DreamHost comes under attack as FBI granted access to files
Seven-hour DDoS attack caused severe disruption to the hosting service
American hosting company DreamHost came under a severe and sustained DDoS attack last night, on the same day that a court granted the FBI access partial access to the company's records.
DreamHost has been locked in a legal battle with the FBI, after it accused the law enforcement agency of over-stretching in gathering data on visitors to a website used to organise a protest against US president Donald Trump on his inauguration, which the US Department of Justice (DoJ) claims turned into a riot.
Yesterday, the company hailed a "huge success", when a judge in Washington DC significantly restricted the terms of the warrant for data collection.
The hosting provider refused the initial request by the DoJ, which it said would have given the investigators access to information on all 1.3 million people who had ever visited the site, including those who had gone there well after the protest took place, even though it was only specifically looking at one customer amid that million.
"This is, in our opinion, a strong example of investigatory overreach and a clear abuse of government authority," the company said in a blog post at the time.
This week, however, there have been a number of changes to the DoJ's stance, particularly that the law enforcement agency has narrowed the scope of its demand for data.
In its ammended request document, filed on Tuesday evening, the DoJ said: "(l) DreamHost should only provide content and transactional information for the time period from July 1, 2016, though and including January 20,2017, which covers the time frame described in the Warrant, Affidavit, the date when the site was purchased, and the public statements made by organizers of DisruptJ20 regarding the timing of the organization and planning (Ex. 3 at l.a.); (2) DreamHost should not disclose the contents of unpublished draft publications, including images and their metadata (Ex.3 at I.e.); and (3) DreamHost should not disclose records that constitute HTTP request and error logs."
DreamHost welcomed this move, stating: "We see this as a huge win for internet privacy, and we absolutely appreciate the DoJ's willingness to look at and reconsider both the scope and the depth of their original request for records."
Nevertheless, it moved forward with the appeal to the court in DC, where it claimed the information requested by the DoJ is covered by the First and Fourth Amendments (the right to free speech and the prohibition of unreasonable seizures and searches, respectively). The Judge agreed at least in part and further narrowed the scope of the warrant, although it wasn't thrown out all together.
In a blog post, the company said: "We're pleased that the court further limited the government's access to this data today. Judge Morin confirmed the validity of the Department of Justice's amended request, with some changes, and he is enforcing the DOJ's motion to compel.
"The de-scoping of the original warrant, combined with the court's additional restrictions on the use of, and access to, that data, is a clear victory for user privacy ... If we had simply remained silent and handed over the data at the first sign of a warrant, investigators would today be sitting on a pile of information that could be used to track down and identify tens of thousands of individual web users who are themselves accused of no crime but would have found their personal browsing habits included and associated with this investigation."
It added: "As a result of our challenge, the DOJ ended up severely restricting the scope of data which was included in their original records request, effectively preventing them from fishing for evidence in a sea of unfiltered data extracted from our servers. This is an enormous privacy win for all internet users and for any service providers that host user-generated content online."
However, not long after, the company was hit with a DDoS attack that caused severe disruption and lasted around seven hours. It seems, however, that the timing may be a coincidence, with many on Twitter linking the attack to the fact DreamHost had also became the latest host for Neo-Nazi site The Daily Stormer shortly before the onslaught began. IT Pro has contacted DreamHost to ask if it knows the provenance of the attack, but hadn't received a response ath the time of publication.
16/08/2017: DreamHost refuses to comply with DoJ IP request
American web hosting provider DreamHost is refusing to hand over the IP addresses of 1.3 million of its users who visited a site used to organise a protest against the inauguration of US president Donald Trump.
The organisation claims that when it was first approached by the DoJ, it asked why the request was so broad. Rather than explain to DreamHost, it filed a motion in court seeking to compel the organisation to hand over the data a motion it's currently resisting.
In addition to the IP addresses, the DoJ's request also covers the contact details, email content and photos of thousands of people who were at the event, according to DreamHost.
In its filing with the Superior Court of the District of Columbia, the DoJ said: "The website was used in the development, planning, advertisement and organisation of a violent riot that occurred in Washington DC on January 20, 2017."
However, the department initially told DreamHost it just wants the details of one of the company's customers who used its disruptj20.org site, but hasn't explained why it's taking such a broad, dragnet approach in order to secure this information.
DreamHost has now been called to a hearing on 18 August, where it will need to explain why it won't hand over the data.
In a blog post, the company said that although it has previously complied with DoJ requests, the "highly untargeted" nature of this new demand has raised concerns.
"This is, in our opinion, a strong example of investigatory overreach and a clear abuse of government authority," DreamHost said. "As we do in all such cases where the improper collection of data is concerned, we challenged the Department of Justice on its warrant and attempted to quash its demands for this information through reason, logic, and legal process."
The Electronic Frontier Foundation supported DreamHost's position, saying the DoJ's request was uncalled for. "No plausible explanation exists for a search warrant of this breadth, other than to cast a digital dragnet as broadly as possible," it told the BBC.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now