Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process

from the not-so-sure-that's-true... dept

Earlier today, we wrote about a ridiculous situation in which Microsoft was able to convince a judge to let it seize a bunch of popular domains from No-IP.com, the popular dynamic DNS provider, routing all their traffic through Microsoft servers, which were unable to handle the load, taking down a whole bunch of websites. Microsoft claimed that this was all part of a process of going after a few malware providers, though No-IP points out that Microsoft could have easily contacted them and the company's fraud and abuse team would have cut off those malware providers.

A little while ago, Microsoft PR emailed over the following, somewhat questionable claim from David Finn, the company's Executive Director and Associate General Counsel, Digital Crimes Unit, in which he claims that all of that collateral damage was merely a "technical error" and it's all good now:
“Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners’ knowledge through the abuse of No-IP, an Internet solutions service. Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.”
I'm sorry, but that excuse just doesn't cut it, given the legal documents that we posted, which clearly showed that Microsoft made No-IP's parent company, Vitalwerks, out to be a part of a criminal conspiracy. The judge specifically said:
There is good cause to believe that, unless the Defendant Vitalwerks is restrained and enjoined by Order of this Court, immediate and irreparable harm will result from its ongoing violations the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125) and the common law of negligence. The evidence set forth in Microsoft’s TRO Motion, and the accompanying declarations and exhibits, demonstrate that Microsoft is likely to prevail on its claim that this Defendant has engaged in violations of the foregoing laws through one or more of the following:
a. Leasing to Malware Defendants No-IP sub-domains containing Microsoft’s protected marks; and
b. Negligently enabling Malware Defendants to participate in illegal acts, and failing to take sufficiently corrective action to stop and prevent the abuse of its services, all of which harms Microsoft, Microsoft’s customers, and the general public.
That's not a "technical error." That's Microsoft blatantly making an extreme claim that convinced a judge to hand over a whole bunch of domain names without any kind of due process or adversarial hearing. While Microsoft may have then had a technical error on top of that, what kicked this off was a very, very big legal error.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: domain seizure, dynamic dns, ex parte, malware, technical error
Companies: microsoft, no-ip, vitalwerks


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Indy, 1 Jul 2014 @ 4:21pm

    technical error... actual snort reading that...

    A technical error is a BSOD.


    This is obviously gross, gross incompetence and/or pure outright maliciousness. Microsoft needs to seriously look into internal firings for this one...

    link to this | view in thread ]

  2. identicon
    David, 1 Jul 2014 @ 4:21pm

    Been following TD for quite a while. Good job, thanks. Lately though (about last 3 days) the posts all have garbled letters. This garble is always in the parts where you insert a quote from another source. Getting a lot harder to read. Anybody else see this? I'm using same browser as always. Anyway, thanks all.

    link to this | view in thread ]

  3. identicon
    David, 1 Jul 2014 @ 4:29pm

    Re:

    Ahh.. it only happens in TD Lite. Which is a lot easier to use on my tablet. That being the idea, I suppose.

    link to this | view in thread ]

  4. identicon
    Paul, 1 Jul 2014 @ 4:29pm

    Fixed?

    funny...my account through no-ip still isn't working....nor is my works account...

    link to this | view in thread ]

  5. icon
    Whoever (profile), 1 Jul 2014 @ 4:34pm

    Except it is not fixed

    The no-ip.biz subdomains that are not implicated in spreading malware are NOT working.

