I'd say that if they believed he were actively complicit or would do something to hinder the investigation, they would have been more aggressive, possibly went after machines in his home as well. Of course, if I'm right with this assumption, why didn't they contact him, but went directly for the server via the hoster. (I'm actually not sure how the law works with regards to seizing data vs seizing the (probably provider-owned) media it is on)
Also, I guess the "just take one of the RAIDed disks" in this way is only possible if you run a server provided by a known hosting provider, were it isn't the first seizure for both police and provider. The provider knows how the servers are set up, law enforcement trusts that the provider just wants to get everything done as quickly as possible.
My thoughts exactly. His reputation of cooperation might have helped him out here. Nice of them to leave enough stuff to keep the service online. Many small-time operators hit by FBI over here aren't so lucky. They'll take down a whole colo worth of clients sometimes.
"We have a confiscation order for the disks of your server, but we were allowed to leave one of them installed, due to the fact that you have a Raid1 setup."
I'm very sure he does. It's been explained thoroughly.
> Cock.li was reportedly used last week to send a bogus bomb threat e-mail from "madbomber@cock.li"
Of course they are going to take records (and from the files of how very unlike-the-US-can-the-germans-be) leaving the system running and intact. If you didn't read the US news about the trouble it caused, go back to skimming headlines.
RIP in peace
Actually, that'd be a good research project: setup and host such a service in as many countries as possible, wait as they get shutdown (+6 points)/subpoenaed (+3)/ddosed (+1) and make a map.
If the only people who care about users and practice active disclosure of subpoenas are people with low-brow humor, so be it, I'll continue to support them.
E:
Also a quick note there is a bit of misinformation floating around. He doesn't own many of the domains, he just runs the mailservers for them.
It's the equivalent of German seizing private mail from EVERYONE that uses the hypothetical Cock Postal Service because one individual used that same service in the US to make a threat.
This is ridiculous. Outright abuse of power and invasion of privacy. Yet another reason to encrypt everything.
My guess is that the fact this guy ran the operation from his bedroom, and they weren't sure whether he would co-operate or not, was the reason they seized the disk rather than just subpoena him. Presumably if it was hotmail or gmail this wouldn't have happened.
I think it's good that this scumbag cocksucker is going to get his commuppence (I'm talking about the idiot who sent the email, not the guy who runs the cock email service). He's obviously a bit of an idiot to use an email service that says "will report any illegal activity to the relevant authorities" rather than one that is actually properly encrypted (if such a beast even exists at the moment -- they seem to all get DDoSed out of existence by China or similar pretty quickly).
Is this somehow supposed to be acceptable? "We weren't sure you would come down to the station and answer some questions, so we arrested you (without charge) and held you for a day."
The fellow running the service ran it on a German hosting service (https://www.hetzner.de), and not his bedroom. Full cooperation was provided by everyone, following in the letter and spirit of the law.
It just really sucks that the German authorities took it upon themselves to take the entire thing.
Much more efficient than DDoS attacks.
Simply find a way to make the domain seem suspicious.
