September 14, 2009 at 16:28My experience with US government
“The New Jersey State Attorney’s Office on Monday August 17 indicted Miami resident Albert Gonzales; other sources say his last name is Gonzalez, who stole 130 million credit and debit cards, Associated Press reported.” © Associated Press. © Lenta.ru
It so happened that my first post on Habr on how problems in hosting can appear from nowhere. In this article I will explain how connecting only one regular client, you can get into the disclosure of one of the largest cases in US history.
About three years ago, I started hosting, providing classic hosting, solocation services and server rental. At the end of 2007., another client contacted us via ICQ. I was interested in the opportunity to rent a server with us for "development" needs. Seeing nothing wrong with that, they assembled the necessary machine for his needs, allocated an IP address and delivered it to us in a data center.
“The client, as the client, why is it strange?”, You ask me. I also thought so, until at one perfect moment I received a letter from the local police (cybercrime department) asking them to make an exact copy of the client’s hard disk with such IP in accordance with the local laws (I recall, this happens in Latvia) address. Of course, we did just that. Then it was more fun.
In May, already on the basis of a court order, local investigators called us to ask for an original hard drive (in Latvia, a warrant is needed for such things). We provided this and for some time there was silence.
Later, in August of this year, a call was already made from the prosecutor's office (department for international cooperation) and finally we explained in detail where we ourselves got into. It turns out that the data we provided was necessary for the capture and arrest of one of the largest carders in US history. Since the second physical ones (a copy of the hard drive of one of his accomplices) during the investigation were (as is now known) put out of action, this evidence became one of the key in the case, after familiarization with which a resident suspected of participation in this case Miami Albert Gonzales agreed with most of the charges in this case.
A few days after the call from the prosecutor's office, I had a conversation with one of the prosecutors on this case, on which the next day I was invited to an international teleconference, where in addition to him there were several Secret Service agents, a couple of colleagues from the Department of Justice and a CERT specialist who worked over this case. The conversation was about half an hour, via Skype.
After that, over the course of several days, we called back with this prosecutor and, among other things, I was invited to testify in court if necessary. If necessary, all costs, including being there, would be covered by their side (because, in international practice, the inviting party pays all costs). But in the end, the situation changed, and since the suspect himself admitted to being involved in this case, our participation as witnesses was not necessary.
What do we have as a result of not checking what the client is doing on the rented machine and what kind of client is it in general? More than six months of various unnecessary and virtually meaningless calls, wasting time on various meetings and conversations, without counting heaps of calls from various journalists on the topic of receiving comments about this case.
If I briefly outline my opinion about such an experience, I believe that any hoster should monitor its clients not only at the time of connection, but also as a result of servicing it.
Pruflink for this case is available at Wired.com
It so happened that my first post on Habr on how problems in hosting can appear from nowhere. In this article I will explain how connecting only one regular client, you can get into the disclosure of one of the largest cases in US history.
About three years ago, I started hosting, providing classic hosting, solocation services and server rental. At the end of 2007., another client contacted us via ICQ. I was interested in the opportunity to rent a server with us for "development" needs. Seeing nothing wrong with that, they assembled the necessary machine for his needs, allocated an IP address and delivered it to us in a data center.
“The client, as the client, why is it strange?”, You ask me. I also thought so, until at one perfect moment I received a letter from the local police (cybercrime department) asking them to make an exact copy of the client’s hard disk with such IP in accordance with the local laws (I recall, this happens in Latvia) address. Of course, we did just that. Then it was more fun.
In May, already on the basis of a court order, local investigators called us to ask for an original hard drive (in Latvia, a warrant is needed for such things). We provided this and for some time there was silence.
Later, in August of this year, a call was already made from the prosecutor's office (department for international cooperation) and finally we explained in detail where we ourselves got into. It turns out that the data we provided was necessary for the capture and arrest of one of the largest carders in US history. Since the second physical ones (a copy of the hard drive of one of his accomplices) during the investigation were (as is now known) put out of action, this evidence became one of the key in the case, after familiarization with which a resident suspected of participation in this case Miami Albert Gonzales agreed with most of the charges in this case.
A few days after the call from the prosecutor's office, I had a conversation with one of the prosecutors on this case, on which the next day I was invited to an international teleconference, where in addition to him there were several Secret Service agents, a couple of colleagues from the Department of Justice and a CERT specialist who worked over this case. The conversation was about half an hour, via Skype.
After that, over the course of several days, we called back with this prosecutor and, among other things, I was invited to testify in court if necessary. If necessary, all costs, including being there, would be covered by their side (because, in international practice, the inviting party pays all costs). But in the end, the situation changed, and since the suspect himself admitted to being involved in this case, our participation as witnesses was not necessary.
What do we have as a result of not checking what the client is doing on the rented machine and what kind of client is it in general? More than six months of various unnecessary and virtually meaningless calls, wasting time on various meetings and conversations, without counting heaps of calls from various journalists on the topic of receiving comments about this case.
If I briefly outline my opinion about such an experience, I believe that any hoster should monitor its clients not only at the time of connection, but also as a result of servicing it.
Pruflink for this case is available at Wired.com