Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Microsoft Networking Security The Courts The Internet Your Rights Online

Microsoft Takes Down No-IP.com Domains 495

An anonymous reader writes For some reason that escapes me, a Judge has granted Microsoft permission to hijack NoIP's DNS. This is necessary according to Microsoft to thwart a "global cybercrime epidemic" being perpetrated by infected machines running Microsoft software. No-IP is a provider of dynamic DNS services (among other things). Many legitimate users were affected by the takedown: "This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives. ... We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening."
This discussion has been archived. No new comments can be posted.

Microsoft Takes Down No-IP.com Domains

Comments Filter:
  • Good judge (Score:5, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Tuesday July 01, 2014 @12:12AM (#47357049)

    The best money could buy.

  • Re:WTF (Score:5, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Tuesday July 01, 2014 @12:15AM (#47357073)

    Does not seem legal.

    It's legal if the law says it is. And when the lawmakers are in bed with Big Business, like they are in the US, anything goes.

  • by brodock ( 1568447 ) on Tuesday July 01, 2014 @12:18AM (#47357095)
    And it's microsoft.com, the creator and perpetrator of Internet Explorer and Windows, the two biggest malwares ever invented. They should be shutdown immediately. Thanks.
  • by QuietLagoon ( 813062 ) on Tuesday July 01, 2014 @12:24AM (#47357143)
    Microsoft has pushed upon the world (literally, the world) software that has a history of security issues.

    Now it appears that Microsoft is using their reputation for producing security-challenged software to badger companies for PR purposes. The headlines will all read, ~Microsoft takes down a company that is a security threat~. And Microsoft will look good in the headline.

    But what has Microsoft really accomplished? Will Microsoft's reputation for software with abysmal security be changed? Or will a small company be crushed because a huge company is trying to look good?

  • by Anonymous Coward on Tuesday July 01, 2014 @12:24AM (#47357145)

    Microsoft has way more money than whichever company that owns No-ip does. They can't sue and win. Microsoft wouldn't even need to bribe the judge, they can just use scorched earth tactics and let the lawyers suck more and more money until No-ip is dry.
    Also, apparently No-ip didn't appear when summoned. Apparently, that's kinda of a big no-no. Maybe next time they will buy their domains somewhere with proper laws.

  • Overdue (Score:4, Insightful)

    by networkzombie ( 921324 ) on Tuesday July 01, 2014 @01:56AM (#47357597)
    Why is anyone surprised about this? I've been reading articles for over a year about No-IP and the abuse that they seemingly allow. They say they are working hard to stop the malicious software plowing through their service, but obviously they are not working hard enough. No one contacted No-IP to tell them that their service was being used to spread malware?


    April 2013: http://labs.opendns.com/2013/0... [opendns.com]

    Sept 2013: No-IP is a preferred choice for other similar attacks for command and control infrastructure: http://threatpost.com/njw0rm-a... [threatpost.com]

    Feb 2014: Even Cisco said their domains were being abusive and they posted to complain that Cisco didn't contact them. http://www.noip.com/blog/2014/... [noip.com]

    Looks to me like they should have contacted Microsoft and asked them for help. I guess they waited too long.

  • Wait a second... (Score:5, Insightful)

    by FuzzNugget ( 2840687 ) on Tuesday July 01, 2014 @02:02AM (#47357631)

    So, Microsoft's argument was that they needed to hijack thousands of computers, secretly redirect them and put people in financial strain... so that someone else couldn't hijack thousands of computers, secretly redirect them and put people in financial strain?

    Great plan, fuckwits!

  • by sosume ( 680416 ) on Tuesday July 01, 2014 @04:38AM (#47358191) Journal

    Because all other vendors produce flawless secure software? Dream on..

  • by Anonymous Coward on Tuesday July 01, 2014 @05:05AM (#47358263)

    Sorry, I do blame the judge. He caused major harm and he should have known he would. I also blame the US justice system, because obvious, easily avoidable injustice is a perfectly acceptable outcome in it as long as just all the is were dotted. We all know that making sure things are done by the rules is the real purpose of the courts!
    Honestly, stop making up excuses for your legal system, no it is not acceptable for it to not only allow but actively encourage injustice like yours does, all the time!

