Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process
from the not-so-sure-that's-true... dept
Earlier today, we wrote about a ridiculous situation in which Microsoft was able to convince a judge to let it seize a bunch of popular domains from No-IP.com, the popular dynamic DNS provider, routing all their traffic through Microsoft servers, which were unable to handle the load, taking down a whole bunch of websites. Microsoft claimed that this was all part of a process of going after a few malware providers, though No-IP points out that Microsoft could have easily contacted them and the company’s fraud and abuse team would have cut off those malware providers.
A little while ago, Microsoft PR emailed over the following, somewhat questionable claim from David Finn, the company’s Executive Director and Associate General Counsel, Digital Crimes Unit, in which he claims that all of that collateral damage was merely a “technical error” and it’s all good now:
?Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners? knowledge through the abuse of No-IP, an Internet solutions service. Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.?
I’m sorry, but that excuse just doesn’t cut it, given the legal documents that we posted, which clearly showed that Microsoft made No-IP’s parent company, Vitalwerks, out to be a part of a criminal conspiracy. The judge specifically said:
There is good cause to believe that, unless the Defendant Vitalwerks is restrained and enjoined by Order of this Court, immediate and irreparable harm will result from its ongoing violations the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125) and the common law of negligence. The evidence set forth in Microsoft?s TRO Motion, and the accompanying declarations and exhibits, demonstrate that Microsoft is likely to prevail on its claim that this Defendant has engaged in violations of the foregoing laws through one or more of the following:
a. Leasing to Malware Defendants No-IP sub-domains containing Microsoft?s protected marks; and
b. Negligently enabling Malware Defendants to participate in illegal acts, and failing to take sufficiently corrective action to stop and prevent the abuse of its services, all of which harms Microsoft, Microsoft?s customers, and the general public.
That’s not a “technical error.” That’s Microsoft blatantly making an extreme claim that convinced a judge to hand over a whole bunch of domain names without any kind of due process or adversarial hearing. While Microsoft may have then had a technical error on top of that, what kicked this off was a very, very big legal error.
Filed Under: domain seizure, dynamic dns, ex parte, malware, technical error
Companies: microsoft, no-ip, vitalwerks
Comments on “Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process”
technical error... actual snort reading that...
A technical error is a BSOD.
This is obviously gross, gross incompetence and/or pure outright maliciousness. Microsoft needs to seriously look into internal firings for this one…
Been following TD for quite a while. Good job, thanks. Lately though (about last 3 days) the posts all have garbled letters. This garble is always in the parts where you insert a quote from another source. Getting a lot harder to read. Anybody else see this? I’m using same browser as always. Anyway, thanks all.
Re: Re:
Ahh.. it only happens in TD Lite. Which is a lot easier to use on my tablet. That being the idea, I suppose.
Re: Re: Re:
I have noticed this in TDLite too.
Re: Re: Re: Re:
TD Lite isn’t setting char encoding UTF8. I tried in Firefox – which has the ability to switch a page to another encoding. When a page first comes up in TD Lite, it’s Window 1252. Switching to UTF8 fixes the garble. In TD regular, it comes up in UTF8 by default so all looks well. Okay, hope you guys can fix it. Keep on dirting.
(oops, stuck my reply down the thread by mistake)
Re: Re: Re:
No.
I’ve also seen this with Techdirt regular. There may be more than one place where UTF-8 vs Windows-1252 charset issues occur.
Re: Re: Re: Re:
Yeah, I quoted a paragraph (Supreme Court quote) in one of TD’s posts to point something out in a reply to someone on the normal web version the other day, & the internal quotation marks & an apostrophe came up as ? in diamonds.
I assume this is the kind of thing being mentioned.
I’ve been wondering what happened.
Re: Re: Re:2 Re:
Yes.
The page where the comment you linked to is being displayed contains:
However, your comment there is actually using Windows-1252 characters for the quote marks and apostrophe.
Re: Re:
Yes.
Near as I can tell, it’s a charset issue. The comments are displaying in UTF-8. Comment submission starts in UTF-8, however, after preview, the charset defaults to Windows-1252.
More specifically: The page reached at http://www.techdirt.com/comment_process.php apparently doesn’t specify a charset (and thus defaults to Windows-1252), while the rest of the site is specifying UTF-8 explicitly.
Fixed?
funny…my account through no-ip still isn’t working….nor is my works account…
Re: Fixed?
Same here. Fixed, my a**!
Re: Re: Fixed?
My site is still down here, too…
Re: Re: Re: Fixed?
The Ex Parte TRO posted in the previous article was signed by United States District Judge Gloria M. Navarro.
