Dangerous Ruling: Judge Lets Microsoft Seize & Redirect No-IP Domains Without Notice

from the breaking-the-internet dept

Microsoft posted a somewhat self-congratulatory blog post yesterday about how it was taking on a "global cybercrime epidemic" and effectively targeting systems used by malware. Of course, part of the details were that Microsoft totally misrepresented the nature of No-IP and how dynamic DNS solutions work. No-IP's parent company, Vitalwerks Solutions, was painted by Microsoft as being something of an accomplice to the malware epidemic, allowing Microsoft to convince a judge to seize a bunch of very popular No-IP domains without any notice or immediate recourse. Microsoft claims that it's just stopping malware, but the collateral damage from grabbing those domains is immense. According to No-IP:
Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.

We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.
As No-IP further notes, Microsoft could have easily contacted them, and the company would have taken action:
Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.

Vitalwerks and No­-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-­IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one.
Except, instead, it appears that Microsoft went to court (secretly, without telling Vitalwerks/No-IP) and convinced the judge that the company itself was violating the law. And the court bought it:
There is good cause to believe that, unless the Defendant Vitalwerks is restrained and enjoined by Order of this Court, immediate and irreparable harm will result from its ongoing violations the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125) and the common law of negligence. The evidence set forth in Microsoft’s TRO Motion, and the accompanying declarations and exhibits, demonstrate that Microsoft is likely to prevail on its claim that this Defendant has engaged in violations of the foregoing laws through one or more of the following:
a. Leasing to Malware Defendants No-IP sub-domains containing Microsoft’s protected marks; and
b. Negligently enabling Malware Defendants to participate in illegal acts, and failing to take sufficiently corrective action to stop and prevent the abuse of its services, all of which harms Microsoft, Microsoft’s customers, and the general public.
Given the nature of the ex-parte (without Vitalwerks being able to present its side of the story) proceedings, Microsoft was able to paint the fact that a platform provider (which has a full anti-abuse program), was somehow liable for actions of its users. This flies in the face of a variety of laws and caselaw on secondary liability, which protect the service provider from being held liable for abusive behavior by its users. Yet here, not only did the court ignore all of that, it simply flat out handed over to Microsoft a whole bunch of No-IP's domains (which, clearly, Microsoft was unable to handle), bringing down a big chunk of the web that relied on No-IP's dynamic DNS services.

This seems like a tremendously dangerous move for the internet in a variety of ways. Microsoft needs to take some of the blame. Even if its goal was to stop malware proliferation, there are better ways to do that than to falsely blame No-IP, and to misleadingly represent the service to the court, allowing the domains to be seized and rerouted.




Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybercrime, cybersecurity, domain seizure, dynamic dns, ex parte, takedown
Companies: microsoft, no-ip, vitalwerks


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    pegr, 1 Jul 2014 @ 10:04am

    But this is Microsoft!

    Misrepresenting to a court of law is what they do best!

    link to this | view in thread ]

  2. identicon
    Michael, 1 Jul 2014 @ 10:06am

    Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware

    Ok, now I know that Massachusetts SWAT teams have been privatized, but who deputized Microsoft for stopping malware?

    link to this | view in thread ]

  3. icon
    Jay (profile), 1 Jul 2014 @ 10:12am

    Not buying it...

    I'm not buying Microsoft's excuses...

    This seems to go in a line of Microsoft trying to attempt corporate sabotage of either a competitor or smaller business.

    Seriously, how long has it been since their last goof up of epic proportions where they will raid people's emails for things they want?

    This falls in line with that exact view of the world. Next thing you know, they're going to announce their own private army of Pinkertons made up of retired law enforcement agents who will fight cybercrime.

    link to this | view in thread ]

  4. icon
    Mason Wheeler (profile), 1 Jul 2014 @ 10:27am

    Re: But this is Microsoft!

    So does this count as perjury or as fraud upon the court? Either way, they need to get hit with some serious charges for pulling a stunt like that.

    Wow. Every time it looks like Microsoft's starting to shape up their act,they go and show their true colors again...

    link to this | view in thread ]

  5. identicon
    Adrian Lopez, 1 Jul 2014 @ 10:40am

    Overreach

    What exactly gives Microsoft standing to seek removal of any of the domains listed in the appendix? Most of them don't mention Microsoft or any of its trademarks, and those that do only do so as part of the hostname, which isn't really a form of Cybersquatting.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 1 Jul 2014 @ 10:45am

    Try this microsoft...

