Microsoft Takes Down No-IP.com Domains 495
An anonymous reader writes For some reason that escapes me, a Judge has granted Microsoft permission to hijack NoIP's DNS. This is necessary according to Microsoft to thwart a "global cybercrime epidemic" being perpetrated by infected machines running Microsoft software.
No-IP is a provider of dynamic DNS services (among other things). Many legitimate users were affected by the takedown: "This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives. ... We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening."
Sue them for all they're worth (Score:5, Interesting)
This is their business the court decided to hand over to Microsoft. Lawsuits should be flying in all directions.
only an excerpt (Score:2, Interesting)
Hotmail? (Score:5, Interesting)
So after decades of the community putting Microsoft on notice that HotMail is abused by spammers, can I sieze the domain name?
Legal Precedent? (Score:5, Interesting)
No customer notification (Score:5, Interesting)
While I fully blame Microsoft for creating this mess, I'm somewhat dismayed that as a customer I'm finding out that my service is down from a news outlet rather than from noip themselves! I've been using their sub domain wildcard service for 7-8 years now and have just now found out that it's down. I'm none too happy about being thrown out with the bathwater!
Re:Legal Precedent? (Score:2, Interesting)
No, they seized control of the entire business -- the top-level domains, the second-level domains engaging in criminal activity, and all of the second-level domains who were not engaging in criminal activity. The right way to do this is to get a court order to seize the infringing addresses and leave the millions of customers who did nothing wrong alone. This is like the FBI seizing an entire rack or datacenter from AWS because someone served child pornography from a t1.micro instance, and then letting the accusing party respond in any way they want to all of the non-criminal traffic for the next six weeks. The collateral damage is completely unacceptable.
Re:How about a home brew dynamic DNS system? (Score:5, Interesting)
I have a $10/mo VPS at a major datacenter with static IPv4 & IPv6 addresses that hosts the primary DNS server for my vanity domain. My house has plain old boring dynamic address DSL with filtered port 25, etc... I have a Raspberry Pi running light network services on the house net. It runs a cron job that runs pubkey ssh into a no-shell account on the VPS. When that happens, a script rips $SSH_CLIENT and does a quick compare to see if it changed. If it has, another cron job on the VPS fixes up a record in my vanity domain with a 60 second TTL.
OpenVPN gets me around the port 25 filter...
Why am I explaining this to a low four digit?
Well, fuck you very much (Score:5, Interesting)
So *that's* why my DDNS suddenly went dark today, with no apparent explanation.
Port 80 forwarding to the right LAN IP. Server daemons are running. I can access all the services directly by WAN IP (not very useful). Updater client running just fine. No firewall configs in the way. No-IP reports the correct IP. No news posting on No-IP's website about any sort of outage or technical issues.
Well, I was lost -- that was everything. ... and that was all because of this horseshit? Guess what... I'm not even *in* the US, so now the US courts think they have jurisdiction over countries? (OK, that's not new)
Fuck all involved. Hope they get their asses sued to hell. And this judge canned for such a dumbass decision.
Take them to court over Windows (Score:2, Interesting)
If it wasn't for the all the holes in WIndows then there's would't be as many people trying to distribute malware. MS themselves are the first in line as the root cause.
Taking over government functions (Score:5, Interesting)
Re:Malice? more like incompetence... (Score:5, Interesting)
I also suspect they've managed to botch the technical aspect of it as well.
Presumably the plan was to put their caching name servers in front of the real no-ip servers, and gather the mappings for the malware suspect sites and then blackhole them after getting what they want. The problem was that Microsoft's side appears to have melted down, thus taking everything down. They won't be getting logs, behavior analysis or anything, because its all a pile of wreckage in a crater. Meanwhile, all the "bad guys(TM)" have now had hours head start to delete their C&C node registrations while microsoft's servers are down. And now they've ticked off the no-ip folks, so I wouldn't expect them to be in a cooperative mood to try and help.
Bone headed all round. There's no other way to put it.
Re:Sue them for all they're worth (Score:5, Interesting)
Also, apparently No-ip didn't appear when summoned. Apparently, that's kinda of a big no-no. Maybe next time they will buy their domains somewhere with proper laws.
IANAL. All of this is from following legal procedures.
Not showing up is a big no-no. A judge can, usually, assume that the party not showing up has nothing to say in the matter, and just accept the petition as is. This is, however, not what happened here. From the first link:
On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP.
Emphasis mine.
An Ex-Parte petition is filed without the other side being given a chance to answer. This is outrageous act by Microsoft. You ask for an ex-part hearing when there is danger that the other side, if given prior warning of your requested subpoena, will destroy evidence. Since Microsoft is claiming that no-ip are unknowingly hosting malware, this simply wrong.
Before you go to blame the judge, however, please bear in mind that he can only rule based on the petitions before him. Presumably, a two-party hearing will be held soon, and then things can, and should, go differently. Also, the judge should have ordered Microsoft to place some money in escrow, which no-ip will automatically get in case the temporary restraining order is found to be unjustified.
What I'm saying is that we don't have enough information so far to conclude that the judge did anything wrong, but the first link, written by Microsoft, clearly shows MS to be douche bags in this case.
Shachar
Re:WTF (Score:3, Interesting)
And this is why we need Namecoin and other decentralized DNS solutions to take such matters out of the hands of the lawmakers.
http://namecoin.info/
Lawsuits will fly (Score:5, Interesting)
IAAL (but this isn't legal advice). I noticed that it was an ex parte hearing, which is why this whole mess occurred. They're useful for preventing domestic violence, but ripe for abuse in all contexts. NO-IP should be moving for an emergency hearing and the whole issue should be resolved within hours. Beyond that, NO-IP should follow-up with a suit for damages (I suspect MS will pull the we-got-a-court-order card and NO-IP gets to respond back with you lied to the court. It all goes nowhere and they settle).
The more interesting aspect is the disrupted users. While MS moved against NO-IP ex parte, they apparently made assertions that they would keep the service functioning properly. They've failed there and suits are now possible for those failures. More interestingly, however, is whether MS was recording, manipulating, or in any other way playing with the traffic. If so, there are some excellent wiretap statutes waiting to be had.
I, sadly, didn't have an NO-IP account, but if I did, I'd be heading to the court house this afternoon. This is what happens when you skip due process, let a to-big-to-fail corporation do whatever it wants to private corporations through the guise of the courts. Corruption at it's finest. MS should be bludgeoned thoroughly enough to at least think twice before attempting it again.
Re:Sue them for all they're worth (Score:2, Interesting)
Emphasis mine.
An Ex-Parte petition is filed without the other side being given a chance to answer. This is outrageous act by Microsoft. You ask for an ex-part hearing when there is danger that the other side, if given prior warning of your requested subpoena, will destroy evidence. Since Microsoft is claiming that no-ip are unknowingly hosting malware, this simply wrong.
Before you go to blame the judge, however, please bear in mind that he can only rule based on the petitions before him. Presumably, a two-party hearing will be held soon, and then things can, and should, go differently. Also, the judge should have ordered Microsoft to place some money in escrow, which no-ip will automatically get in case the temporary restraining order is found to be unjustified.
What I'm saying is that we don't have enough information so far to conclude that the judge did anything wrong, but the first link, written by Microsoft, clearly shows MS to be douche bags in this case.
Shachar
According to the Microsoft blog post linked in TFS:
And:
[Emphasis Mine]
So, Microsoft is alleging that No-IP is assisting (presumably knowingly) in the distribution of malware and that 93% of No-IP's domains are vehicles for malware distribution. Is this true? I don't know, but I kind of doubt it.
What's next, a RICO prosecution for the owners of No-IP?