My experience with US government agencies
“The Federal Prosecutor’s Office of New Jersey on Monday, August 17, filed accusations against Miami resident Albert Gonzales (according to other sources, his name is written Gonzalez), who stole data on 130 million credit and debit cards, the Associated Press reports.” © Lenta.ru
It so happened that my first post on Habré on how problems in hosting can appear from nowhere. In this article I will tell how to connect only one regular client, you can get into the disclosure of one of the biggest cases in US history.
About three years ago, I started hosting, providing classic hosting, solo-service and server rental. At the end of 2007, another client turned to us via ICQ. I was interested in the opportunity to rent a server with us for “developer” needs. Seeing nothing wrong with this, they collected the necessary machine for its needs, allocated an IP address and delivered it to us in a data center.
')
“Customer, as a customer, what is so strange about it?”, You ask me. I thought so too, until at one perfect moment I received a letter from the local police (cybercrime department) requesting, in accordance with the local (the case, I recall, in Latvia) legislation, to make an exact copy of the client’s hard drive with such and such IP address. Of course we did. It was more fun later.
In May, already on the basis of a judicial warrant, we were summoned by local investigators with a request to provide the original hard drive (in Latvia, a warrant is needed for such things). We provided it and for some time there was silence.
Later, in August of this year, we received a call from the prosecutor’s office (the international cooperation department) and finally explained in detail where we got into that unintelligent. It turns out that the data we provided were necessary for the capture and arrest of one of the largest carders in US history. So, as the second received physical (a copy of the hard disk of one of his accomplices) were (as it is already known) taken out of standing in the course of the investigation, this evidence became one of the key in the case, after reading which the suspect in the case Miami Albert Gonzales agreed with most of the charges in this case.
A few days after the call from the prosecutor's office, I had a conversation with one of the prosecutors in this case, at which I was invited to an international teleconference next day, where besides him were several Secret Service agents, a couple of colleagues from the Department of Justice and a CERT specialist who worked over this case. The conversation was about half an hour, via skype.
After that, for several days, we called back with this prosecutor, including I was invited to testify in court if necessary. With such a need, all costs, including being there, would be covered by their party (because according to international practice, the inviting party pays all costs). But in the end, the conversations changed the situation, and since the suspect himself confessed his participation in the case, our participation as witnesses was not necessary.
What do we have as a result of the fact that they have not checked what the client is doing on the machine being removed and what kind of client is this at all? More than half a year of various unnecessary and actually meaningless calls, wasting time on various meetings and conversations, not counting heaps of calls from various journalists on the subject of receiving comments on this case.
If you briefly describe my opinion on this experience - I believe that any hoster should monitor its customers not only at the time of connection, but also in the course of servicing it.
Pruflink is available at Wired.com
It so happened that my first post on Habré on how problems in hosting can appear from nowhere. In this article I will tell how to connect only one regular client, you can get into the disclosure of one of the biggest cases in US history.
About three years ago, I started hosting, providing classic hosting, solo-service and server rental. At the end of 2007, another client turned to us via ICQ. I was interested in the opportunity to rent a server with us for “developer” needs. Seeing nothing wrong with this, they collected the necessary machine for its needs, allocated an IP address and delivered it to us in a data center.
')
“Customer, as a customer, what is so strange about it?”, You ask me. I thought so too, until at one perfect moment I received a letter from the local police (cybercrime department) requesting, in accordance with the local (the case, I recall, in Latvia) legislation, to make an exact copy of the client’s hard drive with such and such IP address. Of course we did. It was more fun later.
In May, already on the basis of a judicial warrant, we were summoned by local investigators with a request to provide the original hard drive (in Latvia, a warrant is needed for such things). We provided it and for some time there was silence.
Later, in August of this year, we received a call from the prosecutor’s office (the international cooperation department) and finally explained in detail where we got into that unintelligent. It turns out that the data we provided were necessary for the capture and arrest of one of the largest carders in US history. So, as the second received physical (a copy of the hard disk of one of his accomplices) were (as it is already known) taken out of standing in the course of the investigation, this evidence became one of the key in the case, after reading which the suspect in the case Miami Albert Gonzales agreed with most of the charges in this case.
A few days after the call from the prosecutor's office, I had a conversation with one of the prosecutors in this case, at which I was invited to an international teleconference next day, where besides him were several Secret Service agents, a couple of colleagues from the Department of Justice and a CERT specialist who worked over this case. The conversation was about half an hour, via skype.
After that, for several days, we called back with this prosecutor, including I was invited to testify in court if necessary. With such a need, all costs, including being there, would be covered by their party (because according to international practice, the inviting party pays all costs). But in the end, the conversations changed the situation, and since the suspect himself confessed his participation in the case, our participation as witnesses was not necessary.
What do we have as a result of the fact that they have not checked what the client is doing on the machine being removed and what kind of client is this at all? More than half a year of various unnecessary and actually meaningless calls, wasting time on various meetings and conversations, not counting heaps of calls from various journalists on the subject of receiving comments on this case.
If you briefly describe my opinion on this experience - I believe that any hoster should monitor its customers not only at the time of connection, but also in the course of servicing it.
Pruflink is available at Wired.com
Source: https://habr.com/ru/post/69590/
All Articles