Instapaper Servers Seized in Unrelated FBI Raid

| News

Instapaper SeizedInstapaper, LLC said in a blog post Thursday that a server the company leased was confiscated by the FBI in a raid that had nothing to do with the bookmarking save-it-for-reading-later service. Company founder Marco Arment said that the server his firm leased from DigitalOne was seized by the FBI without a warrant, as part of a raid targeting another customer of the Swiss hosting service.

Instapaper is a popular service that can be used through most Web browsers, but the company also has a successful iOS app and a popular following amongst iPhone and iPad users. With Instapaper, users can mark Web content for later and even offline viewing, in the case of its iOS app.

Mr. Arment said the server was a MySQL replication saver that was only used to handle read-only queries to speed up the company’s service.

“Instapaper suffered no downtime as a result of its theft and no data has been lost, but site performance has been slower without it,” Mr. Arment wrote.

According to the FBI itself, the raid was conducted as part of an investigation into an “international cyber crime ring distributing scareware.” While the recent Mac Defender (and its variants) was not named, it falls under definition the FBI offered for the term scareware.

“Scareware is malicious software that poses as legitimate computer security software and purports to detect a variety of threats on the affected computer that do not actually exist,” the FBI said in a statement announcing the raid. “Users are then informed they must purchase what they are told is anti-virus software in order to repair their computers. The users are then barraged with aggressive and disruptive notifications until they supply their credit card number and pay for the worthless “anti-virus” product. The product is, in fact, fake.”

What does Instapaper have to do with scareware? Nothing. The problem is that though the FBI was given an I.P. address that matched the server(s) in the warrant, the federal law enforcement agency’s raiders took two or more entire server racks, each containing a multitude of blade servers belonging to “tens of clients” not named in the warrant or targeted in the investigation, according DigitalOne CEO Sergej Ostroumow.

“This problem is caused by the F.B.I., not our company,” he told The New York Times. “In the night F.B.I. has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.”

It’s the fact that the FBI seized property, servers in this case, for which it had no warrant that prompted Instapaper founder Marco Arment to say that the agency stole his server.

He said that as part of the theft, the FBI now had a copy of the entire Instapaper database, which includes users’ bookmarks and e-mail addresses. He said that the database also included passwords, but that they were, “only salted SHA-1 hashes of passwords, so those are relatively safe.”

Thanks to The Loop for the heads up on the Instapaper blog post.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

vpndev

Has anyone seen a copy of the warrant(s) used for the raid? Was the problem that the FBI took “too much stuff” or that the warrants were not sufficiently specific?

I would not be surprised either way.

Does anyone have facts?

Bosco (Brad Hutchings)

Good on Marco for calling it exactly what it is. And bad on the FBI for turning this into a military operation and a botched seizure. Nothing would have been hurt by taking a couple days to investigate the relationship the hosting company had with a particular customer and taking that customer offline without disturbing other customers.

There are many organizations that are just wetting their pants for the right client to sue the government over such blatant disregard for civil rights of innocent bystanders. I hope Marco will seize the opportunity. It sounds like he’s pissed off enough to consider it.

vpndev

I hope he does. Not many have standing so the Court won’t pay attention but if his server is affected then he can do it.

zewazir

From the article, it sounds like the FBI agents didn’t know a server rack from a Pepsi dispenser and simply decided to take everything that looked computer-like. Also, from the article, the warrant named servers with specific IP numbers.  If they took anything else, it was outside the parameters of the warrant.  Every client leasing servers from Digital One whose servers were not included in the warrant need to sue the shorts off the FBI and every agent individually and collectively involved in the raid. It’s getting down right scary how much authority our federal level LEA are willing to usurp these days.

ibuck

While it’s strange to agree with Bosco, law enforcement essentially steals your business when they seize servers or other computing equipment.

To me this is like closing an entire strip mall because a shop in the middle is alleged to be committing a crime, like drug-dealing.

Unless a crime is ongoing, can’t such equipment have their contents copied for evidence and the equipment returned within 24 hours? Minus the offending software?

daemon

One physical server can serve multiple websites and can have a different IP address for each website that is on that server.

I guess that the problem is that the warrant gave the FBI the right to seize any hardware that the websites were on, and that is the root of the problem.

geoduck

And this is why I don’t trust my essential data to the cloud (iCloud or otherwise). If the RCMP seizes my stuff it will be because they want MY stuff on MY system, in MY house. This isn’t the first example of ‘collateral damage’ from a warrant.

vpndev

I guess that the problem is that the warrant gave the FBI the right to seize any hardware that the websites were on, and that is the root of the problem.

That’s not an unreasonable guess. But it’s only a guess. Which is why my earlier post asked if anyone had a copy of the warrant.

I do not think that the warrant should have given FBI the right to seize any-and-all equipment they came across. Maybe it did but I wouldn’t think so. But of course this also is a guess.

It appears that many servers for unrelated websites and with different IPs were seized, along with the equipment whose seizure was authorized. I hope that someone who has standing has his/her lawyer in Court today with a show-cause motion.

vpndev

Oh - again just a guess but I suspect that the FBI folks just pulled the plug on the racks and rolled them away.

Sorry ‘bout that expensive UPS they were plugged in to. No help in this scenario. Probably “too bad” about your network cables, too.

Again, just a guess.

Bosco (Brad Hutchings)

@geo: If they come to conduct a paramilitary style raid on your house, chances are they will shoot your dogs, errrrr, ducks.

Watch this. It’s a great overview from a kick-ass Toronto-based musician.

Log-in to comment