Dangerous Ruling: Judge Lets Microsoft Seize & Redirect No-IP Domains Without Notice
from the breaking-the-internet dept
Microsoft posted a somewhat self-congratulatory blog post yesterday about how it was taking on a “global cybercrime epidemic” and effectively targeting systems used by malware. Of course, part of the details were that Microsoft totally misrepresented the nature of No-IP and how dynamic DNS solutions work. No-IP’s parent company, Vitalwerks Solutions, was painted by Microsoft as being something of an accomplice to the malware epidemic, allowing Microsoft to convince a judge to seize a bunch of very popular No-IP domains without any notice or immediate recourse. Microsoft claims that it’s just stopping malware, but the collateral damage from grabbing those domains is immense. According to No-IP:
Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.
We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft?s attempt to remediate hostnames associated with a few bad actors.
As No-IP further notes, Microsoft could have easily contacted them, and the company would have taken action:
Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.
Vitalwerks and No?-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-?IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one.
Except, instead, it appears that Microsoft went to court (secretly, without telling Vitalwerks/No-IP) and convinced the judge that the company itself was violating the law. And the court bought it:
There is good cause to believe that, unless the Defendant Vitalwerks is restrained and enjoined by Order of this Court, immediate and irreparable harm will result from its ongoing violations the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125) and the common law of negligence. The evidence set forth in Microsoft?s TRO Motion, and the accompanying declarations and exhibits, demonstrate that Microsoft is likely to prevail on its claim that this Defendant has engaged in violations of the foregoing laws through one or more of the following:
a. Leasing to Malware Defendants No-IP sub-domains containing Microsoft?s protected marks; and
b. Negligently enabling Malware Defendants to participate in illegal acts, and failing to take sufficiently corrective action to stop and prevent the abuse of its services, all of which harms Microsoft, Microsoft?s customers, and the general public.
Given the nature of the ex-parte (without Vitalwerks being able to present its side of the story) proceedings, Microsoft was able to paint the fact that a platform provider (which has a full anti-abuse program), was somehow liable for actions of its users. This flies in the face of a variety of laws and caselaw on secondary liability, which protect the service provider from being held liable for abusive behavior by its users. Yet here, not only did the court ignore all of that, it simply flat out handed over to Microsoft a whole bunch of No-IP’s domains (which, clearly, Microsoft was unable to handle), bringing down a big chunk of the web that relied on No-IP’s dynamic DNS services.
This seems like a tremendously dangerous move for the internet in a variety of ways. Microsoft needs to take some of the blame. Even if its goal was to stop malware proliferation, there are better ways to do that than to falsely blame No-IP, and to misleadingly represent the service to the court, allowing the domains to be seized and rerouted.
Filed Under: cybercrime, cybersecurity, domain seizure, dynamic dns, ex parte, takedown
Companies: microsoft, no-ip, vitalwerks
Comments on “Dangerous Ruling: Judge Lets Microsoft Seize & Redirect No-IP Domains Without Notice”
But this is Microsoft!
Misrepresenting to a court of law is what they do best!
Re: But this is Microsoft!
So does this count as perjury or as fraud upon the court? Either way, they need to get hit with some serious charges for pulling a stunt like that.
Wow. Every time it looks like Microsoft’s starting to shape up their act,they go and show their true colors again…
Re: Re: But this is Microsoft!
When did it look like Microsoft was starting to shape up their act?
Re: Re: Re: But this is Microsoft!
A handful of things over the last several years make it look like they’re at least trying to be less evil. Perhaps the most notable in recent memory would be Roslyn.
Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware
Ok, now I know that Massachusetts SWAT teams have been privatized, but who deputized Microsoft for stopping malware?
Not buying it...
I’m not buying Microsoft’s excuses…
This seems to go in a line of Microsoft trying to attempt corporate sabotage of either a competitor or smaller business.
Seriously, how long has it been since their last goof up of epic proportions where they will raid people’s emails for things they want?
This falls in line with that exact view of the world. Next thing you know, they’re going to announce their own private army of Pinkertons made up of retired law enforcement agents who will fight cybercrime.
Re: Not buying it...
Don’t give them any ideas.
Overreach
What exactly gives Microsoft standing to seek removal of any of the domains listed in the appendix? Most of them don’t mention Microsoft or any of its trademarks, and those that do only do so as part of the hostname, which isn’t really a form of Cybersquatting.
