Last week, all public schools in Los Angeles were closed for a day due to a hoax bomb threat. Now, the administrator of Cock.li, the meme email service used to send that threat, says a hard-drive from one of his servers has been seized by German authorities.
"It's raining dicks," Vincent Canfield, a Linux system administrator who runs Cock.li told Motherboard in an encrypted chat. Canfield posted a series of tweets earlier today, starting with the ominous "uh oh," before elaborating on what had happened.
"The server went down, came back up for a bit with a different SSH fingerprint (meaning it was probably a different device claiming the IP address), then went back back down for a bit," he continued.
Cock.li launched in late 2013, and has since garnered over 28,000 registered accounts under its namesake domain (there are over 60,000 registered email accounts in all when counting Canfield's other domains). Due to its name, the service naturally attracts an array of pranksters and trolls.
Indeed, that is probably the reason a Cock.li email address was used to send hoax bomb threats to schools in Los Angeles, as well as New York City. Officials in New York decided not to close schools in the district.
This move on his server was "presumably" due to the bomb threat, Canfield said. After the weird activity with his service earlier today, Canfield said it came back online with only one hard-drive, presumably meaning that the other had been seized.
Canfield then contacted Hetzner—his service provider, which has data centres in Germany—who told him, "We have a confiscation order for the disks of your server, but we were allowed to leave one of them installed, due to the fact that you have a Raid1 setup."
RAID1 is a method for redundant data storage where data is written to two hard-drives simultaneously, and is intended to minimize the chance of data being lost if one of the hard drives fails.
Canfield said he hasn't heard anything from law enforcement yet, but has retained the services of lawyer Jesselyn Radack. When asked if he would cooperate with any requests, Canfield said "at this point they don't need my cooperation! They literally have the SSL private keys of cock.li and all mail content."
In other words, the authorities could theoretically access the contents of all emails sent and received by Cock.li's users and other information stored on the seized hard-drive.
This certainly wouldn't be the first time that the authorities have sought data from Cock.li. Since November, Canfield has received four subpoenas for user information, including IP addresses.
The FBI, which is investigating the bomb hoax, did not immediately reply to a request for comment.