[Infowarrior] - When the FBI Raids a Data Center: A Rare Danger

Richard Forno rforno at infowarrior.org
Wed Apr 22 23:46:28 UTC 2009 

(c/o KM)

When the FBI Raids a Data Center: A Rare Danger

By Robert Lemos

http://www.cio.com/article/490340/When_the_FBI_Raids_a_Data_Center_A_Rare_Danger

Wed, April 22, 2009 — CIO — As part of coordinated raids in early  
April, FBI agents seized computers from a data center at 2323 Bryan  
Street in Dallas, Texas, attempting to gather evidence in an ongoing  
investigation of two men and their various companies accused of  
defrauding AT&T and Verizon for more than $6 million.

The FBI's target in the data center raid—one of five seizures  
conducted that day—is simply listed as Cabinet 24.02.900 in the  
affidavit and search warrant.

Cabinet 24.02.900 allegedly held the computers and data used to serve  
voice-over-IP clients for the companies at the center of the case.  
Yet, it was also home to the digital presence of dozens of other  
businesses, according to press reports. To LiquidMotors, a company  
that provides inventory management to car dealers, the servers held  
its client data and hosted its managed inventory services. The FBI  
seizure of the servers in the data center rack effectively shut down  
the company, which filed a lawsuit against the FBI the same day to get  
the data back.

"Although the search warrant was not issued for the purpose of seizing  
property belonging to Liquid Motors, the FBI seized all of the servers  
and backup tapes belonging to Liquid Motors, Inc.," the company stated  
in its court filing. "Since the FBI seized its computer equipment  
earlier today, Liquid Motors has been unable to operate its business."

The court denied the company's attempt to get its data back, but the  
FBI offered to copy the data to blank tapes to help the company  
restart its services, according to a report in Wired.

The incident has worried IT managers, especially those with a stake in  
cloud computing, where a company's data could be co-mingled with other  
businesses' data on a collection of servers.

"The issue, I think, is one of how search and seizure laws are being  
interpreted for assets hosted in third-party facilities," James  
Urquhart, manager of Cisco Systems' Data Center 3.0 strategy, said in  
a recent blog post. "If the court upholds that servers can be seized  
despite no direct warrants being served on the owners of those servers— 
or the owners of the software and data housed on those servers—then  
imagine what that means for hosting your business in a cloud shared by  
thousands or millions of other users."

Yet, a careful reading of the case suggest that such issues are  
unlikely, says attorney and former Department of Justice prosecutor  
James M. Aquilina, who argues that the FBI and the judges took the  
correct actions.

"Probable cause to search is probable cause to search," says Aquilina,  
who is the executive managing director and deputy general counsel for  
Stroz Friedberg, a digital forensics and intellectual property  
advisory firm. "That being said, federal law enforcement agents,  
prosecutors, and magistrate judges alike remain sensitive to the  
realities of co-mingled data encountered at hosting providers."

Typically, judges and law enforcement agents will attempt to work with  
co-location and data center providers to hone a search to specific  
data, he says. However, two factors in the current case changed that  
policy. Most importantly, the co-location firm was a suspect in the  
case. In addition, the firm's owner had stated that it "was  
transitioning from the service provider business to the Venture  
Capital business and they only had a handful of telecommunications  
customers," according to the FBI's affidavit. Such an assertion could  
make a judge less likely to limit a search and seizure, says Aquilina.

Such determinations will become more difficult as virtualization  
technologies and cloud computing become more prevalent, says Scott  
Gode, vice president of product management for Azaleos, a managed  
service provider for Microsoft services. Virtual machines and nebulous  
temporal instances of applications divorced from physical machines  
could turn law enforcement's job into a game of whack-a-mole, he says.  
Even today's state of partial progress toward cloud computing, with  
dedicated machines running multi-tenant applications could still lead  
to massive collateral damage, if the company operating the data center  
is considered a suspect, Gode says.

"Even with that dedicated box, there are tons of shared components  
within the data center," he says. "For a SAN storage unit, there is  
still a lot of caching devices, a lot of those are used ubiquitously  
by other components in the data center."

Yet for the most part, larger companies contracting with larger  
providers are not the ones at the most risk, Gode says. Such firms  
usually will usually not be hosted alongside fly-by-night firms and  
will likely get more consideration from law enforcement. Smaller firms  
are the ones that more often cut costs and corners, making them more  
likely to use an unknown service provider and more ready to consider  
cloud computing as a solution, he says.

"They are the ones who will take those risks," Gode says. "They will  
take those risks around power, they will take those risks around  
security and they will take those risks around FBI seizure, because  
otherwise, it costs them money."

More information about the Infowarrior mailing list