New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Thanks for taking the time to type up your belief of situation of things @rds100. Seems very plausible.
@Maounique true, you can't stop them all, but you can still try to discourage them. For example by not accepting orders from John Smith who lives in area code 12345, by requiring valid phone number (and even doing phone verification), not accepting payments by Liberty Reserve, etc.
Perfectly true, however, a really good criminal will use stolen cards and identities or hack a box and piggyback on a legit user.
The IP space will still be yours and the raid will still happen, even if you deny some users.
The only way to stop these raids is to sue for damages each time police chooses to intimidate instead of cooperating with the provider.
I havent heard of any Cogent routers seized or AT&T billing boxes to search for calls or IPs, Amazon Glacier tapes, T-Online, OVH, so on and so forth. It is always the little guy that pays for the "greater good". Could it be because the intimidation always works, they dont want "trouble" to be raided out of business or dont have the money to sue for damages ?
@Maounique how (in this case) should it be possible to "sue for damage"? That would be like a murderer sueing the police to replace his confiscated pistol
AT&T probably gives the police 24/7 online access for unrestricted search in their billing / call log systems, that's why
In this case the provider was in USA, the boxes in Germany. What do you suggest the German police should do - send someone in USA to find the admins / owners of the servers and speak with them?
If they were not indicted, they can sue right away, because police could have gone to them and ask for an image instead of resorting to destructive and disruptive actions.
If they can go to T-Online to ask for a copy and are not yanking drives our of servers, they can do the same with ramhost.
Choosing the other path means either discrimination or intent to intimidate.
I am not sure if you are serious or joking. They can send an email, pick up the phone, files (images) can be sent through internet too, this is no longer the 19th century, even then they had telegraph.
They can do that when they are asking yahoo for emails, do you think they go to yahoo servers in germany and yank the drives ?
@Maounique i seriously doubt that any provider would submit such information after an email or phone call (hell, i HOPE no provider would do this). Court orders don't work over the phone.
And i am sure yahoo has a registered company in Germany and has registered an appropriate contact for such situations with the police.
Interpol does. The German police calls the FBI and asks them for a copy of the VM with the IP in question.
FBI goes to Ramhost and get that. As I said, 19th century is long over.
Court probably just underestimates the VPS business' size and just assumes the entire server belongs to the offender. Unless you have your own private datacenter like Amazon and Microsoft they just assume that the server owner is the offender, which is a rational statement.
It might be, then the indictment will be against ramhost and we have the second situation, they will sue after the court cleared them.
The stuff about police not having the money to hire experts is so made up that doesnt even worth discussing.
They can track complicated schemes to launder money, cyber-criminals that steal from banks in multinational networks of crime (http://www.latimes.com/business/la-fi-credit-card-fraud-20130206,0,2820367.story), does anyone imagine they cant afford a few thousand Euro a month to pay a computer expert ? It is not Zimbabwe's police, FFS !
And why would they do that? The server is located in Germany. The German police having to call the FBI to get data located on a server in Germany is beyond ridiculous.
Because the company is from US ?
If they need a mail from yahoo.de (located in switzerland from what i can tell) they wont go to switzerland or even the german dc to pull the drives, they ask yahoo to give them the mails and IPs, whatever they have a warrant for.
Google has coloed servers, does police go there to pull the drives or ask google nicely even if the servers are in germany ?
There is a certain size from where a corporation is entitled to courtesy ? We apply different kinds of laws to differently sized companies ?
Stupid police just isn't aware that it's even possible to rent out parts (as in virtual) of a server. They get told what physical server it is ad they just rip the drives out
First of all i don't think you have a good grasp on police work. Do you have any idea how much it costs and how much of a hassle it is to get an international warrant?
Second, what you are suggesting is similar to an American company renting a building in Germany and then askign the FBI to conduct a house search in said building. It's just ridicolous.
Do you actually have any sources to back up anything you say or are you just making stuff up in your head?
