Feds raid room, confiscate student's computers

FBI search student's dorm room and take his computers after he pokes around New York baseball team's defaced Web site

Law enforcement officials hunting for the vandal responsible for the 27 October defacement of the New York Yankees' Web site searched a computer science student's dorm room on Saturday and removed three computers.

"I have not been charged yet, nor do I fear I will be," said Andres Salomon, a computer science student at Rensselaer Polytechnic Institute in Troy, New York, in comments posted to the Web on Tuesday. More than anything else, Salomon worried about when he would see his computers again.

The investigators -- made up of agents from the Albany and New York City offices of the FBI -- removed the student's three computers, two technical books, and various notes from his dorm room.

The FBI has not charged Salomon with any crime and is pursuing several parallel leads, said Joe Valiquette, spokesman for the FBI's New York City office.

Last Friday morning, a vandal or group of vandals posted a fake Web page to greet visitors to Yankees.com -- the day after the Bronx Bombers had won yet another World Series championship.

The page sported "a rather amusing picture and a 'Yankees suck!' banner", said Salomon in his statement.

Salomon said he'd visited the defaced Yankees site after he had learned about it from a friend online on Friday morning. With no classes on Friday, the student had started working on homework, programmed, and chatted with friends on the Internet.

The topic of the day, of course, was the Microsoft hack. Yet, when a friend pointed out that two news reports had mentioned the defacement of the Yankees' official Web site, Salomon checked it out.

Curious as to how the defacement had happened, Salomon said he poked around the Web site, analysed its security, and discovered that the Web site seemingly had its domain name server address forged. Those actions earned him the suspicion of the FBI, said Bruce Adams, director of media relations for the college.

"When you do that [investigating], it would be sort of like walking into a crime screen and seeing what you could find out," he said. "They are obviously going to come and ask what you were doing there."

On Saturday afternoon, a team of agents used a key to let themselves into Salomon's dorm room, waking him up after a long night of playing computer games with his friends.

The FBI had a warrant to search Salomon's room and access RPI's server logs for data.

"They had a warrant for computer records. We had no choice," said RPI's Adams. "That's the only way to protect the students... is to cooperate with law enforcement."

Public safety officers from the school were also present. "Overall, they were pretty nice," said Salomon of the agents, who took him to the dorm lounge and started questioning him about his actions the day before.

Following that, the agents removed the computers and notes, allowing Salomon to identify any papers that he needed for class.

However, the student wanted to warn others of the ease with which law enforcement can confiscate equipment suspected of being used in a computer crime, so he posted his account and notified open source forum Slashdot.org.

"The FBI can arrive at your doorstep, with every intent of taking your precious data, and not returning it for a long time," he wrote.

To a large degree, he is right, said Matthew Yarbrough, a former Department of Justice attorney and special Internet counsel at the Dallas law firm of Vinson & Elkins. "It takes a while [to do forensics], and it's only getting worse," he said. When Yarbrough helped to prosecute the Global Hell cybergang, the FBI computer analysis response teams had a backlog of a year.

"They don't have the money. They don't have the resources," he said. "And even when they get the people, it take two years to train them."

If Salomon is deemed innocent and the FBI decides to mirror his data on its own hard drives, the student may see his computers within the next six months. Most likely, however, it will take a lot longer than that.

"It's the difference between the real world and the cyberworld," said Yarbrough. "Even if a forensic examiner images the machine, an agent has to go through the files before they make a determination of whether to give the machines back."

Take me to Hackers

To have your say online click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.