    How about fixing your broken OS first, before knocking out millions of people's dynamic domains for no reason?

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 1 Jul 2014 @ 10:48am

    so how about No-IP now taking Microsoft to court to get this shit sorted out? hopefully, Microsoft will get a severe dressing down and a huge fine for doing this in the first place. it may be a different story with the real malware sites but a genuine company to not be given the chance to state it's side and explain what it does/doesn't do is extremely bad! the judge in this case also deserves a severe dressing down too! the first question asked should have been 'have the other sides concerned been contacted?' disgraceful way for Microsoft to behave and the judge too. far too much of this going to court and asking a judge to do something, out of hand, without getting both sides of the argument!

    link to this | view in thread ]

  8. identicon
    Adrian Lopez, 1 Jul 2014 @ 10:49am

    In rem

    Yet another example of why in rem seizures need to be done away with altogether. Property has owners. Want to seize the property? Argue against the owner in front of a judge. It's called due process.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 1 Jul 2014 @ 10:56am

    Re: Try this microsoft...

    This is exactly what I was thinking. If Microsoft fixed the OS such that the Malware couldn't execute, the C&C servers using No-IP domain names wouldn't have anything to control.

    MS can easily push out a patch to any OS that it has control of via Windows Update and avoid the collateral damage.

    I wonder if any legitimate users could file a civil suit against Microsoft for loss of business?

    link to this | view in thread ]

  10. icon
    Chris-Mouse (profile), 1 Jul 2014 @ 11:02am

    Can I do that?

    I've been having to fight off hundreds of malware attacks as a result of the company owning the IP range 64.4.0.0/16. Can I get a court to let me take over that range of IP numbers so as to put a stop to the malware?

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 1 Jul 2014 @ 11:03am

    Centralized DNS strikes again!

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 1 Jul 2014 @ 11:16am

    Re: Overreach

    What exactly gives Microsoft standing to seek removal of any of the domains listed in the appendix?
    Money. Dollar bills.

    link to this | view in thread ]

  13. identicon
    AC, 1 Jul 2014 @ 11:16am

    When a service gets screwed over by another company, there is legal recourse.

    When that same service gets screwed over by the legal system itself, what are they to do? The best case scenario is to appeal, and get a big fat 'Oops, sorry' thrown their way, but what about the collateral damage caused in the meantime?

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 1 Jul 2014 @ 11:21am

    Many have forgotten but Microsoft was initially pro-SOPA, too. In light of that, these sort of actions start to make sense, once you understand how Microsoft thinks about this stuff.

    link to this | view in thread ]

  15. icon
    Ninja (profile), 1 Jul 2014 @ 11:28am

    Re:

    That. Microshaft should be held accountable. And the judicial process that led to this bs scrutinized.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 1 Jul 2014 @ 11:28am

    Re: Overreach

    Microsoft considers anything that harms there software and services to be a violation of there rights for obvious reasons.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 1 Jul 2014 @ 11:37am

    conclusions

    Will I get microsoft.com if someone with a hotmail email address sends me SPAM?

    link to this | view in thread ]

  18. icon
    John Fenderson (profile), 1 Jul 2014 @ 11:42am

    Re: Re: But this is Microsoft!

    When did it look like Microsoft was starting to shape up their act?

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 1 Jul 2014 @ 12:21pm

    Seize Windows!

    "b. Negligently enabling Malware Defendants to participate in illegal acts, and failing to take sufficiently corrective action to stop and prevent the abuse"

    That would apply to plenty of Microsoft products as well. Who wants to seize Windows? For the common good, of course!

    link to this | view in thread ]

  20. identicon
    mcinsand, 1 Jul 2014 @ 12:26pm

    Either MS or the judge need to be held responsible!

    If MS isn't severely punished, then the judge needs to be held responsible for being so negligent that this got through his desk. Actually, the judge needs to be punished anyway, specifically for being so irresponsible.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 1 Jul 2014 @ 12:28pm

    Re: Not buying it...

    Don't give them any ideas.

    link to this | view in thread ]

  22. identicon
    Anonymous Anonymous Coward, 1 Jul 2014 @ 1:08pm

    Re: Re: Overreach

    Cause they are a really sensitive person.

    link to this | view in thread ]

  23. identicon
    Frans, 1 Jul 2014 @ 1:34pm

    Re: Either MS or the judge need to be held responsible!

