Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process

from the not-so-sure-that's-true... dept

Earlier today, we wrote about a ridiculous situation in which Microsoft was able to convince a judge to let it seize a bunch of popular domains from No-IP.com, the popular dynamic DNS provider, routing all their traffic through Microsoft servers, which were unable to handle the load, taking down a whole bunch of websites. Microsoft claimed that this was all part of a process of going after a few malware providers, though No-IP points out that Microsoft could have easily contacted them and the company’s fraud and abuse team would have cut off those malware providers.

A little while ago, Microsoft PR emailed over the following, somewhat questionable claim from David Finn, the company’s Executive Director and Associate General Counsel, Digital Crimes Unit, in which he claims that all of that collateral damage was merely a “technical error” and it’s all good now:

?Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners? knowledge through the abuse of No-IP, an Internet solutions service. Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.?

I’m sorry, but that excuse just doesn’t cut it, given the legal documents that we posted, which clearly showed that Microsoft made No-IP’s parent company, Vitalwerks, out to be a part of a criminal conspiracy. The judge specifically said:

There is good cause to believe that, unless the Defendant Vitalwerks is restrained and enjoined by Order of this Court, immediate and irreparable harm will result from its ongoing violations the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125) and the common law of negligence. The evidence set forth in Microsoft?s TRO Motion, and the accompanying declarations and exhibits, demonstrate that Microsoft is likely to prevail on its claim that this Defendant has engaged in violations of the foregoing laws through one or more of the following:

a. Leasing to Malware Defendants No-IP sub-domains containing Microsoft?s protected marks; and
b. Negligently enabling Malware Defendants to participate in illegal acts, and failing to take sufficiently corrective action to stop and prevent the abuse of its services, all of which harms Microsoft, Microsoft?s customers, and the general public.

That’s not a “technical error.” That’s Microsoft blatantly making an extreme claim that convinced a judge to hand over a whole bunch of domain names without any kind of due process or adversarial hearing. While Microsoft may have then had a technical error on top of that, what kicked this off was a very, very big legal error.

Filed Under: , , , ,
Companies: microsoft, no-ip, vitalwerks

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process”

Subscribe: RSS Leave a comment
44 Comments
David says:

Been following TD for quite a while. Good job, thanks. Lately though (about last 3 days) the posts all have garbled letters. This garble is always in the parts where you insert a quote from another source. Getting a lot harder to read. Anybody else see this? I’m using same browser as always. Anyway, thanks all.

David says:

Re: Re: Re: Re:

TD Lite isn’t setting char encoding UTF8. I tried in Firefox – which has the ability to switch a page to another encoding. When a page first comes up in TD Lite, it’s Window 1252. Switching to UTF8 fixes the garble. In TD regular, it comes up in UTF8 by default so all looks well. Okay, hope you guys can fix it. Keep on dirting.

(oops, stuck my reply down the thread by mistake)

Lurker Keith says:

Re: Re: Re: Re:

Yeah, I quoted a paragraph (Supreme Court quote) in one of TD’s posts to point something out in a reply to someone on the normal web version the other day, & the internal quotation marks & an apostrophe came up as ? in diamonds.

I assume this is the kind of thing being mentioned.

I’ve been wondering what happened.

Anonymous Coward says:

Re: Re: Re:2 Re:

I assume this is the kind of thing being mentioned.

Yes.

The page where the comment you linked to is being displayed contains:

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

However, your comment there is actually using Windows-1252 characters for the quote marks and apostrophe.

Anonymous Coward says:

Re: Re:

Anybody else see this?

Yes.

Near as I can tell, it’s a charset issue. The comments are displaying in UTF-8. Comment submission starts in UTF-8, however, after preview, the charset defaults to Windows-1252.

More specifically: The page reached at http://www.techdirt.com/comment_process.php apparently doesn’t specify a charset (and thus defaults to Windows-1252), while the rest of the site is specifying UTF-8 explicitly.

Rex (profile) says:

Re: Fixed?

“Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.”

Umm… It’s 8am the next morning. My one site I left routed through no-ip is still down.

http://www.cordcutterinfo.com/

Anonymous Coward says:

Re: Re: Fixed?

