There was talk of this being an elaborate hoax since the beginning including mentions of 4chan. Earlier today, commenter Elun B. summarizes some of the information:

What a con game! None of these are ICE seizures. They are all fake sites put up to mimic (and not very well) the real ICE seizures. What’s the clues? All of these sites are hosted at carohosting, including the google analytics and piwik analytics that the creator wanted to track how well his viral news article was. Official seized sites are no more than a single 640×480 JPG (with no visitor tracking). Not knowing anything about the original site content of these fakes, perhaps the site owners are trying to bilk their subscribers and blame it on the Feds. For the real seizures (and for the con artists, the real graphic), visit: http://www.ice.gov/news/releases/1006/100630losangeles.htm

Another good source of information regarding the (il)legitimacy of the seizures can be found in the comments section of the slashdot post:

Well, it looks fishy to me. Here are the questionable elements.

(1) The domain registration information information still lists a private domain owner and and admin contact.

(2) The name servers ns1.torrent-finder.com and ns2.torrent-finder.com, as well as the torrent-finder.com ALL redirect to addresses in a private hosting company (74.81.170.108, .109 and .110 respectively), physically in Charlotte, NC. The picture you’re greeted with is served from one of the hosting company’s addresses.

(3) Whois reports the registrar to be Go Daddy, but the name servers ns1 and ns2.seizedservers.com whose IP addresses aremanaged by a private company called “wild west domains”.

(4) The “seizedservers.com” domain is controlled by a company called “immixGroup IT solutions”. The registrar is network solutions and the registrant is using network solution’s privacy service to block his contact identity.

Notice what is missing here: any reference to a government controlled host, domain or name controller. All we have is a set of privately procured and managed name and web servers with anonymous administrative contacts. There is literally *nothing* to connect the picture you are seeing at the torrent-finders.com website to DHS, other than the picture’s *claim*.

A little googling shows this exact same picture shows up in similar “DHS seizure” cases, with the exact same pattern of private servers and domains leading back to some anonymity service and NO government ip addresses, domains or contacts involved, although the *private* domains and servers involved are different. If this were a DHS seizure program, wouldn’t the trail lead back to the same government contacts?

It looks to me like this is either a hoax or a case of private hijacking by a private individual or group who uses different domains and accounts to cover his tracks.

previously:
NYTimes Piece On The DHS/ICE Domain Seizures Does Not Offer Any New Significant Information
Department of Homeland Security Seizes Popular Rap File-Sharing Sites, OnSmash, Dajaz1, RapGodfathers

update:

After some discussion it is seeming less likely the seizures were a hoax. And now Techcrunch has pointed out that the affected sites could easily follow Torrent-Finder’s lead and re-register with a non US Government controlled domain, like .info, to get back online.

While the graphic is pretty scary, Market Ticker’s Karl Denninger points out the websites themselves and the servers they run on have not actually been seized, just the domains.

“That’s a lot of staff attorney time and trouble to get a big fat nothing out of it, which is exactly what they get going down this road. Why? Because all they can do is redirect the domain pointers which will do exactly nothing when the sites re-register under a top-level domain not under the US Government’s jurisdiction – and there are lots of them.”

Domains under US jurisdiction currently include anything controlled by Verisign which puts .com site owners in a legal relationship with the United States. According to Denninger, all afflicted site owners need to do is move to a non-US controlled top level domain in order to dodge further ICE seizures.



  1. [...] Even though this story was played high in the NYT and elsewhere, I’d advise you read this info on a hackers site suggesting we are witnessing an elaborate hoax. function change_color(input, [...]

  2. evl (Reply) on Nov 27, 2010

    wildwestdomains is a subsidiary of godaddy.

  3. Gismo (Reply) on Nov 28, 2010

    It’s been verified some of these sites were GoDaddy. Doesn’t fit your narrative.

  4. Dan Grossman (Reply) on Nov 28, 2010

    Wild West Domains is the company GoDaddy uses to provide WHOIS privacy for a couple bucks.

  5. rafi (Reply) on Nov 28, 2010

    just in case you missed this link via the same slashdot post… http://www.immixgroup.com/news/pr_display.cfm?ID=117

    immix is private company contracted by dept of homeland security. i kind of assumed that when reading the guy’s comment but there’s some evidence for it.

  6. John (Reply) on Nov 28, 2010

    Fortunately these were just sites dealing with sharing rap music, so nothing of importance was lost.

  7. bd (Reply) on Nov 28, 2010

    Wild West Domains is GoDaddy’s former DBA name. So that’s legit, insofar as the claimed registrar being GoDaddy.

  8. [...] and Trademark Violations” – UPDATE: although rumours are now abound that it might be a hoax). When the idea was first mooted, many arguments (how would they search for the items, would this [...]

  9. InternetIdiot (Reply) on Nov 28, 2010

    They probably made up the interview with ICE where spokeswoman Cori W. Bassett confirmed DHS/ICE involvement in the takedown, too:

    “ICE office of Homeland Security Investigations executed court-ordered seizure warrants against a number of domain names,” said Cori W. Bassett, a spokeswoman for ICE, in a statement. “As this is an ongoing investigation, there are no additional details available at this time.”

    http://www.nytimes.com/2010/11/27/technology/27torrent.html
    More official statements from ICE on previous domain seizures: http://www.ice.gov/news/releases/1006/100630losangeles.htm

  10. [...] Domain Name Seizures Potentially An Elaborate Hoax (grandgood.com) [...]

  11. donnaldj (Reply) on Nov 29, 2010

    Seems the op’s post.. describes “someone playing a tag video-game with government systems.. along a wavy-path riddled with intentional holes, logs, and boulders”…