Doesnt hold water. If they are this stupid will rip drives out of any server belonging to any company. It doesnt happen, so someone is taking the decisions:
1. This is a small company, wont sue, lets set an example;
2. That is a big company, better ask nicely, behave legally.
Unlike physical locations, virtual ones are accessible from everywhere. The american company wont be able to make a copy of the building and send it by email, besides, police searching the building does not pull elevators and floors out to study them at their quarters.
Lets say I know how yahoo hands out emails to various jurisdictions. It would be much easier for the police to get the drives than have hearings, provide evidence, etc, but will still have the same problems: encryption, raid proprietary stuff, it is much better to ask the node owner for a copy of the VM/emails and much more chances of success in retrieving the actual evidence from there with their cooperation.
Justice will be served better, but the problem is if that is the main intention.
i have all my server backup in 2 differente machines, with different location :P, im kind of crazy
each machine keep a backup, backup is copied to a USA machine, and also to a EU machine.
And how is the police supposed to know that it's a "virtual" location? For them it's just data stored physically on a harddrive.
How are they supposed to know that there is a node owner and that said owner isn't involved in the illegal activity? Would they ask a drug lord to hand out evidence about himself?
On a sidenote emails are an entirely different case anyway since all providers above a certain size (i think 10,000 inboxes or so) must provide an interface for the police so they wouldn't go to Yahoo anyway to seize servers for emails.
A drug lord wont have a page stating he is dealing in VPSes, his own IP space, multiple datacenter locations, wont sell VPSes...
A simple look at the webpage, at the ASN, a query to ARIN/RIPE...
Huh ? You're joking, right ? There is nothing physical on the hard drive, a pattern of electrons like the power from your power cable. It can be replicated without loss, unlike a building. It is not a folder with some sheets of paper, hard copy pictures, 35 mm film, etc which cannot be sent bit by bit in an exact copy through a wire/fiber, whatever. Anyone knows a copy of a document on a computer does not involve a sheet of paper with characters printed on it, even if it was a scan of one. Everything on a hard drive is virtual, a representation of the real thing. Even police went there expecting to find a computer and some hard drives, not some lockers with paper.
I am not sure yahoo will allow unrestricted police access to whatever they want. Care to link the source where they do ?
And if it is so with emails, what about online storage, skydrive, glacier, AWS, things like those, does police go there and takes the servers or asks for a copy ? Is that copy less usable in court than the drives or tapes from amazon ?
Or...is it data stored on that little flash memory I hid well in the case? I think if a court orders them to seize the evidence, the whole system is the only way they can be sure that they have the right thing without an expert on site. I think an expert on site that represents the law enforcement is always the best scenario, but again with budgets. There are so many parts of society that are adapting to the changes presented by the internet. I think it's important to be patient with them and reach out to your government to petition for changes that you believe are appropriate. Until then, I think it's important that they do their jobs to the best of their ability.
I think the worst thing they could do is go in there to seize the evidence and walk out without it. You can't guarantee that two computers are the same. There's no one way to build them.
If you give VPS providers the loophole, then the drug lord just might have all of those things. It's just like if I'm holding the gun and the guy is on the floor, they're going to arrest me. They don't know that some guy just handed it to me around the corner and I walked in the room just then. It's not the best analogy, I get it, but what I'm saying is that they can't know for sure that the person in possession isn't the one guilty until they examine the evidence. If you own or rent the server, you are in possession. The datacenter may also be considered potential suspects until cleared, because they also have direct access to the machine and may even be owners of the machine itself. The mere claim of being a provider should not be an instant loophole. Ideally court orders shouldn't be handed out like candy, and perhaps that's an angle to go after if they are, but by that time you should not be trusted to tell the police what they need to take. That's their job.
If they have a court order to search someone's home, they don't walk in and ask them where they should look. That's dumb. The person isn't guilty yet, but you sure aren't going to take their word for anything.