Re: Overreach
Money. Dollar bills.
Re: Overreach
Microsoft considers anything that harms there software and services to be a violation of there rights for obvious reasons.
Re: Re: Overreach
Cause they are a really sensitive person.
Try this microsoft...
How about fixing your broken OS first, before knocking out millions of people’s dynamic domains for no reason?
Re: Try this microsoft...
This is exactly what I was thinking. If Microsoft fixed the OS such that the Malware couldn’t execute, the C&C servers using No-IP domain names wouldn’t have anything to control.
MS can easily push out a patch to any OS that it has control of via Windows Update and avoid the collateral damage.
I wonder if any legitimate users could file a civil suit against Microsoft for loss of business?
so how about No-IP now taking Microsoft to court to get this shit sorted out? hopefully, Microsoft will get a severe dressing down and a huge fine for doing this in the first place. it may be a different story with the real malware sites but a genuine company to not be given the chance to state it’s side and explain what it does/doesn’t do is extremely bad! the judge in this case also deserves a severe dressing down too! the first question asked should have been ‘have the other sides concerned been contacted?’ disgraceful way for Microsoft to behave and the judge too. far too much of this going to court and asking a judge to do something, out of hand, without getting both sides of the argument!
Re: Re:
That. Microshaft should be held accountable. And the judicial process that led to this bs scrutinized.
In rem
Yet another example of why in rem seizures need to be done away with altogether. Property has owners. Want to seize the property? Argue against the owner in front of a judge. It’s called due process.
Can I do that?
I’ve been having to fight off hundreds of malware attacks as a result of the company owning the IP range 64.4.0.0/16. Can I get a court to let me take over that range of IP numbers so as to put a stop to the malware?
Centralized DNS strikes again!
When a service gets screwed over by another company, there is legal recourse.
When that same service gets screwed over by the legal system itself, what are they to do? The best case scenario is to appeal, and get a big fat ‘Oops, sorry’ thrown their way, but what about the collateral damage caused in the meantime?
Many have forgotten but Microsoft was initially pro-SOPA, too. In light of that, these sort of actions start to make sense, once you understand how Microsoft thinks about this stuff.
conclusions
Will I get microsoft.com if someone with a hotmail email address sends me SPAM?
Seize Windows!
“b. Negligently enabling Malware Defendants to participate in illegal acts, and failing to take sufficiently corrective action to stop and prevent the abuse”
That would apply to plenty of Microsoft products as well. Who wants to seize Windows? For the common good, of course!
Either MS or the judge need to be held responsible!
If MS isn’t severely punished, then the judge needs to be held responsible for being so negligent that this got through his desk. Actually, the judge needs to be punished anyway, specifically for being so irresponsible.
Re: Either MS or the judge need to be held responsible!
Does Microsoft pay for my damages? I am so happy I moved away from Windows into an Apple environment and hence away from MS. I will move now anything related to a US based server back to Europe as US based systems are utterly unreliable (Court Actions, spooks, you name it).
Who does Microsoft think they are, the City of London Police?
What about skype users info?
Microsoft itself commits the crime by forwarding skype users private information and chats to FBI and now they are claiming for domains? STFU Mr Bill Gates because first of all as they claimed malware is infecting windows so why is their operation system is that much low quality to be infected so easily? They are giving everything what ever they collect from their services to FBI even from xbox they have hired hackers in Microsoft to hack other companies to make them lose the game and they are calling others criminal and infectors? once again FU Mr Bill Microsoft. i can tell you a whole lecture and you will be able to prove me wrong you know why? Because you are already exposed and buying law with your money to make sure after you died your company can feed your grand children 😀 One day you will answer to GOD and you will be beaten like hell coz of your lies and everything you have done to the innocent peoples and if you think seizing no-ip can stop hackers or malwares then think again 😀 having a private DNS on your own domain is not hard and now you gave reason to the hackers to think about you and your company.
Well, in reviewing my firewall logs, I have noticed a number of invasion attempts from No-IP domains. Now if someone would also do something about this unassigned.psychz.net that keeps tring to get in…(not that it matters as I have a very good firewall set at the highest possible security level).
Re: Re:
If you are seeing any traffic at all your security level is not “set at the highest level”…. there’s a cord… the internet lives there… unplug it.
