably the tack necessary to pursue remedy in civil court.

Charley.McGee
Charley.McGee

At least not in this country. And there's nothing illegal (yes, that would be the correct spelling) about it. It really comes down to the wording on the warrant. very likely, that warrant said something akin to 'sieze computer equipment related to XWZ". If this is the case, then they were entirely within their rights to do what they did, even if their actions were astoundingly short-sighted and even lazy. To that end, the racks themselves qualify as 'computer equipment' and so they just take everything and return what they don't need. I'm willing to bet actual money that the FBI field agents in question were not IT geeks. They were told to 'seize that server' and set about doing it in the most expeditious manner they saw. "Hmm...we can either try to figure out how to pry that thing out of there or we can unplug 2 power cords and 2 network cords and wheel the whole thing out." Of course, I'm sure that no one on here has EVER taken the lazy way. I'm not defending the behavior. I'm just saying that this is how it is.

melias
melias

If the FBI had a search warrant for the servers, then you get no recompense. Even if your company goes out of business. Even if your server was not on the same box as the one(s) the FBI was interested in. In short, you have no protection from their arrogance.

hwwgandolf
hwwgandolf

our gov. is committing crimes everyday and you think you can get recompense from them. lol

Realvdude
Realvdude

So in Iceland the police/authorities cannot investigate computer crimes? Farther down someone atrributes this to a bad warrant and lazy FBI agents, which is probably as close to the truth as we will know.

mchldpy
mchldpy

hey Pruduch do you happen to have a list of Iceland based companies, or point me in a direction? thanks, michael clyde

Gemmz
Gemmz

Dear Pruduch, whilst the police will have stormed any place across the Netherlands, once in, they would have taken the time (in good Dutch fashion) to take the equipment out. They would have been talking to the manager of the office and whilst not drinking coffee on the job would have made it quite clear what he should do to get compensation for him and his clients.

RealGem
RealGem

Government security agencies could do that anywhere. I'm in Canada, and I doubt CSIS would give you two weeks notice before seizing our stuff. The better approach is, if you go with a cloud solution for critical services, make sure that you evaluate the provider's ability to recover from force majeure.

Realvdude
Realvdude

In this instance I could get our website back online within an hour, but not if something involved the hosting company as a whole, like others have shared. We have our domain registered through the hosting company, and use the privacy service as well. Likely the most critical problem would be updating the DNS records as that too is handled through the hosting company. The only saving grace is that our host consistently ranks in the top 10. So, I will be checking to see what I would need to do in a worst case scenario. FYI - DigitalOne uses HP blade servers to offer hosted servers, including virtual servers, so the impact of having several cabinets seized is huge.

Alpha_Dog
Alpha_Dog

Simply put, the difference between the SS operating outside their original mandate (they did, look it up) and the FBI doing the same is that we know better. ...we DO know better right? In the vein of "those who do not learn from history are doomed to repeat it's mistakes" comes a corollary: History majors who can recite event and date but not see similarities in events either historical or current are useless.

AnsuGisalas
AnsuGisalas

And the witch-hunters have silver bullets. Someone will have to take it all the way to supreme court. Probably that someone will need powerful sponsors, with both the clout and the moolah to back it up.

bstockha
bstockha

Just do a Google search on "web hosting Iceland" or Iceland-based Internet Hosting.

Pruduch
Pruduch

hey michael unfortunately I don't have any information about Iceland based companies. I just read about Island's parliamentary resolution (June 2010: Icelandic Modern Media Initiative) tasking the government to introduce a new legislative regime to protect and strengthen modern freedom of expression. http://immi.is/Icelandic_Modern_Media_Initiative

Alpha_Dog
Alpha_Dog

...is that the state of nationalist hysteria at the time and how fast John Q. Public can be overloaded and sidetracked by the news determines how much oversight the feds actually have. This determines the probability of them being taken to task for their conduct which in turn determines how far they will push the bounds of law in an effort to look busy.

mchldpy
mchldpy

Thank you both but, i was hoping for "personal or first-hand" knowledge of a host. My results from closing my eyes and pointing at one have been less than desirable and relying on online reviews of anything gives me gas. michael clyde

Editor's Picks