    Does Microsoft pay for my damages? I am so happy I moved away from Windows into an Apple environment and hence away from MS. I will move now anything related to a US based server back to Europe as US based systems are utterly unreliable (Court Actions, spooks, you name it).

    link to this | view in thread ]

  24. identicon
    Jigsy, 1 Jul 2014 @ 1:47pm

    Who does Microsoft think they are, the City of London Police?

    link to this | view in thread ]

  25. icon
    Mason Wheeler (profile), 1 Jul 2014 @ 2:10pm

    Re: Re: Re: But this is Microsoft!

    A handful of things over the last several years make it look like they're at least trying to be less evil. Perhaps the most notable in recent memory would be Roslyn.

    link to this | view in thread ]

  26. identicon
    Frank Roger, 1 Jul 2014 @ 2:25pm

    What about skype users info?

    Microsoft itself commits the crime by forwarding skype users private information and chats to FBI and now they are claiming for domains? STFU Mr Bill Gates because first of all as they claimed malware is infecting windows so why is their operation system is that much low quality to be infected so easily? They are giving everything what ever they collect from their services to FBI even from xbox they have hired hackers in Microsoft to hack other companies to make them lose the game and they are calling others criminal and infectors? once again FU Mr Bill Microsoft. i can tell you a whole lecture and you will be able to prove me wrong you know why? Because you are already exposed and buying law with your money to make sure after you died your company can feed your grand children :D One day you will answer to GOD and you will be beaten like hell coz of your lies and everything you have done to the innocent peoples and if you think seizing no-ip can stop hackers or malwares then think again :D having a private DNS on your own domain is not hard and now you gave reason to the hackers to think about you and your company.

    link to this | view in thread ]

  27. identicon
    Anonymous, 1 Jul 2014 @ 2:43pm

    Well, in reviewing my firewall logs, I have noticed a number of invasion attempts from No-IP domains. Now if someone would also do something about this unassigned.psychz.net that keeps tring to get in...(not that it matters as I have a very good firewall set at the highest possible security level).

    link to this | view in thread ]

  28. identicon
    atouk, 1 Jul 2014 @ 3:20pm

    Does that mean that linux developers can have microsoft taken to court secretly if they can show that IIS servers are serving linux malware, and gain control of all servers running IIS?

    link to this | view in thread ]

  29. identicon
    JT, 1 Jul 2014 @ 4:01pm

    Why don't Microsoft build an OS that is "safe"... Very annoyed there was no notification!!

    link to this | view in thread ]

  30. icon
    Whatever (profile), 1 Jul 2014 @ 5:14pm

    Thumbs up

    I am on Microsoft's side here, not entirely, but enough that I can see the benefits outweighing the failings.

    Yes, for many legit users, the outage sucks. Did it suck any worse that the DDoS earlier in the week that took them out for a day or longer?

    The service has been shown to be a key tool for many of the malware distributors and botnets, which use these wonderful dynamic domains to keep their nets alive. One report I read shows that 25% or even more of the botnet and malware nets have been disrupted or taken down by this move.

    According to many of the reports this morning, No-IP was pretty much infested with malware providers. So I have to side with Microsoft here. A prolonged legal discussion would have been moot, as it would have given the malware distributors plenty of time to move to their next safe haven, using their command and control to move all of the bots to a new net. This sudden interruption may put a significant number of bot herders in a position where they have lost their herds, and for at least a period of time lost their ability to grow that herd.

    link to this | view in thread ]

  31. icon
    madasahatter (profile), 1 Jul 2014 @ 5:57pm

    Sue for damages

    No-ISP should sue M$ for a massive amount of money and file a RICO complaint with DOJ.

    link to this | view in thread ]

  32. identicon
    PM, 1 Jul 2014 @ 6:00pm

    Re: Thumbs up

    You have no ideia what your talking about. Of course action should be taken, but not on no-ip's back. Microsoft has no right to behave as if they were some sort of internet police. The say they are doing this to protect the users, yet they are harming millions of legit users and businesses who use no-ip domaints. What about all the malware and spam that gets sent everyday through hotmail and other MS services ?... Are you kidding me ?... Since when do we need a private company taking "justice" in their hands. If this sort of behavior is allowed it will soon mean the end of the free internet. FY MS.

    link to this | view in thread ]

  33. icon
    G Thompson (profile), 1 Jul 2014 @ 6:53pm

    So Microsoft is authorised both as an LEO & prosecutor in the USA?