Good that’s an excellent start. Most of the attacks will have ceased instantly. Now…. on the other side of the firewalla are probably a bunch of devices not completed controlled by yourself…. each of them has a cord…. the LAN lives there…. go take the computer away from the user and re-position it in a farraday screened locked bunker with your firewall.
You are now at the almost-highest security level…. well done. Only the rare attack will be noticable here.
But we can do better… unplg all the network cables. Good now secure-wipe all the drives and memcheck multiple times. Now remove the power cables, destroy the RAM, HDD’s and the processors.
Done? Excellent – you are at the highest security level!
For bonus points either Nuke the bunker from Orbit…. or alternatively orbit the Bunker and Nuke the rest… it’s the only way to be sure! (*/hat tip)
Re: Re: Re:
Pardon me, Mr. Perfectionist, maybe I should have said “the highest possible functional security level”. High Security and Stealth Mode are the highest possible functional security levels one can get on this particular firewall.
As far as nuking and destroying things, well, I have a microwave that works very well against CDs and a hammer that works very well against USBs should the time ever come. And if it hasn’t by now, I doubt it ever will.
Does that mean that linux developers can have microsoft taken to court secretly if they can show that IIS servers are serving linux malware, and gain control of all servers running IIS?
Why don’t Microsoft build an OS that is “safe”… Very annoyed there was no notification!!
Thumbs up
I am on Microsoft’s side here, not entirely, but enough that I can see the benefits outweighing the failings.
Yes, for many legit users, the outage sucks. Did it suck any worse that the DDoS earlier in the week that took them out for a day or longer?
The service has been shown to be a key tool for many of the malware distributors and botnets, which use these wonderful dynamic domains to keep their nets alive. One report I read shows that 25% or even more of the botnet and malware nets have been disrupted or taken down by this move.
According to many of the reports this morning, No-IP was pretty much infested with malware providers. So I have to side with Microsoft here. A prolonged legal discussion would have been moot, as it would have given the malware distributors plenty of time to move to their next safe haven, using their command and control to move all of the bots to a new net. This sudden interruption may put a significant number of bot herders in a position where they have lost their herds, and for at least a period of time lost their ability to grow that herd.
Re: Thumbs up
You have no ideia what your talking about. Of course action should be taken, but not on no-ip’s back. Microsoft has no right to behave as if they were some sort of internet police. The say they are doing this to protect the users, yet they are harming millions of legit users and businesses who use no-ip domaints. What about all the malware and spam that gets sent everyday through hotmail and other MS services ?… Are you kidding me ?… Since when do we need a private company taking “justice” in their hands. If this sort of behavior is allowed it will soon mean the end of the free internet. FY MS.
Re: Re: Thumbs up
For my mine, Microsoft is in fact the victim here, because their reputation rests on dealing with malware and keeping their products as safe as possible. Significant harm is done to Microsoft and it’s reputation with consumers every time they are hit.
Yes, Microsoft could do better themselves as well, and I am sure they do try. However, we have seen even with bugs in even the encryption software commonly used online, that these things happen.
No-IP was well known within the malware world as a great way to operate. You could move your command and control servers around from place to play to avoid legal issues, and at the same time not have to make changes to your “herd” computers to keep up with you. You only have to do a little searching on Google to find instructions on how to do it.
I feel sorry for those who may have been affected by a short period of downtime. That is not any different from a hosting company having an outage, a cable cut, or whatever. It happens. Nobody promises 100% uptime for anything online, do they?
“Since when do we need a private company taking “justice” in their hands.”
Since nobody else seems to want to take legal action to deal with hackers. Local police say it’s not their problem, State police aren’t in the position to do much, and the Feds aren’t very well organized to know who should deal with it… you know, FBI, FTC… is it civil or criminal? Microsoft is a victim here, and they did what any sane victim should do, which is take steps to stop it.
No-IP could have done a better job. They did not, and in fact may have been profiting from it, in the same manner that spamhaus hosting companies profit from hosting spammers.
Re: Re: Re: Thumbs up
I think that everybody on this site agrees that something should be done to stop these malwares and botnets.
Only, not this.
If MS is so sure that they have a workable plan that can provide the no-ip service to legit customers and only disrupt the malware servers, why didn’t they contact (and work with) Vitalwerks with that solution?