I wouldn’t recommend telephoning Judge Navarro to complain without having yourself a lawyer.
Re: Fixed?
Umm… It’s 8am the next morning. My one site I left routed through no-ip is still down.
http://www.cordcutterinfo.com/
Re: Re: Fixed?
Ummm, I don’t see the relation to no-ip dns services. This is what I’m seeing, with some snippage:
And also with snippage:
Why is your outage related to the no-ip dns seizure? I don’t understand what you mean by “left routed through no-ip”.
Re: Re: Re: Fixed?
Oh, I see now.
And servehttp.com is one of the no-ip domains. Sorry. I didn’t follow the chain all the way the www domain.
Re: Re: Fixed?
Rex said on Jul 2nd, 2014 @ 5:06am
> My one site I left routed through no-ip is still down.
I just tried it – It’s still down 12 hours later.
On what I assume was july 2, Microsoft said:
> As of 6 a.m. Pacific time today, all service was restored.
Re: Fixed?
“Takedown of No-IP by Microsoft impacts 1.8M customers“, by Steve Ragan, CSO, Jul 2, 2014
(Emphasis altered).
Wednesday is today, July 2, 2014.
Except it is not fixed
The no-ip.biz subdomains that are not implicated in spreading malware are NOT working.
Step 1. Find some existing subdomains in the no-ip.biz domain:
https://www.google.com/search?q=site%3Ano-ip.biz
Step 2. Check that the subdomains are not in Microsoft’s list at http://www.noticeoflawsuit.com/docs/A%20-%20List%20of%20No-IP%20Malware%20Sub-domains.pdf
Step 3. Look up those domains to see if they resolve:
dig http://www.confex.no-ip.biz
; DiG 9.9.3-P2 http://www.confex.no-ip.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER DiG 9.9.3-P2 wowsulvus.no-ip.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER
Obviously false
Even if we assume that Microsoft tried to continue offering service to the non-malware customers, how would they do it if they seized the domains without the cooperation of Vitalwerks? When the domains got seized, the domain record was changed to point to different DNS servers that are under the control of Microsoft. Vitalwerks customers using subdomains would be unable to register changes to their dynamic IP addresses unless Microsoft somehow (without the knowledge of, or the cooperation of Vitalwerks) mimicked the Vitalwerks dynamic DNS API. How could Microsoft do this without the Vitalwerks customer account information? Answer: They cannot. Somebody is trying to do some damage control.
Re: Obviously false
i think it was over at soylent news, but one uber-nerd had a complete technical explanation for how MS fucked up BEYOND the legal shenanigans, and did a technical snafu which not only borked the legit customers they were supposedly leaving unscathed, but also messed up their own ‘honey pot’ game and gave the (so-called) perps enough head start to get the puck out of dodge…
TD Lite isn’t setting char encoding UTF8. I tried in Firefox – which has the ability to switch a page to another encoding. When a page first comes up in TD Lite, it’s Window 1252. Switching to UTF8 fixes the garble. In TD regular, it comes up in UTF8 by default so all looks well. Okay, hope you guys can fix it. Keep on dirting.
No, not an error, but a huge scam and abuse of their power and a tech-illiterate bench-warmer.
MS has long experience working with the network security community in blackholing domains and such. Beyond their “networking error”, there is no reason to claim No IP or their parent is malicious. Not one element of this is believable. If any of it turns out to be actually true, it is such a display of gross incompetence that MS should have a whacking chunk of their IP ranges removed from them for a day.
Re: Re:
Why not all? And let Vitalwerks control them.
As I’ve said before: reciprocity is a b**ch.
Bridge in Brooklyn anyone?
Seems like a good deal from Microsoft, of course….
I hope they are in for some serious sanctions for fraud upon the court.
As for perps getting out of dodge…well, no-ip wasn’t exactly a cool spot in the first place. Not that a few spam-bot computers might not have gotten a little wipe yesterday..
Now, can I go to this same judge, convince him that Microsoft is supporting scammers with IE and Windoze, and get all of Microsoft’s DNS records???
Re: Bridge in Brooklyn anyone?
No.
Microsoft is large, reputable corporation. You simply do not have equal justice under law.
That phrase, “Equal justice under law”, may be carved in stone in front of the Supreme Court building. But –whether or not it ever really worked that way– it doesn’t work that way now.
Turnabout is fair
I see that the noticeoflawsuit site run by Microsoft’s lawyers Shook, Hardy & Bacon is using IIS 6.0, an unsupported and exploited server.
For the good of the Internet, the court should take away their control of that domain until they clean up their act.
