Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process
from the not-so-sure-that's-true... dept
Earlier today, we wrote about a ridiculous situation in which Microsoft was able to convince a judge to let it seize a bunch of popular domains from No-IP.com, the popular dynamic DNS provider, routing all their traffic through Microsoft servers, which were unable to handle the load, taking down a whole bunch of websites. Microsoft claimed that this was all part of a process of going after a few malware providers, though No-IP points out that Microsoft could have easily contacted them and the company's fraud and abuse team would have cut off those malware providers.A little while ago, Microsoft PR emailed over the following, somewhat questionable claim from David Finn, the company's Executive Director and Associate General Counsel, Digital Crimes Unit, in which he claims that all of that collateral damage was merely a "technical error" and it's all good now:
“Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners’ knowledge through the abuse of No-IP, an Internet solutions service. Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.”I'm sorry, but that excuse just doesn't cut it, given the legal documents that we posted, which clearly showed that Microsoft made No-IP's parent company, Vitalwerks, out to be a part of a criminal conspiracy. The judge specifically said:
There is good cause to believe that, unless the Defendant Vitalwerks is restrained and enjoined by Order of this Court, immediate and irreparable harm will result from its ongoing violations the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125) and the common law of negligence. The evidence set forth in Microsoft’s TRO Motion, and the accompanying declarations and exhibits, demonstrate that Microsoft is likely to prevail on its claim that this Defendant has engaged in violations of the foregoing laws through one or more of the following:That's not a "technical error." That's Microsoft blatantly making an extreme claim that convinced a judge to hand over a whole bunch of domain names without any kind of due process or adversarial hearing. While Microsoft may have then had a technical error on top of that, what kicked this off was a very, very big legal error.a. Leasing to Malware Defendants No-IP sub-domains containing Microsoft’s protected marks; and
b. Negligently enabling Malware Defendants to participate in illegal acts, and failing to take sufficiently corrective action to stop and prevent the abuse of its services, all of which harms Microsoft, Microsoft’s customers, and the general public.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: domain seizure, dynamic dns, ex parte, malware, technical error
Companies: microsoft, no-ip, vitalwerks
Reader Comments
Subscribe: RSS
View by: Time | Thread
technical error... actual snort reading that...
This is obviously gross, gross incompetence and/or pure outright maliciousness. Microsoft needs to seriously look into internal firings for this one...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Fixed?
[ link to this | view in thread ]
Except it is not fixed
Step 1. Find some existing subdomains in the no-ip.biz domain:
https://www.google.com/search?q=site%3Ano-ip.biz
Step 2. Check that the subdomains are not in Microsoft's list at http://www.noticeoflawsuit.com/docs/A%20-%20List%20of%20No-IP%20Malware%20Sub-domains.pdf
Step 3. Look up those domains to see if they resolve:
dig www.confex.no-ip.biz
; DiG 9.9.3-P2 www.confex.no-ip.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER DiG 9.9.3-P2 wowsulvus.no-ip.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER
[ link to this | view in thread ]
Obviously false
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
MS has long experience working with the network security community in blackholing domains and such. Beyond their "networking error", there is no reason to claim No IP or their parent is malicious. Not one element of this is believable. If any of it turns out to be actually true, it is such a display of gross incompetence that MS should have a whacking chunk of their IP ranges removed from them for a day.
[ link to this | view in thread ]
Re: Re: Re:
(oops, stuck my reply down the thread by mistake)
[ link to this | view in thread ]
Re: Obviously false
[ link to this | view in thread ]
Re:
Yes.
Near as I can tell, it's a charset issue. The comments are displaying in UTF-8. Comment submission starts in UTF-8, however, after preview, the charset defaults to Windows-1252.
More specifically: The page reached at www.techdirt.com/comment_process.php apparently doesn't specify a charset (and thus defaults to Windows-1252), while the rest of the site is specifying UTF-8 explicitly.
[ link to this | view in thread ]
Re: Re:
No.
I've also seen this with Techdirt regular. There may be more than one place where UTF-8 vs Windows-1252 charset issues occur.
[ link to this | view in thread ]
Bridge in Brooklyn anyone?
I hope they are in for some serious sanctions for fraud upon the court.
As for perps getting out of dodge...well, no-ip wasn't exactly a cool spot in the first place. Not that a few spam-bot computers might not have gotten a little wipe yesterday..
Now, can I go to this same judge, convince him that Microsoft is supporting scammers with IE and Windoze, and get all of Microsoft's DNS records???
[ link to this | view in thread ]
Turnabout is fair
For the good of the Internet, the court should take away their control of that domain until they clean up their act.
[ link to this | view in thread ]
Re: Turnabout is fair
Turnabout in the PUBLIC service is even better!