Ummm, I don’t see the relation to no-ip dns services. This is what I’m seeing, with some snippage:

$ whois cordcutterinfo.com

Last update of whois database: Wed, 02 Jul 2014 17:14:03 UTC

Name Server: YNS1.YAHOO.COM
Name Server: YNS2.YAHOO.COM

And also with snippage:

$ host -v -t A cordcutterinfo.com yns2.yahoo.com;;

ANSWER SECTION:
cordcutterinfo.com. 600 IN A 96.28.138.109

;; AUTHORITY SECTION:
cordcutterinfo.com. 86400 IN NS yns2.yahoo.com.
cordcutterinfo.com. 86400 IN NS yns1.yahoo.com.

Received 96 bytes from 98.139.247.192#53 in 95 ms

Why is your outage related to the no-ip dns seizure? I don’t understand what you mean by “left routed through no-ip”.

Anonymous Coward says:

Re: Re: Re: Fixed?

Oh, I see now.

$ host -v http://www.cordcutterinfo.com yns2.yahoo.com

Trying "www.cordcutterinfo.com"
Using domain server:
Name: yns2.yahoo.com
Address: 98.139.247.192#53
Aliases:

;; ->>HEADER<&lt:- opcode: QUERY, status: NOERROR, id: 53345
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.cordcutterinfo.com. IN A

;; ANSWER SECTION:
http://www.cordcutterinfo.com. 600 IN CNAME cordcutterinfo.servehttp.com.

Received 79 bytes from 98.139.247.192#53 in 92 ms

And servehttp.com is one of the no-ip domains. Sorry. I didn’t follow the chain all the way the www domain.

Anonymous Coward says:

Re: Fixed?

Takedown of No-IP by Microsoft impacts 1.8M customers“, by Steve Ragan, CSO, Jul 2, 2014

Note: This is an update to the original story….

… At current count, 1,832,133 customers were impacted by Microsoft’s takedown of No-IP, which directly translates to more than 4 million hostnames….

… By Wednesday morning, service was still unaviliable to many No-IP customers using one of the 23 domains controlled by Microsoft….

(Emphasis altered).

Wednesday is today, July 2, 2014.

Whoever says:

Except it is not fixed

The no-ip.biz subdomains that are not implicated in spreading malware are NOT working.

Step 1. Find some existing subdomains in the no-ip.biz domain:
https://www.google.com/search?q=site%3Ano-ip.biz

Step 2. Check that the subdomains are not in Microsoft’s list at http://www.noticeoflawsuit.com/docs/A%20-%20List%20of%20No-IP%20Malware%20Sub-domains.pdf

Step 3. Look up those domains to see if they resolve:
dig http://www.confex.no-ip.biz

; DiG 9.9.3-P2 http://www.confex.no-ip.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER DiG 9.9.3-P2 wowsulvus.no-ip.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER

Jeff says:

Obviously false

Even if we assume that Microsoft tried to continue offering service to the non-malware customers, how would they do it if they seized the domains without the cooperation of Vitalwerks? When the domains got seized, the domain record was changed to point to different DNS servers that are under the control of Microsoft. Vitalwerks customers using subdomains would be unable to register changes to their dynamic IP addresses unless Microsoft somehow (without the knowledge of, or the cooperation of Vitalwerks) mimicked the Vitalwerks dynamic DNS API. How could Microsoft do this without the Vitalwerks customer account information? Answer: They cannot. Somebody is trying to do some damage control.

art guerrilla (profile) says:

Re: Obviously false

i think it was over at soylent news, but one uber-nerd had a complete technical explanation for how MS fucked up BEYOND the legal shenanigans, and did a technical snafu which not only borked the legit customers they were supposedly leaving unscathed, but also messed up their own ‘honey pot’ game and gave the (so-called) perps enough head start to get the puck out of dodge…

David says:

TD Lite isn’t setting char encoding UTF8. I tried in Firefox – which has the ability to switch a page to another encoding. When a page first comes up in TD Lite, it’s Window 1252. Switching to UTF8 fixes the garble. In TD regular, it comes up in UTF8 by default so all looks well. Okay, hope you guys can fix it. Keep on dirting.

orbitalinsertion (profile) says:

No, not an error, but a huge scam and abuse of their power and a tech-illiterate bench-warmer.