Re: Turnabout is fair
So make it spam or DOS the court? Leave them with a huge PACER bill as they pull an Aaron Schwartz and send everything to RECAP?
Turnabout in the PUBLIC service is even better!
Re: Re: Turnabout is fair
Now now, I’m not suggesting anything illegal. (Well, no more illegal than Microsoft misrepresenting the situation to some hick court in a sneak attack.)
So the judge determined, based on the say of Microsoft, that their was good cause to believe that there were violations of the common law [tort] of negligencene
Without going into the pedantics of not being able to specifically violate/breach negligence since it isn’t legislation this is quite true.
Except that Microsoft themselves now have negligently allowed through their actions harm to occur through their absolute breach of duty (since they so willingly state they have standing to acquire property they then have a duty to that property)
This is another instance of Microsoft’s egotistical nature stating to all and sundry that they and they alone know best about how to do things and they can do no wrong, not to mention that they THINK own any data etc coming via their software/databases/pipes/whatever.
David Finn by his inane and vacuous comments has now placed himself in the firing line of all this.. Good job David, the moron award is in the bag for you this month/year.
So do I understand correctly, Microsoft ran a man-in-the-middle attack because malware? How is it that some judge would sign off on this?
Very unhappy about Microsoft actions
I hope Microsoft fixes this mess they created. my VPN are down because of their stupidity. My boss is not going to be happy.
We got sprung trying to pull a swifty and now we’re really really really sorry (holds onion under each eye). Puppet judge or technical ignoramus baffled by Microsoft bullshit?
Someone died...
Somewhere someone died with a non-functional camera or security or VOIP system. We need to find them and NEVER let Microsoft off the hook.
so where is the DOJ on this?
Given what they did to Arron Schwartz, there should be a whole herd of MS lemmings stampeding to an ocean-side cliff. We all know that MS’s greatest attribute is lying,almost as good as the DOJ’s.
$200k bond
So the $200k bond that Microsoft posted should be No-IP.com’s for the taking now, right?
Re: $200k bond
$200,000 / 4,000,000 sites down = 1 nickel / site.
I doubt anyone’s going to see their nickel. But do the math yourself.
Re: Re: $200k bond
If I had a nickel for every time MS shut down somebody’s website…
Microsoft vs NoIP
My Monday http://www.reddit.com/r/technology/comments/29idwc/court_authorizes_microsoft_to_take_over_as_noip/ comment on this:
“As I’m understanding this, Microsoft is blaming a DNS providing company for Microsoft Customer’s PCs being hacked which is possible because the Microsoft operating system is flawed and easily hacked. It just happens that some of the hacked machines are using some of no-ip.com’s free subdomains to talk to the command & control computers. So rather than fixing their defective operating system or shutting down the offending user’s computers, they decide to steamroller a small company by making wild and unproven claims to a federal judge that only quick action will… do what? And for how long? And the only penalty for Microsoft is a $200k bond?
Microsoft filed their suit with the court on June 19th, with the court requiring no-ip.com to appear in 30 days. Then Microsoft convinces the court to issue a TOR allowing them to take over 22 noip.com (both free and paid) subdomains, saying they can provide adequate service and implying noip.com’s customers won’t suffer an impact, effective June 30. Noip.com was not given time to react or object. And noip.com customers are being impacted, nothing is resolving on Microsoft’s DNS. So email is down, websites are down and who knows what else. All because Microsoft’s operating systems have exploitable defects.
I do not think I wish to know these Microsoft people. “
I have over 30 VPN clients using one of the seized domains. The only ones working are ones for whom the IP has not changed . Class action, anyone? Where are our lawyers?
Secondary liability?
In a previous story, the Austrian government is prosecuting the owner of a Tor exit node for contributing to criminal activity.
When will someone prosecute Microsoft for similar liability since malware-makers take advantage of security holes in IE and Windows? Or is okay when Microsoft does it because the security holes “just happen” and they didn’t do it on purpose?
Will the real Micro$oft stand up!
Hummm, I get calls all the time from a Micro$oft technician? With a very strong Telugu accent trying to tell me my Micro$oft based computer is sending out malware. He hangs up when I tell him I use Linux (which I do). Is it the same group? The judge probably won the Nigerian lottery also!
So Microsoft, a tech company, made a pretty grievous “technical error.” Well, if they aren’t able to prevent technical errors in the *technical realm* – their one claim to fame – why should they be trusted in any? (Judges take note.)
thanks
Is it the same group? The judge probably won the Nigerian lottery also!free subdomains to talk to the command & control computers. So rather than fixing their defective operating system or shutting down the offending user’s computers, they decide to steamroller a small company by making wild and unproven claims to a federal judge that only quick action will