from the no-ip-doesn't-mean-what-you-throught-it-did dept.
AnonTechie, RhubarbSin, and others write in to tell us:
Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users. Thus proving once again that when you are the proverbial 800lb gorilla, you need to be damn careful where you sit.
Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services.
In an effort to crackdown on cyber crimes, Microsoft has taken a legal action against a malware network what it thought is responsible for more than 7.4 million infections of Windows PCs across the globe. Millions of legitimate servers that rely on Dynamic Domain Name Service (DDNS) from No-IP.com, owned by Vitalwerks Internet Solutions were blacked out on Monday after Microsoft seized domain names that were being used by malware developed in the Middle East and Africa.
Microsoft security research team began this operation under an order granted by a federal court in Nevada, and targeted traffic involving two malware families that abused No-IP services. The Windows malwares, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm), use No-IP accounts to communicate with their creators in 93 percent of detected infections, which are the most prevalent among the 245 other pieces of malware currently exploiting No-IP domains.
In a blog post, Richard Domingues Boscovich, assistant general counsel at Microsoft's Digital Crimes Unit, said Microsoft pursued the seizure for No-IP's role "in creating, controlling, and assisting in infecting millions of computers with malicious software-harming Microsoft, its customers and the public at large".
Related Stories
Forbes reports that, following Microsoft's heavy-handed seizure of 23 domains belonging to DDNS service No-IP in order to deal with the NJrat and NJw0rm botnets, the domains have been returned to the control of their original owner. Whether this was the original plan all along is unclear, but Microsoft has so far not made any explanation of the move or responded to the criticism leveled at it by No-IP service users, both free and paid, all over the Internet:
"Microsoft's move ... to cut off cybercriminal control of the Bladabindi (NJrat) and Jenxcus (NJw0rm) malware also saw millions of legitimate websites shuttered as they were using the same infrastructure as thousands of domains being used to manage the malicious software. The Redmond giant was subsequently told to cease "policing" the internet. At around 8pm BST today, No-IP started reporting a number of domains were back online, whilst records on the Domain Name System showed Microsoft had relinquished its control of many of the sites it wiped off the internet. One wonders if this was Microsoft giving up its anti-malware operation or if it's simply part of the process. There is another possibility, as suggested by a noted security researcher today: the court may have reversed its decision to allow Microsoft to take control of the 23 domains it seized."
No-IP said more than 1.8 million "legitimate customers" were taken out by Microsoft's seizure, affecting roughly 4 million hostnames. Though a digital issue there have been some potentially dangerous physical results from Microsoft's action, according to Goguen, as it may have stopped people receiving medicines or caring for their children. "We have received many calls from customers who use our service to monitor cameras for elderly relatives, small children and even pets," she added. "We have even had a customer from a medical dispatch company go down because of this. Over the past two days they have not been able to dispatch medics to elderly patients and it is very troubling to them."
Referring back to when Microsoft seized No-IP domains (it did then reinstate them) boing boing brings us the tale of interpretive law - How Microsoft hacked trademark law to let it secretly seize whole businesses:
The company expanded the "ex parte temporary restraining order" so it could stage one-sided, sealed proceedings to take away rival businesses' domains, sometimes knocking thousands of legit servers offline.
Most famously, Microsoft used the power against No-IP, a company that provided dynamic DNS to thousands of customers
This is covered by Wired in: How Microsoft Appointed Itself Sheriff of the Internet.
(Score: 4, Insightful) by kaszz on Wednesday July 02 2014, @04:15AM
Perhaps Microsoft should tighten up their software engineering skills and minimum standards for code quality that may be shipped. Management should end their obsession with fixed release dates. Then there will be malware, but it won't have this ridiculous impact. Before this is accomplished that evil corporation has to find other methods to deal with the fallout of the junk they ship!
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @06:33AM
In the comments on the noip.com page, the fact that it was an ex-parte procedure was mentioned.
Mike Masnick's page pounded on that point.
Dangerous Ruling: Judge Lets Microsoft Seize & Redirect No-IP Domains Without Notice [techdirt.com]
The dumb bastard only allowed ONE side (M$) to present its case; the other side wasn't even made aware that anything was going on until afterwards.
