Slashdot Mirror
Microsoft Takes Down No-IP.com Domains
An anonymous reader writes For some reason that escapes me, a Judge has granted Microsoft permission to hijack NoIP's DNS. This is necessary according to Microsoft to thwart a "global cybercrime epidemic" being perpetrated by infected machines running Microsoft software.
No-IP is a provider of dynamic DNS services (among other things). Many legitimate users were affected by the takedown: "This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives. ... We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening."
This is their business the court decided to hand over to Microsoft. Lawsuits should be flying in all directions.
The best money could buy.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Does not seem legal.
It's legal if the law says it is. And when the lawmakers are in bed with Big Business, like they are in the US, anything goes.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
So after decades of the community putting Microsoft on notice that HotMail is abused by spammers, can I sieze the domain name?
property used to engage in criminal activity is subject to seizure and/or forfeiture. Domains have been seized in the past due to criminal activity but this has usually accompanied a criminal complaint by a law enforcement agency.
In this case, despite what the article may imply, Microsoft hasn't seized ownership of the domains. Rather, they used an ex parte temporary restraining order to seize control of the domains so that they may neutralize the source of the maliciousness. The ex-parte aspect is why no-ip wasn't notified. Microsoft managed to convince a judge to grant the order without informing the other party (most likely to prevent no-ip from notifying the malicious users). This will be followed up by a formal hearing, and full control of the domains will be restored to no-ip eventually.
If Microsoft abuses this, judges won't be so inclined to grant such requests in the future.
property used to engage in criminal activity is subject to seizure and/or forfeiture. Domains have been seized in the past due to criminal activity but this has usually accompanied a criminal complaint by a law enforcement agency.
In this case, despite what the article may imply, Microsoft hasn't seized ownership of the domains. Rather, they used an ex parte temporary restraining order to seize control of the domains so that they may neutralize the source of the maliciousness. The ex-parte aspect is why no-ip wasn't notified. Microsoft managed to convince a judge to grant the order without informing the other party (most likely to prevent no-ip from notifying the malicious users). This will be followed up by a formal hearing, and full control of the domains will be restored to no-ip eventually.
If Microsoft abuses this, judges won't be so inclined to grant such requests in the future.
Most people I know that use no-ip are people setting up their own minecraft servers its not a hotbed of criminal activivty like MS claims. I use it for my ssh server/freeciv/cloud storage/retroshare and it has been inaccessibly today thanks to microsofts fuckery. claiming that they are a tool of criminal activity is like saying that the internet is a tool of criminal acivity because criminals use it, which is to say anything may be taken away and given to another with this same logic.
I wonder seeings as Microsoft has fucked with my servers traffic today thanks to this could I go after in court them for maliciously hijacking my sub domain and traffic and have their DNS entries redirect to me with no warning to microsoft.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
i wonder if the same court would let you take update.microsoft.com and redirct it to ftp.debian.org using this reasoning
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
So, Microsoft's argument was that they needed to hijack thousands of computers, secretly redirect them and put people in financial strain... so that someone else couldn't hijack thousands of computers, secretly redirect them and put people in financial strain?
Great plan, fuckwits!
A quick skim of the motion for the court order gave me the "boilerplate" and "cut & paste" feeling. There is a lot of sloppy line blurring between actions and complaints directed at the Malware authors and the no-ip folks. Sometimes they refer to the "Malware Defendants" and other times the generic "Defendants" when they meant the former. Really sloppy legal work.
There are some real gems in there:
From section 7:
"There is good cause to believe that immediate and irreparable damage to this Court’s ability to grant effective final relief will result from the sale, transfer, or other disposition or concealment by Defendants of the Internet domains at issue"
Say what? How is that related anything? Its not like the TRO will actually prevent people from being able to hit 'delete' via the control panel. Given that everything's busted by their own doing, the bad guys got a huge head start.
From section 8: ..." ...
"... and the interest of justice require that this Order be Granted without prior notice to Defendants
Wow
The full motion text: http://www.noticeoflawsuit.com...
It seems to me that regardless of what good intentions that Microsoft may have had, they've really fouled up the execution. They'll be remembered more for taking out millions of legitimate users than the malware they *might* be able to take down.
I looked up this "minecraft" of which you speak, and it seems to be some crudely archaic simulation where you wander round indiscriminately smashing rocks together and killing animals - basically a terrorism simulator. I fail to see why anyone would support the use of this software.
Lots of terrorism-simulator apologists say it's something called an Indy game, but it bears absolutely no comparison with any of the Harrison Ford films (and in any case, an Indy game would require royalty payments to LucasArts which we can find no record of). It doesn't have a proper company behind it like EA or Zynga but only a nebulous cloud of anonymous people known as "notch".
Not only that, it seems that the hacker group "notch" had their paypal account suspended several years ago due to money laundering and other suspicious activities.
Frankly anyone who uses this simulator or supports the filth behind it deserves everything they get.
Richard Domingues
Moderation Total: -1 Troll, +3 Goat
IAAL (but this isn't legal advice). I noticed that it was an ex parte hearing, which is why this whole mess occurred. They're useful for preventing domestic violence, but ripe for abuse in all contexts. NO-IP should be moving for an emergency hearing and the whole issue should be resolved within hours. Beyond that, NO-IP should follow-up with a suit for damages (I suspect MS will pull the we-got-a-court-order card and NO-IP gets to respond back with you lied to the court. It all goes nowhere and they settle).
The more interesting aspect is the disrupted users. While MS moved against NO-IP ex parte, they apparently made assertions that they would keep the service functioning properly. They've failed there and suits are now possible for those failures. More interestingly, however, is whether MS was recording, manipulating, or in any other way playing with the traffic. If so, there are some excellent wiretap statutes waiting to be had.
I, sadly, didn't have an NO-IP account, but if I did, I'd be heading to the court house this afternoon. This is what happens when you skip due process, let a to-big-to-fail corporation do whatever it wants to private corporations through the guise of the courts. Corruption at it's finest. MS should be bludgeoned thoroughly enough to at least think twice before attempting it again.
I don't know where you went to school, but you should ask for a refund. Or read up on basic percentage calculations.
Microsoft claims that 93% of the malware traffic is traced to No-IP. But that says nothing about the total amount of traffic for No-IP, nor does it say anything about the total volume of legitimate domains. Malware traffic could be as little as 1% on No-IP's infrastructure while still accounting for 93% of malware DDNS traffic.
It is completely wrong to state that 93% of No-IP domains are hosting malware. A large number of legitimate customers are being affected by this, and Microsoft is not resolving their DDNS domains correctly (as promised). The actual percentage of legitimate vs malicious domains is unknown, as is the distribution of legit/malicious traffic.
Also, Microsofts claims are disputed by No-IP, so we should not take them at face value. No real evidence of malice has been proven (yet), which makes it extremely questionable that this was conducted ex parte.
Finally, the fact that No-IP was a favorite for malware is not (or should not be) in itself sufficient to take control of the domains like this. I sincerely hope Microsoft can prove No-IP did not respond properly to requests. Or that they can document that an extremely large portion of total traffic on No-IP was malware (which we know nothing about at this point).
Simply quoting the 93% number is a pile of BS. I can't stand by itself. I can say with certainty that at least 93% of the Nigerian scam mail I have received the last year has used a hotmail.com or outlook.com account. But surely this does not prove that Microsoft is willingly aiding Nigerian scammers and that their domains should be seized?
My security clearance is so high I have to kill myself if I remember I have it...