(btw, MS is failing horribly in their attempt to deliver the no-ip service to any customer, which is only further harming that precious reputation you claim they have to protect: now they not only seem incompetent to fix things, they also come over as bullies)
Re: Re: Re:2 Thumbs up
I have two sites through no-ip.com. One of which I rerouted through another service yesterday, the other is still hanging.
Here’s how I see it:
If MS had been properly prepared they could have served this order, rerouted the service correctly, and did what they wanted to do with either (1) no one the wiser (or 2) getting praise for their action. Even though it’s not their job to do this and I don’t agree with it.
If they had done it correctly they could have possibly shut down some of these malware users. Instead they now know what’s going on have moved on (as said by an earlier commenter).
But they weren’t prepared. They screwed up royally and are paying for it. This ‘reputation’ everybody is talking about is tarnished yet some more (not that it matters with their history).
They’d do better to just release the service back to no-ip and just cut their loses. Admitting they screwed up might just earn them some favor in the public view.
Re: Thumbs up
We got several times our computer infected by receiving emails with viruses send trough outlook. Should Outlook.com be seized?
The viruses are been produced by seek people that takes advantage of Microsoft programmers bad or poor coding, should they be made responsible as well as their employer Microsoft.?
Sue for damages
No-ISP should sue M$ for a massive amount of money and file a RICO complaint with DOJ.
So Microsoft is authorised both as an LEO & prosecutor in the USA?
Well that makes a lot of things make more sense
Re: Re:
“So Microsoft is authorised both as an LEO & prosecutor in the USA?”
It’s more efficient that way. Fewer middlemen.
“Microsoft now claims that it just wants to get us to clean up our act…”
The irony, it burns!
Dig
If you read Microsoft’s side of the story, no-ip seems to be pretty bad about dealing with malware, and Microsoft is not the only company to point out no-ip’s malware problem.
The first thing that struck me about this case is: “the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats.”
I’m curious what the extent of the re-routing was, i.e., how much legitimate traffic was Microsoft allowed to sniff?
The second thing that struck me is also part of Microsoft’s statement: “their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.”
I think Microsoft should be held accountable for pushing an operating system that is so partial to malware that it harms Microsoft, its customers, and the public at large.
What about this judge?
How the hell do people like this get appointed as a judge? Obviously someone willing to stretch for a major Corporation maybe for return favors down the road? Watch for this “Judge” to get a nice job working for an MS company sometime in the future.
Re: What about this judge?
“How the hell do people like this get appointed as a judge? Obviously someone willing to stretch for a major Corporation maybe for return favors down the road? Watch for this “Judge” to get a nice job working for an MS company sometime in the future.”
Or maybe just someone unfamiliar with Microsoft’s history, both inside and outside the courtroom. One would think that a corporation caught fabricating evidence in the past court cases might be subject to somewhat sceptical scrutiny, it’s corporate magnificence not withstanding…
rediculous
I cannot believe this judge allowed this to happen.
I think its great that Microsoft wants to clean up malware but holy fck. It seems like Microsoft misrepresented the issue in court and asked for more than they should have legally expected to get.
This judge must have been naive enough to not comprehend what she was doing.
I still have clients that are down because of this. Microsoft may have claimed to corrected their issue but I am getting intermittent timeouts and unresolved addresses.
We use noip for migrations of client systems to cloud services… oddly like Microsoft 365. It allows for instantaneous control of DNS when we do migrations or need to provide access to short term services.
wtf was microsoft thinking.
Please please someone launch a class action. Everyone involved in this decision seems to have been negligent.
Quantifying The Damage
If you’ve been caught up in all this and you’ve lost time, money, sanity or anything else, I want to know! Microsoft cannot be allowed to get away with ignoring the scale of the damage they’ve done, but the only way to do that is to quantify it! Come to http://www.nerdcore.org.uk, check out the blog post for details on how to send me your outage war stories!
Still, appropriate due process matters
Even if you believe your reputation is being harmed, you still need to demonstrate that in court, according to due process. In the United States, that due process includes the defendant’s right to face its accuser in that court. That didn’t happen here; it was Microsoft and a judge, with nobody from No-IP there. That’s the key–with nobody from No-IP there. Whether you like Microsoft or not, that still needed to happen, and that judge needs to be impeached and removed for allowing this to happen.
–SYG