Dangerous Ruling: Judge Lets Microsoft Seize & Redirect No-IP Domains Without Notice
from the breaking-the-internet dept
Microsoft posted a somewhat self-congratulatory blog post yesterday about how it was taking on a "global cybercrime epidemic" and effectively targeting systems used by malware. Of course, part of the details were that Microsoft totally misrepresented the nature of No-IP and how dynamic DNS solutions work. No-IP's parent company, Vitalwerks Solutions, was painted by Microsoft as being something of an accomplice to the malware epidemic, allowing Microsoft to convince a judge to seize a bunch of very popular No-IP domains without any notice or immediate recourse. Microsoft claims that it's just stopping malware, but the collateral damage from grabbing those domains is immense. According to No-IP:Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.As No-IP further notes, Microsoft could have easily contacted them, and the company would have taken action:
We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.
Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.Except, instead, it appears that Microsoft went to court (secretly, without telling Vitalwerks/No-IP) and convinced the judge that the company itself was violating the law. And the court bought it:
Vitalwerks and No-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one.
There is good cause to believe that, unless the Defendant Vitalwerks is restrained and enjoined by Order of this Court, immediate and irreparable harm will result from its ongoing violations the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125) and the common law of negligence. The evidence set forth in Microsoft’s TRO Motion, and the accompanying declarations and exhibits, demonstrate that Microsoft is likely to prevail on its claim that this Defendant has engaged in violations of the foregoing laws through one or more of the following:Given the nature of the ex-parte (without Vitalwerks being able to present its side of the story) proceedings, Microsoft was able to paint the fact that a platform provider (which has a full anti-abuse program), was somehow liable for actions of its users. This flies in the face of a variety of laws and caselaw on secondary liability, which protect the service provider from being held liable for abusive behavior by its users. Yet here, not only did the court ignore all of that, it simply flat out handed over to Microsoft a whole bunch of No-IP's domains (which, clearly, Microsoft was unable to handle), bringing down a big chunk of the web that relied on No-IP's dynamic DNS services.a. Leasing to Malware Defendants No-IP sub-domains containing Microsoft’s protected marks; and
b. Negligently enabling Malware Defendants to participate in illegal acts, and failing to take sufficiently corrective action to stop and prevent the abuse of its services, all of which harms Microsoft, Microsoft’s customers, and the general public.
This seems like a tremendously dangerous move for the internet in a variety of ways. Microsoft needs to take some of the blame. Even if its goal was to stop malware proliferation, there are better ways to do that than to falsely blame No-IP, and to misleadingly represent the service to the court, allowing the domains to be seized and rerouted.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybercrime, cybersecurity, domain seizure, dynamic dns, ex parte, takedown
Companies: microsoft, no-ip, vitalwerks
Reader Comments
The First Word
“In rem
Yet another example of why in rem seizures need to be done away with altogether. Property has owners. Want to seize the property? Argue against the owner in front of a judge. It's called due process.Subscribe: RSS
View by: Time | Thread
But this is Microsoft!
[ link to this | view in thread ]
Ok, now I know that Massachusetts SWAT teams have been privatized, but who deputized Microsoft for stopping malware?
[ link to this | view in thread ]
Not buying it...
This seems to go in a line of Microsoft trying to attempt corporate sabotage of either a competitor or smaller business.
Seriously, how long has it been since their last goof up of epic proportions where they will raid people's emails for things they want?
This falls in line with that exact view of the world. Next thing you know, they're going to announce their own private army of Pinkertons made up of retired law enforcement agents who will fight cybercrime.
[ link to this | view in thread ]
Re: But this is Microsoft!
Wow. Every time it looks like Microsoft's starting to shape up their act,they go and show their true colors again...
[ link to this | view in thread ]
Overreach
[ link to this | view in thread ]
Try this microsoft...
[ link to this | view in thread ]
[ link to this | view in thread ]
In rem
[ link to this | view in thread ]
Re: Try this microsoft...
MS can easily push out a patch to any OS that it has control of via Windows Update and avoid the collateral damage.
I wonder if any legitimate users could file a civil suit against Microsoft for loss of business?
[ link to this | view in thread ]
Can I do that?
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Overreach
[ link to this | view in thread ]
When that same service gets screwed over by the legal system itself, what are they to do? The best case scenario is to appeal, and get a big fat 'Oops, sorry' thrown their way, but what about the collateral damage caused in the meantime?
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Overreach
[ link to this | view in thread ]
conclusions
[ link to this | view in thread ]
Re: Re: But this is Microsoft!
[ link to this | view in thread ]
Seize Windows!
That would apply to plenty of Microsoft products as well. Who wants to seize Windows? For the common good, of course!
[ link to this | view in thread ]
Either MS or the judge need to be held responsible!
[ link to this | view in thread ]
Re: Not buying it...
[ link to this | view in thread ]
Re: Re: Overreach
[ link to this | view in thread ]
Re: Either MS or the judge need to be held responsible!
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: But this is Microsoft!
[ link to this | view in thread ]
What about skype users info?
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Thumbs up
Yes, for many legit users, the outage sucks. Did it suck any worse that the DDoS earlier in the week that took them out for a day or longer?
The service has been shown to be a key tool for many of the malware distributors and botnets, which use these wonderful dynamic domains to keep their nets alive. One report I read shows that 25% or even more of the botnet and malware nets have been disrupted or taken down by this move.