    Step 1. Find some existing subdomains in the no-ip.biz domain:
    https://www.google.com/search?q=site%3Ano-ip.biz

    Step 2. Check that the subdomains are not in Microsoft's list at http://www.noticeoflawsuit.com/docs/A%20-%20List%20of%20No-IP%20Malware%20Sub-domains.pdf

    Step 3. Look up those domains to see if they resolve:
    dig www.confex.no-ip.biz

    ; DiG 9.9.3-P2 www.confex.no-ip.biz
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER DiG 9.9.3-P2 wowsulvus.no-ip.biz
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER

    link to this | view in thread ]

  6. identicon
    Jeff, 1 Jul 2014 @ 4:54pm

    Obviously false

    Even if we assume that Microsoft tried to continue offering service to the non-malware customers, how would they do it if they seized the domains without the cooperation of Vitalwerks? When the domains got seized, the domain record was changed to point to different DNS servers that are under the control of Microsoft. Vitalwerks customers using subdomains would be unable to register changes to their dynamic IP addresses unless Microsoft somehow (without the knowledge of, or the cooperation of Vitalwerks) mimicked the Vitalwerks dynamic DNS API. How could Microsoft do this without the Vitalwerks customer account information? Answer: They cannot. Somebody is trying to do some damage control.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 1 Jul 2014 @ 5:13pm

    Re: Re:

    I have noticed this in TDLite too.

    link to this | view in thread ]

  8. identicon
    David, 1 Jul 2014 @ 5:20pm

    TD Lite isn't setting char encoding UTF8. I tried in Firefox - which has the ability to switch a page to another encoding. When a page first comes up in TD Lite, it's Window 1252. Switching to UTF8 fixes the garble. In TD regular, it comes up in UTF8 by default so all looks well. Okay, hope you guys can fix it. Keep on dirting.

    link to this | view in thread ]

  9. icon
    orbitalinsertion (profile), 1 Jul 2014 @ 5:20pm

    No, not an error, but a huge scam and abuse of their power and a tech-illiterate bench-warmer.

    MS has long experience working with the network security community in blackholing domains and such. Beyond their "networking error", there is no reason to claim No IP or their parent is malicious. Not one element of this is believable. If any of it turns out to be actually true, it is such a display of gross incompetence that MS should have a whacking chunk of their IP ranges removed from them for a day.

    link to this | view in thread ]

  10. identicon
    David, 1 Jul 2014 @ 5:23pm

    Re: Re: Re:

    TD Lite isn't setting char encoding UTF8. I tried in Firefox - which has the ability to switch a page to another encoding. When a page first comes up in TD Lite, it's Window 1252. Switching to UTF8 fixes the garble. In TD regular, it comes up in UTF8 by default so all looks well. Okay, hope you guys can fix it. Keep on dirting.

    (oops, stuck my reply down the thread by mistake)

    link to this | view in thread ]

  11. icon
    art guerrilla (profile), 1 Jul 2014 @ 5:39pm

    Re: Obviously false

    i think it was over at soylent news, but one uber-nerd had a complete technical explanation for how MS fucked up BEYOND the legal shenanigans, and did a technical snafu which not only borked the legit customers they were *supposedly* leaving unscathed, but *also* messed up their own 'honey pot' game and gave the (so-called) perps enough head start to get the puck out of dodge...

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 1 Jul 2014 @ 5:43pm

    Re:

    Anybody else see this?

    Yes.

    Near as I can tell, it's a charset issue. The comments are displaying in UTF-8. Comment submission starts in UTF-8, however, after preview, the charset defaults to Windows-1252.

    More specifically: The page reached at www.techdirt.com/comment_process.php apparently doesn't specify a charset (and thus defaults to Windows-1252), while the rest of the site is specifying UTF-8 explicitly.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 1 Jul 2014 @ 5:49pm

    Re: Re:

    it only happens in TD Lite

    No.

    I've also seen this with Techdirt regular. There may be more than one place where UTF-8 vs Windows-1252 charset issues occur.

    link to this | view in thread ]

  14. identicon
    Christenson, 1 Jul 2014 @ 6:07pm

    Bridge in Brooklyn anyone?

    Seems like a good deal from Microsoft, of course....
    I hope they are in for some serious sanctions for fraud upon the court.
    As for perps getting out of dodge...well, no-ip wasn't exactly a cool spot in the first place. Not that a few spam-bot computers might not have gotten a little wipe yesterday..