It's not like physical property where you can see the person occupying the space, like an apartment building. It's entirely different. The signs of a tenant are much more vague and far less common knowledge. There is no client physically occupying that container folder. There is evidence of a potential client by the existence of a separated container, confirmed after examining logs on the machine and the provider's billing system. Until then, that there is a tenant there is only a possibility that cannot be confirmed by a legal authority until the court ordered seizure has taken place. Changing that to require a legally authorized expert to conduct the seizure is something you propose. It's not just something that happens overnight in law enforcement agencies around the world. In a perfect world that would be how it would happen, but you don't just wake up one morning and ask why it isn't already that way. You have to petition for it, suggest it, write letters, make phone calls. They can't read our minds.
And what if he did? Coming back to the original point, your logic would mean that any criminal would just have to set up a hoster and be done with police persecution forever? Since aparently having "multiple locations" and "IP space" means that one can never ever commit crimes.
Actually, in the context of evidence, a harddrive is exactly that. It is also possible by forensic means to recover data that has been overwritten, so a harddrive can't be 100% copied.
Here you go: http://www.gesetze-im-internet.de/tkg_2004/__110.html
Nope. The police would still be able to monitor communications and such know what happens there. After all, a warrant needs some basis and it usually appears from surveillance pf honeypots and already seized vms, computers, without the knowledge of customers (the best way, cooperation with the Provider to gather evidence under the scope of a warrant)
If they have some data that shows the provider itself is the perpetrator, fine, then gather all his computers.
The best way to lose evidence is to go and scare ppl into hiding the evidence, the best way to obtain it is to keep the target under surveillance, save multiple copies without their knowledge, look if data in encrypted and get the key from memory if possible, things like those.
True, you have a point there, but recovering previous versions of a file on a multi-strip raid frequently overwritten is a problem the best labs in the world will have their hands full with a high failure rate probability. As the cost will be much-much more than having an expert on site to monitor and save the image at key points in time as well as the data flow which will have a higher rate of success, faster resolution time (realtime, almost).
That has no bearing on data storage, more on voice communication as everyone has.
http://www.bundesnetzagentur.de/DE/Sachgebiete/Telekommunikation/RegulierungTelekommunikation/Meldepflicht/VeroeffentlichungTKAnbieter_Basepage.html?nn=146838
Check the first PDF. This is a list and contact details of the "content providing companies" registered with the German "Fenderal Network Agency" (bundesnetzagentur).
My guess is that if ramhost with it's contact details was registered in this list they would be contacted for details about the IPs being searched and the data. Since ramhost was not registered, the data center was contacted.
Btw, check the list - you will find a lot of well known company names inside - Level3, Cogent, Interoute, Hetzher, etc.
If they have some data that shows the provider itself is the perpetrator, fine, then gather all his computers.
Problem is that the evidence that excludes the provider from being suspected as the perpetrator is on the system in question. So if you have to seize something, ruling the provider out and seizing what they tell you to based on, let's say output from WHMCS (not hard to falsify), it would be illogical to exclude the provider until you had seized the system. If you gave them the benefit of the doubt, they may cover their tracks, thus making "vps provider" the perfect new front company for criminal activity.
Agreed. However, this would have to be done without the knowledge of the provider until the provider was cleared as a suspect, otherwise you would do just as they say and scare them into clearing the evidence. Who knows how little or how much work they have to do to get that system tossed in the ocean. I don't know about you, but unless they've got super powers they're not going to be able to do that to my node without my knowledge.
Wrong. Lets take just RBN as example. The idea that there aren't "bad" providers who operate on large scale is very naive... and webpage, ASN, own IP space and stuff should not give to anyone aura of protection from investigation. You're so, really soooo naive in simplifying things the way it have nothing to do with reality.
Means what? Innocence and willingness to cooperation by default?
This does not mean all those provide Police with a platform to intercept, what, data flows ? For every email/vm searched, every line intercepted, a warrant is still needed.
True, in US the feds can intercept any call they want, no warrant needed, but even there there are voices calling for a return to democracy.