[ link to this | view in thread ]
Re: Bridge in Brooklyn anyone?
No.
Microsoft is large, reputable corporation. You simply do not have equal justice under law.
That phrase, "Equal justice under law", may be carved in stone in front of the Supreme Court building. But --whether or not it ever really worked that way-- it doesn't work that way now.
[ link to this | view in thread ]
Without going into the pedantics of not being able to specifically violate/breach negligence since it isn't legislation this is quite true.
Except that Microsoft themselves now have negligently allowed through their actions harm to occur through their absolute breach of duty (since they so willingly state they have standing to acquire property they then have a duty to that property)
This is another instance of Microsoft's egotistical nature stating to all and sundry that they and they alone know best about how to do things and they can do no wrong, not to mention that they THINK own any data etc coming via their software/databases/pipes/whatever.
David Finn by his inane and vacuous comments has now placed himself in the firing line of all this.. Good job David, the moron award is in the bag for you this month/year.
[ link to this | view in thread ]
Re: Re: Turnabout is fair
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re:
I assume this is the kind of thing being mentioned.
I've been wondering what happened.
[ link to this | view in thread ]
Re: Re: Re: Re:
Yes.
The page where the comment you linked to is being displayed contains: However, your comment there is actually using Windows-1252 characters for the quote marks and apostrophe.
[ link to this | view in thread ]
Very unhappy about Microsoft actions
[ link to this | view in thread ]
Re: Fixed?
[ link to this | view in thread ]
[ link to this | view in thread ]
Someone died...
[ link to this | view in thread ]
so where is the DOJ on this?
[ link to this | view in thread ]
Re: Re: Fixed?
[ link to this | view in thread ]
$200k bond
[ link to this | view in thread ]
Re: Re: Re: Fixed?
The Ex Parte TRO posted in the previous article was signed by United States District Judge Gloria M. Navarro.
I wouldn't recommend telephoning Judge Navarro to complain without having yourself a lawyer.
[ link to this | view in thread ]
Re: $200k bond
$200,000 / 4,000,000 sites down = 1 nickel / site.
I doubt anyone's going to see their nickel. But do the math yourself.
[ link to this | view in thread ]
Re:
As I've said before: reciprocity is a b**ch.
[ link to this | view in thread ]
Microsoft vs NoIP
"As I'm understanding this, Microsoft is blaming a DNS providing company for Microsoft Customer's PCs being hacked which is possible because the Microsoft operating system is flawed and easily hacked. It just happens that some of the hacked machines are using some of no-ip.com's free subdomains to talk to the command & control computers. So rather than fixing their defective operating system or shutting down the offending user's computers, they decide to steamroller a small company by making wild and unproven claims to a federal judge that only quick action will... do what? And for how long? And the only penalty for Microsoft is a $200k bond?
Microsoft filed their suit with the court on June 19th, with the court requiring no-ip.com to appear in 30 days. Then Microsoft convinces the court to issue a TOR allowing them to take over 22 noip.com (both free and paid) subdomains, saying they can provide adequate service and implying noip.com's customers won't suffer an impact, effective June 30. Noip.com was not given time to react or object. And noip.com customers are being impacted, nothing is resolving on Microsoft's DNS. So email is down, websites are down and who knows what else. All because Microsoft's operating systems have exploitable defects.
I do not think I wish to know these Microsoft people. "
[ link to this | view in thread ]
Re: Re: $200k bond
[ link to this | view in thread ]
Re: Fixed?
Umm... It's 8am the next morning. My one site I left routed through no-ip is still down.
http://www.cordcutterinfo.com/
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Fixed?
And also with snippage:
Why is your outage related to the no-ip dns seizure? I don't understand what you mean by "left routed through no-ip".
[ link to this | view in thread ]
Re: Fixed?
(Emphasis altered).
Wednesday is today, July 2, 2014.
[ link to this | view in thread ]
Secondary liability?
When will someone prosecute Microsoft for similar liability since malware-makers take advantage of security holes in IE and Windows? Or is okay when Microsoft does it because the security holes "just happen" and they didn't do it on purpose?
[ link to this | view in thread ]
Will the real Micro$oft stand up!
[ link to this | view in thread ]
Re: Re: Fixed?
> My one site I left routed through no-ip is still down.
I just tried it - It's still down 12 hours later.
On what I assume was july 2, Microsoft said:
> As of 6 a.m. Pacific time today, all service was restored.
[ link to this | view in thread ]
Re: Re: Re: Fixed?
And servehttp.com is one of the no-ip domains. Sorry. I didn't follow the chain all the way the www domain.
[ link to this | view in thread ]
[ link to this | view in thread ]
thanks
[ link to this | view in thread ]