    Now, can I go to this same judge, convince him that Microsoft is supporting scammers with IE and Windoze, and get all of Microsoft's DNS records???

    link to this | view in thread ]

  15. icon
    Rick Mycroft (profile), 1 Jul 2014 @ 6:07pm

    Turnabout is fair

    I see that the noticeoflawsuit site run by Microsoft's lawyers Shook, Hardy & Bacon is using IIS 6.0, an unsupported and exploited server.

    For the good of the Internet, the court should take away their control of that domain until they clean up their act.

    link to this | view in thread ]

  16. identicon
    Christenson, 1 Jul 2014 @ 6:15pm

    Re: Turnabout is fair

    So make it spam or DOS the court? Leave them with a huge PACER bill as they pull an Aaron Schwartz and send everything to RECAP?

    Turnabout in the PUBLIC service is even better!

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 1 Jul 2014 @ 6:31pm

    Re: Bridge in Brooklyn anyone?

    Now, can I go to this same judge, convince him...

    No.

    Microsoft is large, reputable corporation. You simply do not have equal justice under law.

    That phrase, "Equal justice under law", may be carved in stone in front of the Supreme Court building. But --whether or not it ever really worked that way-- it doesn't work that way now.

    link to this | view in thread ]

  18. icon
    G Thompson (profile), 1 Jul 2014 @ 6:49pm

    So the judge determined, based on the say of Microsoft, that their was good cause to believe that there were violations of the common law [tort] of negligencene

    Without going into the pedantics of not being able to specifically violate/breach negligence since it isn't legislation this is quite true.

    Except that Microsoft themselves now have negligently allowed through their actions harm to occur through their absolute breach of duty (since they so willingly state they have standing to acquire property they then have a duty to that property)

    This is another instance of Microsoft's egotistical nature stating to all and sundry that they and they alone know best about how to do things and they can do no wrong, not to mention that they THINK own any data etc coming via their software/databases/pipes/whatever.

    David Finn by his inane and vacuous comments has now placed himself in the firing line of all this.. Good job David, the moron award is in the bag for you this month/year.

    link to this | view in thread ]

  19. icon
    Rick Mycroft (profile), 1 Jul 2014 @ 6:54pm

    Re: Re: Turnabout is fair

    Now now, I'm not suggesting anything illegal. (Well, no more illegal than Microsoft misrepresenting the situation to some hick court in a sneak attack.)

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 1 Jul 2014 @ 7:17pm

    So do I understand correctly, Microsoft ran a man-in-the-middle attack because malware? How is it that some judge would sign off on this?

    link to this | view in thread ]

  21. identicon
    Lurker Keith, 1 Jul 2014 @ 8:27pm

    Re: Re: Re:

    Yeah, I quoted a paragraph (Supreme Court quote) in one of TD's posts to point something out in a reply to someone on the normal web version the other day, & the internal quotation marks & an apostrophe came up as ? in diamonds.

    I assume this is the kind of thing being mentioned.

    I've been wondering what happened.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 1 Jul 2014 @ 9:35pm

    Re: Re: Re: Re:

    I assume this is the kind of thing being mentioned.

    Yes.

    The page where the comment you linked to is being displayed contains:
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    However, your comment there is actually using Windows-1252 characters for the quote marks and apostrophe.

    link to this | view in thread ]

  23. identicon
    Thedude36, 1 Jul 2014 @ 10:06pm

    Very unhappy about Microsoft actions

    I hope Microsoft fixes this mess they created. my VPN are down because of their stupidity. My boss is not going to be happy.

    link to this | view in thread ]

  24. icon
    techflaws (profile), 1 Jul 2014 @ 10:11pm

    Re: Fixed?

    Same here. Fixed, my a**!

    link to this | view in thread ]

  25. identicon
    Kronomex, 1 Jul 2014 @ 10:13pm

    We got sprung trying to pull a swifty and now we're really really really sorry (holds onion under each eye). Puppet judge or technical ignoramus baffled by Microsoft bullshit?

    link to this | view in thread ]

  26. identicon
    Andrew, 1 Jul 2014 @ 10:18pm

    Someone died...