MS has long experience working with the network security community in blackholing domains and such. Beyond their “networking error”, there is no reason to claim No IP or their parent is malicious. Not one element of this is believable. If any of it turns out to be actually true, it is such a display of gross incompetence that MS should have a whacking chunk of their IP ranges removed from them for a day.

Christenson says:

Bridge in Brooklyn anyone?

Seems like a good deal from Microsoft, of course….
I hope they are in for some serious sanctions for fraud upon the court.
As for perps getting out of dodge…well, no-ip wasn’t exactly a cool spot in the first place. Not that a few spam-bot computers might not have gotten a little wipe yesterday..

Now, can I go to this same judge, convince him that Microsoft is supporting scammers with IE and Windoze, and get all of Microsoft’s DNS records???

Anonymous Coward says:

Re: Bridge in Brooklyn anyone?

Now, can I go to this same judge, convince him…

No.

Microsoft is large, reputable corporation. You simply do not have equal justice under law.

That phrase, “Equal justice under law”, may be carved in stone in front of the Supreme Court building. But –whether or not it ever really worked that way– it doesn’t work that way now.

G Thompson (profile) says:

So the judge determined, based on the say of Microsoft, that their was good cause to believe that there were violations of the common law [tort] of negligencene

Without going into the pedantics of not being able to specifically violate/breach negligence since it isn’t legislation this is quite true.

Except that Microsoft themselves now have negligently allowed through their actions harm to occur through their absolute breach of duty (since they so willingly state they have standing to acquire property they then have a duty to that property)

This is another instance of Microsoft’s egotistical nature stating to all and sundry that they and they alone know best about how to do things and they can do no wrong, not to mention that they THINK own any data etc coming via their software/databases/pipes/whatever.

David Finn by his inane and vacuous comments has now placed himself in the firing line of all this.. Good job David, the moron award is in the bag for you this month/year.

RadioHacktive says:

Microsoft vs NoIP

My Monday http://www.reddit.com/r/technology/comments/29idwc/court_authorizes_microsoft_to_take_over_as_noip/ comment on this:

“As I’m understanding this, Microsoft is blaming a DNS providing company for Microsoft Customer’s PCs being hacked which is possible because the Microsoft operating system is flawed and easily hacked. It just happens that some of the hacked machines are using some of no-ip.com’s free subdomains to talk to the command & control computers. So rather than fixing their defective operating system or shutting down the offending user’s computers, they decide to steamroller a small company by making wild and unproven claims to a federal judge that only quick action will… do what? And for how long? And the only penalty for Microsoft is a $200k bond?

Microsoft filed their suit with the court on June 19th, with the court requiring no-ip.com to appear in 30 days. Then Microsoft convinces the court to issue a TOR allowing them to take over 22 noip.com (both free and paid) subdomains, saying they can provide adequate service and implying noip.com’s customers won’t suffer an impact, effective June 30. Noip.com was not given time to react or object. And noip.com customers are being impacted, nothing is resolving on Microsoft’s DNS. So email is down, websites are down and who knows what else. All because Microsoft’s operating systems have exploitable defects.

I do not think I wish to know these Microsoft people. “

John85851 (profile) says:

Secondary liability?

In a previous story, the Austrian government is prosecuting the owner of a Tor exit node for contributing to criminal activity.
When will someone prosecute Microsoft for similar liability since malware-makers take advantage of security holes in IE and Windows? Or is okay when Microsoft does it because the security holes “just happen” and they didn’t do it on purpose?

mepha31 (user link) says:

thanks

Is it the same group? The judge probably won the Nigerian lottery also!free subdomains to talk to the command & control computers. So rather than fixing their defective operating system or shutting down the offending user’s computers, they decide to steamroller a small company by making wild and unproven claims to a federal judge that only quick action will

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...