    Well that makes a lot of things make more sense

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 1 Jul 2014 @ 7:15pm

    Re:

    "So Microsoft is authorised both as an LEO & prosecutor in the USA?"

    It's more efficient that way. Fewer middlemen.

    link to this | view in thread ]

  35. icon
    HegemonicDistortion (profile), 1 Jul 2014 @ 8:27pm

    "Microsoft now claims that it just wants to get us to clean up our act..."

    The irony, it burns!

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 1 Jul 2014 @ 9:47pm

    Re:

    If you are seeing *any* traffic at all your security level is *not* "set at the highest level".... there's a cord... the internet lives there... unplug it.

    Good that's an excellent start. Most of the attacks will have ceased instantly. Now.... on the other side of the firewalla are probably a bunch of devices not completed controlled by yourself.... each of them has a cord.... the LAN lives there.... go take the computer away from the user and re-position it in a farraday screened locked bunker with your firewall.

    You are now at the almost-highest security level.... well done. Only the rare attack will be noticable here.

    But we can do better... unplg all the network cables. Good now secure-wipe all the drives and memcheck multiple times. Now remove the power cables, destroy the RAM, HDD's and the processors.

    Done? Excellent - you are at the highest security level!

    For bonus points either Nuke the bunker from Orbit.... or alternatively orbit the Bunker and Nuke the rest... it's the only way to be sure! (*/hat tip)

    link to this | view in thread ]

  37. icon
    Whatever (profile), 1 Jul 2014 @ 10:45pm

    Re: Re: Thumbs up

    For my mine, Microsoft is in fact the victim here, because their reputation rests on dealing with malware and keeping their products as safe as possible. Significant harm is done to Microsoft and it's reputation with consumers every time they are hit.

    Yes, Microsoft could do better themselves as well, and I am sure they do try. However, we have seen even with bugs in even the encryption software commonly used online, that these things happen.

    No-IP was well known within the malware world as a great way to operate. You could move your command and control servers around from place to play to avoid legal issues, and at the same time not have to make changes to your "herd" computers to keep up with you. You only have to do a little searching on Google to find instructions on how to do it.

    I feel sorry for those who may have been affected by a short period of downtime. That is not any different from a hosting company having an outage, a cable cut, or whatever. It happens. Nobody promises 100% uptime for anything online, do they?

    "Since when do we need a private company taking "justice" in their hands."

    Since nobody else seems to want to take legal action to deal with hackers. Local police say it's not their problem, State police aren't in the position to do much, and the Feds aren't very well organized to know who should deal with it... you know, FBI, FTC... is it civil or criminal? Microsoft is a victim here, and they did what any sane victim should do, which is take steps to stop it.

    No-IP could have done a better job. They did not, and in fact may have been profiting from it, in the same manner that spamhaus hosting companies profit from hosting spammers.

    link to this | view in thread ]

  38. identicon
    Wig, 2 Jul 2014 @ 1:14am

    Re: Re: Re: Thumbs up

    I think that everybody on this site agrees that something should be done to stop these malwares and botnets.

    Only, not this.

    If MS is so sure that they have a workable plan that can provide the no-ip service to legit customers and only disrupt the malware servers, why didn't they contact (and work with) Vitalwerks with that solution?

    (btw, MS is failing horribly in their attempt to deliver the no-ip service to any customer, which is only further harming that precious reputation you claim they have to protect: now they not only seem incompetent to fix things, they also come over as bullies)

    link to this | view in thread ]

  39. identicon
    boomslang, 2 Jul 2014 @ 4:54am

    Dig

    If you read Microsoft's side of the story, no-ip seems to be pretty bad about dealing with malware, and Microsoft is not the only company to point out no-ip's malware problem.

    The first thing that struck me about this case is: "the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats."

    I'm curious what the extent of the re-routing was, i.e., how much legitimate traffic was Microsoft allowed to sniff?

    The second thing that struck me is also part of Microsoft's statement: "their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large."

    I think Microsoft should be held accountable for pushing an operating system that is so partial to malware that it harms Microsoft, its customers, and the public at large.

    link to this | view in thread ]

  40. icon
    Rex (profile), 2 Jul 2014 @ 5:02am

    Re: Re: Re: Re: Thumbs up

    I have two sites through no-ip.com. One of which I rerouted through another service yesterday, the other is still hanging.