    Somewhere someone died with a non-functional camera or security or VOIP system. We need to find them and NEVER let Microsoft off the hook.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 1 Jul 2014 @ 11:49pm

    so where is the DOJ on this?

    Given what they did to Arron Schwartz, there should be a whole herd of MS lemmings stampeding to an ocean-side cliff. We all know that MS's greatest attribute is lying,almost as good as the DOJ's.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 2 Jul 2014 @ 12:25am

    Re: Re: Fixed?

    My site is still down here, too...

    link to this | view in thread ]

  29. identicon
    James, 2 Jul 2014 @ 12:40am

    $200k bond

    So the $200k bond that Microsoft posted should be No-IP.com's for the taking now, right?

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 2 Jul 2014 @ 12:49am

    Re: Re: Re: Fixed?

    still isn't working
    Same here.
    still down here, too

    The Ex Parte TRO posted in the previous article was signed by United States District Judge Gloria M. Navarro.

    I wouldn't recommend telephoning Judge Navarro to complain without having yourself a lawyer.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 2 Jul 2014 @ 1:13am

    Re: $200k bond

    So the $200k bond...

    $200,000 / 4,000,000 sites down = 1 nickel / site.

    I doubt anyone's going to see their nickel. But do the math yourself.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 2 Jul 2014 @ 2:59am

    Re:

    Why not all? And let Vitalwerks control them.

    As I've said before: reciprocity is a b**ch.

    link to this | view in thread ]

  33. identicon
    RadioHacktive, 2 Jul 2014 @ 3:19am

    Microsoft vs NoIP

    My Monday http://www.reddit.com/r/technology/comments/29idwc/court_authorizes_microsoft_to_take_over_as_noip/ comment on this:

    "As I'm understanding this, Microsoft is blaming a DNS providing company for Microsoft Customer's PCs being hacked which is possible because the Microsoft operating system is flawed and easily hacked. It just happens that some of the hacked machines are using some of no-ip.com's free subdomains to talk to the command & control computers. So rather than fixing their defective operating system or shutting down the offending user's computers, they decide to steamroller a small company by making wild and unproven claims to a federal judge that only quick action will... do what? And for how long? And the only penalty for Microsoft is a $200k bond?

    Microsoft filed their suit with the court on June 19th, with the court requiring no-ip.com to appear in 30 days. Then Microsoft convinces the court to issue a TOR allowing them to take over 22 noip.com (both free and paid) subdomains, saying they can provide adequate service and implying noip.com's customers won't suffer an impact, effective June 30. Noip.com was not given time to react or object. And noip.com customers are being impacted, nothing is resolving on Microsoft's DNS. So email is down, websites are down and who knows what else. All because Microsoft's operating systems have exploitable defects.

    I do not think I wish to know these Microsoft people. "

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 2 Jul 2014 @ 3:46am

    Re: Re: $200k bond

    If I had a nickel for every time MS shut down somebody's website...

    link to this | view in thread ]

  35. icon
    Rex (profile), 2 Jul 2014 @ 5:06am

    Re: Fixed?

    "Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.”


    Umm... It's 8am the next morning. My one site I left routed through no-ip is still down.

    http://www.cordcutterinfo.com/

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 2 Jul 2014 @ 5:22am

    I have over 30 VPN clients using one of the seized domains. The only ones working are ones for whom the IP has not changed . Class action, anyone? Where are our lawyers?

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 2 Jul 2014 @ 10:41am

    Re: Re: Fixed?