-- gewg_
(Score: 2) by jasassin on Wednesday July 02 2014, @04:18AM
I'm more pissed off at the damn hackers lickin their nuts again. Fucking botnet idiots, I wish MS would hire Blackwater to find these dildos and destroy them. Botnet schmucks ruining it for everybody. Grrrrr...
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 3, Insightful) by marcello_dl on Wednesday July 02 2014, @06:32AM
Hackers justify the billion dollar computer security industry. Don't count on them disappearing any time soon, nor on microsoft to make their life too difficult. Remember that microsoft business model for the suppression of alternatives to win and office was to let pirate versions flood the market.
(Score: 2) by Geezer on Wednesday July 02 2014, @09:57AM
Wish I had +mod points. You are exactly right about the "security" industry. It's like expecting Big Pharma to market cures for the maladies they treat, or the DEA actually winning the War on Drugs...you don't kill the Golden Goose, you morph it into a cash cow and milk it.
(Score: 1) by bzipitidoo on Wednesday July 02 2014, @05:01AM
When I saw this news, I immediately checked my own website that's hosted at a free no-ip.biz domain. And, yes, my site is down. Says "server not found". As far as I know, there's no malware on my site.
Maybe I should sue MS. Any lawyers out there thinking of some class action lawsuits?
(Score: 1) by arcz on Wednesday July 02 2014, @05:12AM
I would say the judge acted very rashly in granting a preliminary order. Where exactly is there an imminent threat of irreparable harm? I would sue MicroSoft, and make an emergency appeal. I don't have any sites on this domain though.
I would say the irreparable harm is done to the customer of no-ip, many of which will have no presence in Nevada/whatever state that is!
Exactly how are botnets ending the world? They've been here for a long time. Maybe Microsoft, just maybe, you should fucking get your act together and fix the security holes in YOUR operating system. Why is this no-ip's fault? DNS services are fucking harmless, unlike your security holes!
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @05:22AM
but but but... won't somebody think of the innocent lawyers, judges and politicians with shares in Microsoft that need to feed their families and their poor starving investment portfolios!
(Score: 3, Interesting) by Nerdfest on Wednesday July 02 2014, @10:15AM
I'd like to know ho Microsoft was granted what are affectively law enforcement powers. It's not that out of line with the way things are going these days, I'm just a little curious about the mechanism.
(Score: 2, Informative) by Anonymous Coward on Wednesday July 02 2014, @05:19AM
MS PR guy is calling it a technical error:
https://www.techdirt.com/articles/20140701/15030927747/microsoft-insists-that-no-ip-outage-was-due-to-technical-error-rather-than-gross-abuse-legal-process.shtml [techdirt.com]
(Score: 5, Interesting) by aristarchus on Wednesday July 02 2014, @06:06AM
MS PR guy means it is a tactical error.
And for the newb complaining about botnets ruining it for the rest of us, I suggest you look at this like an infestation of cockroaches. If you keep your kitchen clean, there is nothing for the cockroaches to eat, so they do not appear! Application of this to an operating systems is left as an exercise for the reader. (gosh, I always wanted to say that!)
(Score: 2) by marcello_dl on Wednesday July 02 2014, @06:23AM
A technical error that they cannot rectify, more than 24 hours AFTER THEY CAUSED IT THEMSELVES?
Either they suck at system administration, or they suck at system engineering because an infrastructure where a competent sysadmin can't fix things in 24 hours is too complex...
or the interwebs use TTL values a bit too long (JK).
(Score: 2) by kaszz on Wednesday July 02 2014, @08:53PM
They excel at social engineering of people at large scale. How else could they peddle their crap..
(Score: 2) by marcello_dl on Thursday July 03 2014, @05:36PM
> They excel at social engineering
Word.
(Score: 2) by edIII on Thursday July 03 2014, @05:33PM
More to the point, if Microsoft actually cared about real users here, they would use the best experts in the world....
That's No-IP.com. Who else would be better informed about the nature of their network? How did Microsoft expect to keep servicing the records on those domains? Did they attempt to mirror them beforehand?
What I find disturbing is not the malware, or that No-IP was being used to facilitate it.
The incredibly disturbing part is that Microsoft, a corporation no better than No-IP, was granted full seizure of another corporation's property. No trial, no court case, no jurors, and basically the finger to due process.
Microsoft was able to accuse No-IP of being an accomplice to crime with no more evidence than that of malware operators using their service. Was the judge made aware of some super secret emails? NSA came in and helped? What was it?
