Instapaper Servers Seized in Unrelated FBI Raid

Instapaper SeizedInstapaper, LLC said in a blog post Thursday that a server the company leased was confiscated by the FBI in a raid that had nothing to do with the bookmarking save-it-for-reading-later service. Company founder Marco Arment said that the server his firm leased from DigitalOne was seized by the FBI without a warrant, as part of a raid targeting another customer of the Swiss hosting service.

Instapaper is a popular service that can be used through most Web browsers, but the company also has a successful iOS app and a popular following amongst iPhone and iPad users. With Instapaper, users can mark Web content for later and even offline viewing, in the case of its iOS app.

Mr. Arment said the server was a MySQL replication saver that was only used to handle read-only queries to speed up the company’s service.

“Instapaper suffered no downtime as a result of its theft and no data has been lost, but site performance has been slower without it,” Mr. Arment wrote.

According to the FBI itself, the raid was conducted as part of an investigation into an “international cyber crime ring distributing scareware.” While the recent Mac Defender (and its variants) was not named, it falls under definition the FBI offered for the term scareware.

“Scareware is malicious software that poses as legitimate computer security software and purports to detect a variety of threats on the affected computer that do not actually exist,” the FBI said in a statement announcing the raid. “Users are then informed they must purchase what they are told is anti-virus software in order to repair their computers. The users are then barraged with aggressive and disruptive notifications until they supply their credit card number and pay for the worthless “anti-virus” product. The product is, in fact, fake.”

What does Instapaper have to do with scareware? Nothing. The problem is that though the FBI was given an I.P. address that matched the server(s) in the warrant, the federal law enforcement agency’s raiders took two or more entire server racks, each containing a multitude of blade servers belonging to “tens of clients” not named in the warrant or targeted in the investigation, according DigitalOne CEO Sergej Ostroumow.

“This problem is caused by the F.B.I., not our company,” he told The New York Times. “In the night F.B.I. has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.”

It’s the fact that the FBI seized property, servers in this case, for which it had no warrant that prompted Instapaper founder Marco Arment to say that the agency stole his server.

He said that as part of the theft, the FBI now had a copy of the entire Instapaper database, which includes users’ bookmarks and e-mail addresses. He said that the database also included passwords, but that they were, “only salted SHA-1 hashes of passwords, so those are relatively safe.”

Thanks to The Loop for the heads up on the Instapaper blog post.