    Ummm, I don't see the relation to no-ip dns services. This is what I'm seeing, with some snippage:
    $ whois cordcutterinfo.com

    Last update of whois database: Wed, 02 Jul 2014 17:14:03 UTC

    Name Server: YNS1.YAHOO.COM
    Name Server: YNS2.YAHOO.COM

    And also with snippage:
    $ host -v -t A cordcutterinfo.com yns2.yahoo.com;;

    ANSWER SECTION:
    cordcutterinfo.com. 600 IN A 96.28.138.109

    ;; AUTHORITY SECTION:
    cordcutterinfo.com. 86400 IN NS yns2.yahoo.com.
    cordcutterinfo.com. 86400 IN NS yns1.yahoo.com.

    Received 96 bytes from 98.139.247.192#53 in 95 ms

    Why is your outage related to the no-ip dns seizure? I don't understand what you mean by "left routed through no-ip".

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 2 Jul 2014 @ 11:11am

    Re: Fixed?

    "Takedown of No-IP by Microsoft impacts 1.8M customers", by Steve Ragan, CSO, Jul 2, 2014
    Note: This is an update to the original story....

    ... At current count, 1,832,133 customers were impacted by Microsoft's takedown of No-IP, which directly translates to more than 4 million hostnames....

    ... By Wednesday morning, service was still unaviliable to many No-IP customers using one of the 23 domains controlled by Microsoft....

    (Emphasis altered).

    Wednesday is today, July 2, 2014.

    link to this | view in thread ]

  39. icon
    John85851 (profile), 2 Jul 2014 @ 12:49pm

    Secondary liability?

    In a previous story, the Austrian government is prosecuting the owner of a Tor exit node for contributing to criminal activity.
    When will someone prosecute Microsoft for similar liability since malware-makers take advantage of security holes in IE and Windows? Or is okay when Microsoft does it because the security holes "just happen" and they didn't do it on purpose?

    link to this | view in thread ]

  40. identicon
    Michael McLeod, 2 Jul 2014 @ 1:24pm

    Will the real Micro$oft stand up!

    Hummm, I get calls all the time from a Micro$oft technician? With a very strong Telugu accent trying to tell me my Micro$oft based computer is sending out malware. He hangs up when I tell him I use Linux (which I do). Is it the same group? The judge probably won the Nigerian lottery also!

    link to this | view in thread ]

  41. icon
    Poppy (profile), 2 Jul 2014 @ 2:35pm

    Re: Re: Fixed?

    Rex said on Jul 2nd, 2014 @ 5:06am

    > My one site I left routed through no-ip is still down.

    I just tried it - It's still down 12 hours later.

    On what I assume was july 2, Microsoft said:

    > As of 6 a.m. Pacific time today, all service was restored.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 2 Jul 2014 @ 3:22pm

    Re: Re: Re: Fixed?

    Oh, I see now.
    $ host -v www.cordcutterinfo.com yns2.yahoo.com

    Trying "www.cordcutterinfo.com"
    Using domain server:
    Name: yns2.yahoo.com
    Address: 98.139.247.192#53
    Aliases:

    ;; ->>HEADER<&lt:- opcode: QUERY, status: NOERROR, id: 53345
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;www.cordcutterinfo.com. IN A

    ;; ANSWER SECTION:
    www.cordcutterinfo.com. 600 IN CNAME cordcutterinfo.servehttp.com.

    Received 79 bytes from 98.139.247.192#53 in 92 ms

    And servehttp.com is one of the no-ip domains. Sorry. I didn't follow the chain all the way the www domain.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 2 Jul 2014 @ 8:14pm

    So Microsoft, a tech company, made a pretty grievous "technical error." Well, if they aren't able to prevent technical errors in the *technical realm* - their one claim to fame - why should they be trusted in any? (Judges take note.)

    link to this | view in thread ]

  44. identicon
    mepha31, 2 Apr 2015 @ 1:42pm

    thanks

    Is it the same group? The judge probably won the Nigerian lottery also!free subdomains to talk to the command & control computers. So rather than fixing their defective operating system or shutting down the offending user's computers, they decide to steamroller a small company by making wild and unproven claims to a federal judge that only quick action will

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.