  • Security cameras (Score:5, Insightful)

    by Ecuador ( 740021 ) on Tuesday July 01, 2014 @06:01AM (#47358403) Homepage
    Security cameras is another common usage. A low cost installation has some IP cameras on a residential dynamic IP internet service, so you use no-ip for access. I can't access my vacation house feeds today. For all I know there might be gnomes partying around the premises right now. Thanks MS.
  • by thrill12 ( 711899 ) on Tuesday July 01, 2014 @07:00AM (#47358539) Journal
    [grudge mode]I will be sure to claim damages for this, as I am using no-ip for my own server which is perfectly valid and runs no Microsoft software whatsoever (nor will it ever). What judge is so stupid as to do this ???[/grudge mode].
    Did not hear anything from No-ip though ; when I logged in yesterday to find out what was wrong, and why my domain was not resolving, there was no information whatsoever.
  • by Rich0 ( 548339 ) on Tuesday July 01, 2014 @07:11AM (#47358587) Homepage

    Not showing up should not result in a suspension of justice and free reign to dispense outrageous judgements.

    Uhh, that's exactly what happens. It's called a default judgment. What exactly do you think the court should do if a party fails to appear in a civil case?

    The court should consider the validity of the arguments against them and the facts of the case.

    The problem with the US court system is that it is basically like a game show. There are a set of rules and two competitors, and the judge is the referee. If you have a game of jeopardy and only one contestant shows up, they should naturally win. The problem is that this is rarely a just outcome.

    Add to this the fact that courts rarely allow parties to participate remotely. If you're summoned to court you have to show up in person. If you aren't paid to be there, then you probably aren't being paid that day. If the court is on the other side of the country you get to choose between a default judgment, hiring a lawyer to represent you there, or airfare and hotel for a one day appearance.

    Courts really need to be about determining the facts and applying the law, not letting the parties slug it out and declare a winner. If only one party shows up, then the judge can question the other party to determine the facts and apply the law.

  • by Rich0 ( 548339 ) on Tuesday July 01, 2014 @07:23AM (#47358623) Homepage

    The problem is that we substitute "due process" for justice and define due process as whatever the rules of the court says that it is. Are court rules even legislated?

    Ex parte petitions should only be used in the most extreme of circumstances and there should be a high burden of proof before a court grants them.

    Also, even default judgments should work far differently. The court should examine the evidence itself to determine that there is a reasonable chance of prevailing. I'm not saying that the threshold has to be the same as for a summary judgment, but there should still be an examination of the evidence and arguments, and the judge should be skeptical of any evidence submitted. Ideally the court should just appoint an attorney for the side that didn't show up.

    Also, in a country as large as the US we really need to get rid of this system that assumes that both parties will appear in person for everything. It is already a burden to show up to a local court. If you're summoned to a court on the other side of the country that is a huge expense, especially since it might just be for an hour long hearing. There is no reason that hearings couldn't be conducted via phone in many cases. Another option would be to have telepresence rooms at all courthouses so that you'd only have to show up at a local court. Heck, you could probably fit 5x as many courtrooms in a courthouse if instead of a big room you just had a bunch of individual boxes with a desk, a few chairs, and a screen/camera and the court linked the appropriate boxes together to create a courtroom, even if everybody was at the same facility. Also, for popular cases you could have as many people in the "gallery" as you have bandwidth to serve.

  • by Rich0 ( 548339 ) on Tuesday July 01, 2014 @07:27AM (#47358643) Homepage

    However, no-ip has certain legal responsibilities as a service provider and if they don't meet them their legitimate customers may end up getting caught in the crossfire.

    What would those be? They're a DNS provider. Somebody tells them that domain A is IP B, and then somebody asks them what the IP for A is, and they say B.

    They don't carry traffic. No attack would come from their servers.

    I could see a court ordering them to lock an account or remove a domain being used to coordinate malicious activity, and then they'd have a duty to comply. However, that isn't what happened here.