    Here's how I see it:

    If MS had been properly prepared they could have served this order, rerouted the service correctly, and did what they wanted to do with either (1) no one the wiser (or 2) getting praise for their action. Even though it's not their job to do this and I don't agree with it.

    If they had done it correctly they could have possibly shut down some of these malware users. Instead they now know what's going on have moved on (as said by an earlier commenter).

    But they weren't prepared. They screwed up royally and are paying for it. This 'reputation' everybody is talking about is tarnished yet some more (not that it matters with their history).

    They'd do better to just release the service back to no-ip and just cut their loses. Admitting they screwed up might just earn them some favor in the public view.

    link to this | view in thread ]

  41. identicon
    Alt0, 2 Jul 2014 @ 6:48am

    What about this judge?

    How the hell do people like this get appointed as a judge? Obviously someone willing to stretch for a major Corporation maybe for return favors down the road? Watch for this "Judge" to get a nice job working for an MS company sometime in the future.

    link to this | view in thread ]

  42. identicon
    Mz, 2 Jul 2014 @ 8:37am

    rediculous

    I cannot believe this judge allowed this to happen.

    I think its great that Microsoft wants to clean up malware but holy fck. It seems like Microsoft misrepresented the issue in court and asked for more than they should have legally expected to get.

    This judge must have been naive enough to not comprehend what she was doing.

    I still have clients that are down because of this. Microsoft may have claimed to corrected their issue but I am getting intermittent timeouts and unresolved addresses.

    We use noip for migrations of client systems to cloud services... oddly like Microsoft 365. It allows for instantaneous control of DNS when we do migrations or need to provide access to short term services.

    wtf was microsoft thinking.

    Please please someone launch a class action. Everyone involved in this decision seems to have been negligent.

    link to this | view in thread ]

  43. identicon
    Stoney Mahoney, 2 Jul 2014 @ 10:08am

    Quantifying The Damage

    If you've been caught up in all this and you've lost time, money, sanity or anything else, I want to know! Microsoft cannot be allowed to get away with ignoring the scale of the damage they've done, but the only way to do that is to quantify it! Come to www.nerdcore.org.uk, check out the blog post for details on how to send me your outage war stories!

    link to this | view in thread ]

  44. identicon
    Anonymous, 2 Jul 2014 @ 3:09pm

    Re: Re:

    Pardon me, Mr. Perfectionist, maybe I should have said "the highest possible functional security level". High Security and Stealth Mode are the highest possible functional security levels one can get on this particular firewall.
    As far as nuking and destroying things, well, I have a microwave that works very well against CDs and a hammer that works very well against USBs should the time ever come. And if it hasn't by now, I doubt it ever will.

    link to this | view in thread ]

  45. icon
    BernardoVerda (profile), 2 Jul 2014 @ 4:28pm

    Re: What about this judge?

    "How the hell do people like this get appointed as a judge? Obviously someone willing to stretch for a major Corporation maybe for return favors down the road? Watch for this "Judge" to get a nice job working for an MS company sometime in the future."

    Or maybe just someone unfamiliar with Microsoft's history, both inside and outside the courtroom. One would think that a corporation caught fabricating evidence in the past court cases might be subject to somewhat sceptical scrutiny, it's corporate magnificence not withstanding...

    link to this | view in thread ]

  46. identicon
    Sum Yung Gai, 3 Jul 2014 @ 7:13am

    Still, appropriate due process matters

    Even if you believe your reputation is being harmed, you still need to demonstrate that in court, according to due process. In the United States, that due process includes the defendant's right to face its accuser in that court. That didn't happen here; it was Microsoft and a judge, with nobody from No-IP there. That's the key--with nobody from No-IP there. Whether you like Microsoft or not, that still needed to happen, and that judge needs to be impeached and removed for allowing this to happen.

    --SYG

    link to this | view in thread ]

  47. identicon
    xavier vila, 3 Jul 2014 @ 10:56am

    Re: Thumbs up

    We got several times our computer infected by receiving emails with viruses send trough outlook. Should Outlook.com be seized?

    The viruses are been produced by seek people that takes advantage of Microsoft programmers bad or poor coding, should they be made responsible as well as their employer Microsoft.?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.