If there wasn't extremely strong evidence that No-IP was involved with their executives and making money off the use of the services in that fashion, then it's very stupid of the judge to just hand over that property and put customers at risk. Microsoft does *NOT* have that much credit and goodwill in the world of technology to just come in and take over entire operations with the expectation that it's just going to get done correctly. We certainly know better around here, which is not a direct stab at Microsoft. No corporation is so good that it can just take over another corporation overnight (without cooperation) and expect no downtime.
The judge is an idiot that had no understanding of the technology involved and didn't even bother to get an independent expert to review it. Even if there was the evidence of botnet activity, why shut out No-IP's IT department? Not even a phone call to the CTO? I want evidence that executives were involved in the decision making process to allow the botnets to continue.
The seizure was just dripping with hostility, malice, and above all, rampant stupidity and hypocrisy. One of the reasons why botnets are so successful is the piss poor and lackadaisical approach to security by Microsoft. Which corporation is big enough to start seizing their property because some people are using their products and services to conduct crime? I'm betting only Google, and that would be one hell of an argument. No way that would be going down without Microsoft being informed.
A Microsoft PR lackey coming out and saying it wasn't abuse of legal process that created the downtime, but a technical error. That would be like me saying that the poor girl dying had nothing to do with my kidnapping of her, but that she just had a heart due to shock when I put on my gimp suit.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by VortexCortex on Friday July 04 2014, @06:13AM
Well, if you had been paying attention you'd already know the answer is that Corporations rule America (both north and south). Furthermore, this type of heinous shit has been going down for over a hundred years.
Just take a look at what happened on 9/11.... In 1972, that is. [youtube.com]
Huh. Seems you should be shitting bloody bricks, my brother. There are no legitimate governments anymore. [snagfilms.com]
(Score: 2) by Bot on Wednesday July 02 2014, @06:40AM
Account abandoned.
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @07:39AM
Silly Microsoft, if your ns7.microsoftinternetsafety.net can't handle the load of everyone asking about no-ip.org every minute, the least you could have done is INCREASE THE TIME TO LIVE and let caching resolvers do some caching because THAT'S HOW THE DNS WORKS.
(Score: 2) by Jaruzel on Wednesday July 02 2014, @01:07PM
Ahh but you are forgetting that no-ip is originally designed for people with dynamic IPs, which is why the TTL is so low.
-Jar
This is my opinion, there are many others, but this one is mine.
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @08:00PM
No one is forgetting that no-ip is designed for rapid updates to dynamic IPs. Some temporary adjustments can and should be made to provide some stability while no-ip is not running on the infrastructure that was originally designed to run it. Lengthening the TTL to say, an hour, would not be unreasonable.
(Score: 1) by Kunasou on Wednesday July 02 2014, @08:11AM
Even though my home router shows me this:
"Wed Jul 2 09:09:52 2014: I:INADYN: Alias '*******.no-ip.org' to IP '81.xx.xxx.xxx' updated successfully."
Some DNS servers don't show anything now so my domain doesn't work.
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @08:32AM
Just keep clicking reload and eventually it works, for a while at least. The service is terrible, Microsoft must be running the whole thing on some guy's phone or something.
(Score: 2) by cmn32480 on Wednesday July 02 2014, @05:23PM
If it is Windows phone, there are only like 5 or 6 people it could be. Get 'em!
"It's a dog eat dog world, and I'm wearing Milkbone underwear" - Norm Peterson
(Score: 1) by rliegh on Wednesday July 02 2014, @08:22AM
Apparently there's still some usable domains on no-ip but I don't trust them to still be usable if talks to the court. Personally, I switched over to freedns.afraid.org for my needs.
I just tell 'em the truth and they think it's trolling!
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @08:37AM
Bad news for anyone who's been posting dead links to no-ip on forums for years. At least tinyurl is still up!
(Score: 2) by isostatic on Wednesday July 02 2014, @09:38AM
"We're taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals"
Hah!
(Score: 2) by wantkitteh on Wednesday July 02 2014, @11:24AM
Thank you for your efforts to protect me and my friends from disruptive security risks. I'm sure the downtime you've caused on my Minecraft server will be far less than the downtime those dangerous botnets would have caused us had they known we ever existed or even cared.
