-3

How does the US Federal Government shut down a website?

Stated differently, from a technical (not legal) standpoint, when you visit a website that displays a federal notice stating that the government has "shut down this website," how do they replace the original website content with their "shutdown notice" content?

Do they confiscate the domain directly from the registrar?

Do they call up ICANN and/or the United States Department of Commerce and ask them to "poison" the Root DNS servers for them?

Do they call up your hosting provider and ask if they can upload a new index.html and maybe an a cool new gif or jpeg or pngfile -- oh and by the way, change the sysop's password while your at it?

OPED: If serverfault isn't the right place for this question, then where is the right place? It seems to me that anyone who runs a web/mail/dns/* server should be interested in this question.

Jeff
  • 1,416
  • 3
  • 28
  • 50
  • Different agencies use different methods, I believe.. what kind of shutdown are you referring to? – Shane Madden Aug 16 '13 at 00:16
  • Different federal agencies shut down websites differently? I'm referring to your standard everyday FBI-megaupload-shutdown. – Jeff Aug 16 '13 at 00:26
  • 1
    @Jeff In the specific case of `megaupload.com` the domain was [seized by the US DOJ for copyright violation](http://www.wired.com/threatlevel/2012/01/megaupload-indicted-shuttered). As `.com` is still under US jurisdiction (Ohai Verisign) my understanding is that this was not legally "difficult" (though at the time I believe it was precedent setting -- that's really a question for an attorney or legal scholar though). – voretaq7 Aug 16 '13 at 01:14

2 Answers2

3

The "technical" side of the answer is pretty simple: "The ISP rips the effing plug out when they receive a {polite request, court order, national security letter} telling them to do so".

"rips the effing plugs out" can take a number of forms -- Disabling DNS (at the registrar level - ala DOJ Domain Seizure - or by an order to your DNS provider), instructing the ISP (or their upstreams) to refuse to route your traffic, or even physically removing power, network, or both from the affected equipment, etc.... -- There are a very large number of options.
What they usually have in common is some kind of government order issued to a provider -- the US government itself does not engage in "cyber warfare" to knock sites off the internet (at least not that they're publicly advertising - tinfoil hats notwithstanding).

Having been on the "rips the effing plugs out" side, I can tell you that - at least for a US company operating within the jurisdiction of the US government - even an ISP with a pretty high standard of integrity and a sense of duty to its customers will respond to a duly constituted order with great alacrity. It's preferable to sacrifice one client rather than having the whole ISP pulled from the network when the government goes after your upstreams.

voretaq7
  • 79,879
  • 17
  • 130
  • 214
  • 1
    For foreign sites with no US component (i.e. domain registered outside the US, hosting & transit from non-US providers, etc.) the legal end involves requests to the foreign governments ; Theoretically if foreign governments were "uncooperative" the US government could issue polite requests, court orders, or NSLs to US backbone providers requiring them not to carry certain traffic. To my knowledge this has never been done - It would certainly break the internet, and the backlash would likely be *impressive*. – voretaq7 Aug 16 '13 at 01:08
  • Acknowledging that we could "what if" until the cows come home, what if the site being shut down was owned by the ISP who also ran their own DNS? Oh, and they also refuse to take down the site. The Feds will need to "hijack" something at some point, won't they? – Jeff Aug 16 '13 at 01:29
  • 2
    @Jeff They can seize domains at the registrar level with a court order. There's been some controversy over the methods that have been used in some cases - see http://www.aclu.org/blog/free-speech-national-security-technology-and-liberty/ice-domain-name-seizures-threaten-due – Shane Madden Aug 16 '13 at 02:00
2

This is usually accomplished via a subpoena and a warrant... That's all it's taken in some cases I've been involved with.

They can force an ISP to redirect DNS.

I've also had equipment (servers) confiscated...

ewwhite
  • 197,159
  • 92
  • 443
  • 809