@Maounique no, it means that those in the list can identify who is behind a certain IP and have provided contact details for a person who can give this information to the police.
For everyone who is not in the list, he is counted as an end user of the IPs so he is at risk of having his equipment confiscated.
No, the best way to loose evidence would be to go to the person that is legally resposible for the server (the one that rented it) and just ask them to provide the evidence themselves.
In sincerly hope you realize how stupid you are being. I raise the point that a DD copy of a drive is not enough to aquire actual evidence and you reply to that by saying that it would be much cheaper to just destroy evidence.
It's exactly about what i said it's about, that every email provider of a certain size needs to provide an interface for reading and intercepting emails. Of cause said interface can't be used without a warrant.
As I said many times, nobody has to be cleared, everyone is considered innocent and a legally established company has to be suspected first based on some facts, not cleared first based on some other facts.
OK, if your surveillance, electronic or otherwise, of the provider shows some suspicious facts, then, by god, go there and seize all the servers, billing, control panels, etc so you can read all logs and obtain all evidence you want.
It is very doubtful ramhost had only one server in germany and that german police was incapable to coordinate the raid with the FBI and Interpol to take all their servers all over the world.
You and spirit try to create a fairy tale here about the bad provider that uses his IP space and servers to host child porn or operate a terrorism cell trying to cover it under a VPS/shared hosting business.
You know very well that renting a botnet is much cheaper and almost impossible to raid. Renting with stolen identities and cards is also much cheaper and you have redundancy across providers too.
You also know this scenario is not only illogical, but extremely improbable and contradicted by the facts (police didnt steal all their computers, just some drives in one of them) which sugest that, if the provider was suspected, the operation was a total failure, even if they are able to rebuild the raid.
You also know that freenet and hidden tor sites can do this job for free, even. Use botnets, hacked servers to access those too and who is gonna catch you ever ?
Compare that with the hassle to comply with tons of regulations, spend money on staff, accountants, risk snitching from them to the police, blackmail (nobody in their right mind will ever be sure of their staff especially when running such operations), is that even remotely plausible ?
I think not. Victimizing providers is intended to scare them into doing police job and spying on their customers, most of the time illegally to tip the police about torrenters and escape raids.
Did you literally just call the RBN a fairy tale?
Why not? Why isn't the provider suspect #1? In fact, if they host illegal content, they should be the first person assumed responsible. The next step is to find out that they're a provider and consider the possibility of a tenant. This means that unless a tenant is found, the provider is guilty. The tenant cannot always be found without alerting the provider. This means that the provider with a good backup plan to dump the data as soon as they're alerted is now above the law. This means "vps provider" is now the top shell company for illegal activity on the internet. You cannot prove the existence of the tenant without first assuming the provider, and if the provider is guilty and you always assume a tenant first and leave the provider alone with the data after being alerted to your intentions, you have made the wrong move.
So what you're saying is that a provider should be invincible in a legal sense. So all I need is to be a provider, have a friend in the datacenter, and by your rules I am now above the law and can never be found guilty of a crime.
Yet you try to create an environment where the provider is the best person to be if you want to do those things. How can you tell people exactly what profession to seek if they wish to break the law and expect that your notion of providers who are almost, in your eyes, genetically superior beings that are incapable of wrongdoing, to be true for long?
Based on what moral, logical, or scientific absolute is a provider incapable of doing those things? Then, based on what moral, logical, or scientific absolute are the people who desire to do those things absolutely never going to use "vps provider" as a front for those very things, because the law is required to discuss it with them as if they are immune to being called a suspect unless a tenant is not found?
I think you are under the impression that criminals are easily boxed in and never surprise you. Police can't re-train every week. They're not Microsoft. They need adaptable standards, and what you suggest makes the environment far more adaptable to criminals and far less adaptable to law enforcement. In an increasingly dynamic world, I would have to call your approach outdated. Once you tell the police that the criminals have to be wearing a size 8 shoe, the criminal will put on a size 9.