According to many of the reports this morning, No-IP was pretty much infested with malware providers. So I have to side with Microsoft here. A prolonged legal discussion would have been moot, as it would have given the malware distributors plenty of time to move to their next safe haven, using their command and control to move all of the bots to a new net. This sudden interruption may put a significant number of bot herders in a position where they have lost their herds, and for at least a period of time lost their ability to grow that herd.
[ link to this | view in thread ]
Sue for damages
[ link to this | view in thread ]
Re: Thumbs up
[ link to this | view in thread ]
Well that makes a lot of things make more sense
[ link to this | view in thread ]
Re:
It's more efficient that way. Fewer middlemen.
[ link to this | view in thread ]
The irony, it burns!
[ link to this | view in thread ]
Re:
Good that's an excellent start. Most of the attacks will have ceased instantly. Now.... on the other side of the firewalla are probably a bunch of devices not completed controlled by yourself.... each of them has a cord.... the LAN lives there.... go take the computer away from the user and re-position it in a farraday screened locked bunker with your firewall.
You are now at the almost-highest security level.... well done. Only the rare attack will be noticable here.
But we can do better... unplg all the network cables. Good now secure-wipe all the drives and memcheck multiple times. Now remove the power cables, destroy the RAM, HDD's and the processors.
Done? Excellent - you are at the highest security level!
For bonus points either Nuke the bunker from Orbit.... or alternatively orbit the Bunker and Nuke the rest... it's the only way to be sure! (*/hat tip)
[ link to this | view in thread ]
Re: Re: Thumbs up
Yes, Microsoft could do better themselves as well, and I am sure they do try. However, we have seen even with bugs in even the encryption software commonly used online, that these things happen.
No-IP was well known within the malware world as a great way to operate. You could move your command and control servers around from place to play to avoid legal issues, and at the same time not have to make changes to your "herd" computers to keep up with you. You only have to do a little searching on Google to find instructions on how to do it.
I feel sorry for those who may have been affected by a short period of downtime. That is not any different from a hosting company having an outage, a cable cut, or whatever. It happens. Nobody promises 100% uptime for anything online, do they?
"Since when do we need a private company taking "justice" in their hands."
Since nobody else seems to want to take legal action to deal with hackers. Local police say it's not their problem, State police aren't in the position to do much, and the Feds aren't very well organized to know who should deal with it... you know, FBI, FTC... is it civil or criminal? Microsoft is a victim here, and they did what any sane victim should do, which is take steps to stop it.
No-IP could have done a better job. They did not, and in fact may have been profiting from it, in the same manner that spamhaus hosting companies profit from hosting spammers.
[ link to this | view in thread ]
Re: Re: Re: Thumbs up
Only, not this.
If MS is so sure that they have a workable plan that can provide the no-ip service to legit customers and only disrupt the malware servers, why didn't they contact (and work with) Vitalwerks with that solution?
(btw, MS is failing horribly in their attempt to deliver the no-ip service to any customer, which is only further harming that precious reputation you claim they have to protect: now they not only seem incompetent to fix things, they also come over as bullies)
[ link to this | view in thread ]
Dig
The first thing that struck me about this case is: "the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats."
I'm curious what the extent of the re-routing was, i.e., how much legitimate traffic was Microsoft allowed to sniff?
The second thing that struck me is also part of Microsoft's statement: "their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large."
I think Microsoft should be held accountable for pushing an operating system that is so partial to malware that it harms Microsoft, its customers, and the public at large.
[ link to this | view in thread ]
Re: Re: Re: Re: Thumbs up
Here's how I see it:
If MS had been properly prepared they could have served this order, rerouted the service correctly, and did what they wanted to do with either (1) no one the wiser (or 2) getting praise for their action. Even though it's not their job to do this and I don't agree with it.
If they had done it correctly they could have possibly shut down some of these malware users. Instead they now know what's going on have moved on (as said by an earlier commenter).
But they weren't prepared. They screwed up royally and are paying for it. This 'reputation' everybody is talking about is tarnished yet some more (not that it matters with their history).
They'd do better to just release the service back to no-ip and just cut their loses. Admitting they screwed up might just earn them some favor in the public view.
[ link to this | view in thread ]
What about this judge?
[ link to this | view in thread ]
rediculous
I think its great that Microsoft wants to clean up malware but holy fck. It seems like Microsoft misrepresented the issue in court and asked for more than they should have legally expected to get.
This judge must have been naive enough to not comprehend what she was doing.
I still have clients that are down because of this. Microsoft may have claimed to corrected their issue but I am getting intermittent timeouts and unresolved addresses.
We use noip for migrations of client systems to cloud services... oddly like Microsoft 365. It allows for instantaneous control of DNS when we do migrations or need to provide access to short term services.
wtf was microsoft thinking.
Please please someone launch a class action. Everyone involved in this decision seems to have been negligent.
[ link to this | view in thread ]
Quantifying The Damage
[ link to this | view in thread ]
Re: Re:
As far as nuking and destroying things, well, I have a microwave that works very well against CDs and a hammer that works very well against USBs should the time ever come. And if it hasn't by now, I doubt it ever will.
[ link to this | view in thread ]
Re: What about this judge?
Or maybe just someone unfamiliar with Microsoft's history, both inside and outside the courtroom. One would think that a corporation caught fabricating evidence in the past court cases might be subject to somewhat sceptical scrutiny, it's corporate magnificence not withstanding...
[ link to this | view in thread ]
Still, appropriate due process matters
--SYG
[ link to this | view in thread ]
Re: Thumbs up
The viruses are been produced by seek people that takes advantage of Microsoft programmers bad or poor coding, should they be made responsible as well as their employer Microsoft.?
[ link to this | view in thread ]