At $250k? I don't think so. Disrupting, and potentially bankrupting, hundreds of businesses... that sounds more like somewhere in the hundreds of millions, or potentially low billions.
Importantly, the US govt now needs to convince the rest of the world that this will never happen again. We've got servers hosted in the US. Should we move them? Are we safe from this kind of indiscriminate abuse of force?
> FBI spokesman White says the equipment seizures were
> necessary.
> "My understanding is that the way these things are hooked
> up is that they're interconnected to each other," he says.
Well, talk about competence (err... the lack of it). I really hope they won't come to pick up my machine, because it is also interconnected...
Seems like there's a new branch of law or law enforcement that needs to be developed. People who have some expertise in IT need to advise law enforcement about raids like this.
One issue with this is that all of the FBI raids that go well and consist of competent decision making regardless of IT knowledge involvement will never make the news. No one wants to read that a raid went off without a hitch. Or that the field agents sent in to raid a data center were competent enough that no network other than the suspect's was interrupted. Those stories don't make the news.
* Admission of possible bias - I'm a member of the Chicago FBI InfraGard program that exists for information sharing between private industry and the government. I've met, talked to, and shaken hands with, many smart and knowledgeable people in the FBI working on computer crime cases.
"Authorities also raided his home, where they seized eight iPods, some belonging to his three children, five XBoxes, a PlayStation3 system and a Wii gaming console, among other equipment. Agents also seized about $200,000 from the owner's business accounts, $1,000 from his teenage daughter's account and more than $10,000 in a personal bank account belonging to the elderly mother of his former comptroller."
I'm sure no-one doubts there are numerous smart, knowledgable people working for the FBI. Unfortunately, looking at the above, there are obviously plenty of the opposite as well, and they have just as much power as the first.
The FBI has a duty to ensure that its overwhelming powers are wielded only by those competent to do so, in the same way that it has a duty to ensure that anyone it issues with a firearm is sufficiently trained in its use.
There is no room for such wild discrepancies in competence when the agency in question has such power to ruin lives. They are entirely at fault here, and "but it mostly goes well!" is no excuse at all.
"The FBI has a duty to ensure that its overwhelming powers are wielded only by those competent to do so, in the same way that it has a duty to ensure that anyone it issues with a firearm is sufficiently trained in its use. There is no room for such wild discrepancies in competence when the agency in question has such power to ruin lives."
I've known about InfraGard, and I've met InfraGard people from the Cincinnati area, but my understanding was that it focused on "how to get/guard against the bad guys." What I'm talking about is more along the lines of, "how to make sure you don't trample innocents."
If the police need to detain someone with special medical needs, I hope that they get medical advice on how to ensure no harm is done. If the police need to do a raid in a community where the majority culture is different and no one speaks English, I should hope that they get a hold of the specialized expertise to negotiate that gracefully. A raid at a datacenter used by parties other than the suspect is another situation requiring specialized knowledge.
So there are lots of FBI agents savvy enough to get advice. I think the problem involves the ones who don't know enough to know the full extent of their own ignorance.
Also, regulations are in order. If the authorities have the power to bring down someone's business on an "OOOPS," doesn't this leave a loophole begging to be exploited?
It may be true that many, even most (although I doubt it), law enforcement agents dealing with IT are competent. But that's not good enough.
The cornerstone to the philosophy of our legal system is that the USA should be a place where someone who is acting legally need never worry about being a victim of law enforcement. That's why we guarantee a jury trial, require that anyone arrested be read Miranda rights, forbid searches without warrants (and enforce the Exclusionary Rule), etc.
Saying that someone implicated in a crime (or more importantly, someone whose server happens to sit next to one owned by someone implicated) will probably not suffer at the hands of incompetent agents is nowhere good enough.
It's far more important that no innocent be persecuted than that no bad guy slip through the net. I will not have it on my conscience that the government, acting in my name with powers I've ceded to it, has violated the human rights of someone that was no danger to me.
Do you seriously think that other countries have more respect for rule of law or knowledge of data centers than the FBI? It's not that I have any respect for the FBI when it comes to how they have handled this or other investigations but I have a hard time believing that this couldn't easily happen in any other country you might choose to house your servers in.
What this case tells me if I'm running a business or in charge of the operations group is to make the case for investing in a good disaster recovery strategy. Basically, this is the equivalent of your data center catching on fire, blowing up, falling into a sinkhole, etc.
You should always budget for and have plans to be able to be back up and running with 24 hours if your business depends on what's in the co-location facility. If you're big enough then probably already have multiple sites and can sustain the hit from one going down or being removed anyways.
A coordinated raid of multiple sites inside of the US wouldn't be that hard. A coordinated raid spanning multiple countries would be hard enough that you'd have to suspected of Really, Really, Bad Things for it to come off.
That wasn't my point. If you're suspected of enough that they are specifically targeting everywhere you're at and/or seizing your off-site DR assets you've most likely done something bad enough to warrant that closer look.
You need location redundancy anyway. Fires, floods, earthquakes, etc. A few years ago burglars broke in and took all my machines. So there are many reasons to have an off-site separate-provider backup of everything.
Well that's just great. I'll have to add incompetent law-enforcement to the BCP/DRP list of stuff you have to take into account along with network outages, terrorism, fire, flood and all the rest.
I do not want my company's communications disrupted by an FBI raid on a service firm that turned out to be a criminal enterprise. I had best look for a service provider that has been _pre-investigated_ by the government. After all, I have a responsibility to my company's shareholders and customers.
This wasn't imcompetence--it was thuggery. They use the same "shock and awe" tactics as the police and military--crush your opponent with overwhelming force so that everyone else will be terrified of you and cower before you. This is a deliberate tactic on their part. All federal LEOs work this way--DEA, FBI, etc.
If Mike Faulkner truly was not involved with the alleged illegal actions, he and his family ought to do well, living off of a considerable settlement from the FBI. Hopefully enough to start a new business or two...
Unfortunately, that ultimately means I, as a tax payer, will be funding it. Sigh.
Weird. I fully expected to read the article and be able to figure out what the FBI was trying to do, and see their side of the story. But I'm more baffled (and frustrated) than ever.
It looks like the FBI is due for a Judge delivered smack down like the SS got for http://en.wikipedia.org/wiki/Steve_Jackson_Games,_Inc._v._Un...