  • by Anonymous Coward on Tuesday July 01, 2014 @07:33AM (#47358665)

    Just wondering... Considering that their main domain was hijacked. How would you expect them to send email?

  • by Sun ( 104778 ) on Tuesday July 01, 2014 @07:43AM (#47358701) Homepage

    Ex parte petitions should only be used in the most extreme of circumstances and there should be a high burden of proof before a court grants them.

    Again, IANAL.

    Still, how can you have a high burden of proof? In an adverserial system, the only things you can prove need two opposing parties to present their case. As such, an ex-parte request does not contain proof at all (how can it?)

    Instead, it contains claims backed by sworn testimony. The judge examines these claims in the light most favorable to the non-present party, but otherwise within the context of the claims presented by the moving party.

    In other words, you cannot second guess the judge's decision without looking at what MS actually wrote in its TRO request. If (as likely happened) MS wrote that no-ip do not remove the offending domains, and that these domains are used on a daily basis to cause huge harm, then a reasonable judge (who, I might remind you, is not technically savvy, and may not realize the implications of granting this order are disrupting no-ip's business) might conclude that granting this Temporary Restraining Order is reasonable.

    So, once again, I think MS were acting like douches. I have no idea whether the judge acted reasonably, and cannot know without looking at MS's petition.


  • by Culture20 ( 968837 ) on Tuesday July 01, 2014 @07:59AM (#47358775)
    1. Extinguish
  • by AmiMoJo ( 196126 ) * <mojoNO@SPAMworld3.net> on Tuesday July 01, 2014 @08:11AM (#47358823) Homepage Journal

    Hard to imagine how the money in escrow will undo the massive damage to no-ip's business. Everyone using the service is right this minute switching to alternatives, changing their DNS settings and updating their routers.

  • Re:WTF (Score:4, Insightful)

    by Dishevel ( 1105119 ) on Tuesday July 01, 2014 @11:19AM (#47360455)
    I think you confuse legal with right or just.

    I can understand your confusion. They do after all call it the Justice system. That though is a lie.

  • by Ecuador ( 740021 ) on Tuesday July 01, 2014 @11:54AM (#47360757) Homepage
    The 93% sounds serious, but it just says that these specific infections choose No-IP.com, which is a very common dynDNS service. You can counter with the fact that 100% of the systems targeted by Bladabindi-Jenxcus infections are vulnerable due to Microsoft software.
  • by SplatMan_DK ( 1035528 ) on Tuesday July 01, 2014 @03:52PM (#47363091) Homepage Journal

    I don't know where you went to school, but you should ask for a refund. Or read up on basic percentage calculations.

    Microsoft claims that 93% of the malware traffic is traced to No-IP. But that says nothing about the total amount of traffic for No-IP, nor does it say anything about the total volume of legitimate domains. Malware traffic could be as little as 1% on No-IP's infrastructure while still accounting for 93% of malware DDNS traffic.

    It is completely wrong to state that 93% of No-IP domains are hosting malware. A large number of legitimate customers are being affected by this, and Microsoft is not resolving their DDNS domains correctly (as promised). The actual percentage of legitimate vs malicious domains is unknown, as is the distribution of legit/malicious traffic.

    Also, Microsofts claims are disputed by No-IP, so we should not take them at face value. No real evidence of malice has been proven (yet), which makes it extremely questionable that this was conducted ex parte.

    Finally, the fact that No-IP was a favorite for malware is not (or should not be) in itself sufficient to take control of the domains like this. I sincerely hope Microsoft can prove No-IP did not respond properly to requests. Or that they can document that an extremely large portion of total traffic on No-IP was malware (which we know nothing about at this point).

    Simply quoting the 93% number is a pile of BS. I can't stand by itself. I can say with certainty that at least 93% of the Nigerian scam mail I have received the last year has used a hotmail.com or outlook.com account. But surely this does not prove that Microsoft is willingly aiding Nigerian scammers and that their domains should be seized?

Help! I'm trapped in a PDP 11/70!