FU Very Much
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @11:30AM
You could use the spare cycles on your idle Minecraft server to mine Bitcoin instead.
(Score: 2) by wantkitteh on Wednesday July 02 2014, @11:54AM
They're already taken up running Folding@Home. I'm currently drafting a letter to Microsoft UK asking them to comment on their violation of the 2006 Police and Justice Act, specifically the passage regarding the criminalisation of any action taken to deliberately "to prevent or hinder access to any program or data held in any computer".
Microsoft, you've DoS'd me and I'm fixing to take your arse to court!
(Score: 3, Informative) by wantkitteh on Wednesday July 02 2014, @01:05PM
I'm starting a blog to document what happens about this shortly - just doing due diligence on safely setting up Wordpress under Ubuntu LTS 14.04, suggestions welcome. Watch this space for the address!
I'll be looking to get names and details of anyone from the UK and their affected services that have been knocked offline by Microsoft - they shall feel our wrath!
(Score: 2) by wantkitteh on Wednesday July 02 2014, @01:44PM
More detail in my most recent journal entry, will post blog link there when it's up.
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @11:59AM
*.onion domains are free!
*.onion domains are decentralized!
*.onion domains respect your privacy!
-
also there is http://www.opennicproject.org/ [opennicproject.org]
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @09:26PM
*onion domains quickly and efficiently get you on your government's watch list.
(Score: 2) by WizardFusion on Wednesday July 02 2014, @03:25PM
You have to remember, that the only no-ip.com domains that were taken down were the free ones. Not the paid, the free.
Anyone who runs a business or important function using a free service gets what they deserve. If you want it reliable, then you have to pay for it.
All I lost access to was my own hosted calendar and contacts sync (ownCloud) and access to my NAS.
I just changed the DNS entry, and I was back up and running once DNS replicated.
(Score: 2) by wantkitteh on Wednesday July 02 2014, @04:34PM
Doesn't matter whether it was paid for or not, Microsoft had no business having No-IP's domain assets confiscated when No-IP were perfectly open to assisting MS in this matter. Out of all the ways they could have done this, they plumped for the method that had the biggest impact on the largest number of innocent people.
I "only" lost SSH access to my Minecraft server, and all my friends lost remote access to the world we've been working on for months. How many million (yes, MILLION) people have been affected by this? That's not even vaguely acceptable collateral damage in return for a couple of botnets.
Everyone affected by this - I want to know how much time, money, business, effort, tears, sweat, blood, whatever you lost because of this. Unless Microsoft can see and quantify how much damage they've caused innocent prople through their actions, they'll never stop doing it!
www.nerdcore.org.uk - comment on the blog post there or email, link at the bottom of the post.
(Score: 2) by wantkitteh on Wednesday July 02 2014, @05:18PM
Turns out the the "free" domains can also be used with No-IP's paid services - lots of angry customers have had their PAID services down since this all started!
(Score: 0) by Anonymous Coward on Wednesday July 02 2014, @08:54PM
You mean you can't SSH to an IP address?
(Score: 2) by wantkitteh on Wednesday July 02 2014, @04:37PM
I've posted this in a few places now, but I want to be sure as many people see it as possible - if you've been affected by Microsoft's seizure of the No-IP domains, I want to know about it! Let me know Microsoft have caused you to lose by their actions - hours fixing the problem, emails while your server was unavailable, players on your game servers, anything that you can quantify!
Microsoft will keep doing things like this unless we can let them know just how many people they're hurting and how badly. Check out my blog (www.nerdcore.org.uk) and either comment on the article or email me (link in article). They must be made to answer for their actions!
(Score: 2) by Han Held on Wednesday July 02 2014, @09:31PM
I run an opensim (http://www.opensimulator.org ...http://simonastick.com if you wanna try it out yourself) server on my desktop, that was redirected by a no-ip (bounceme.net) address.
It took me ten minutes to register an account on afraid.org and edit 3 files to get back up and running.
(Score: 1) by Han Held on Thursday July 03 2014, @05:37AM
Follow up; my old (no-ip) domain is working again, so apparently Microsoft did release at least some of the domains.
(Score: 0) by Anonymous Coward on Thursday July 03 2014, @05:39PM
is Microsoft spying on any use of No-IP.com domains now?