Microsoft No-IP Takedown
Microsoft obtained a court order allowing it to take over various domains owned by free dynamic DNS provider "No-IP" [1]. According to a statement from Microsoft, this was done to disrupt several botnets [2] . However, No-IP is crying foul, stating that Microsoft never contacted them to have the malicious domains blocked. Further, Microsoft is apparently not able to properly filter and support all queries for these seized domains, causing widespread disruption among legit no-ip customers. According to the court order, Microsoft is able to take over DNS for the affected domains, but because the legit domains far outnumber the malicious domains, Microsoft is only allowed to block requests for malicious domains.
Microsoft apparently overestimated the abilities of it's Azure cloud service to deal with these requests.
In the past, various networks blocked dynamic IP providers, and dynamic IP services have been abused by criminals for about as long as they exist. However, No-IP had an abuse handling system in place and took down malicious domains in the past. The real question is if No-IP's abuse handling worked "as advertised" or if No-IP ignored take down requests. I have yet to find the details to that in the law suit (it is pretty long...) and I am not sure what measure Microsoft used to proof that No-IP was negligent.
For example, a similar justification may be used to filter services like Amazon's (or Microsoft's?) cloud services which are often used to serve malware [4][5]. It should make users relying on these services think twice about the business continuity implications of legal actions against other customers of the same cloud service. There is also no clear established SLA for abuse handling, or what level of criminal activity constitutes abuse.
[1] http://www.noticeoflawsuit.com
[2] http://blogs.technet.com/b/microsoft_blog/archive/2014/06/30/microsoft-takes-on-global-cybercrime-epidemic-in-tenth-malware-disruption.aspx
[3] http://www.noip.com/blog/2014/06/30/ips-formal-statement-microsoft-takedown/?utm_source=email&utm_medium=notice&utm_campaign=takedown
[4] http://blog.malwarebytes.org/fraud-scam/2014/04/cyber-criminals-interested-in-microsoft-azure-too/
[5] http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/16/amazon-is-a-hornets-nest-of-malware/
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
Anonymous
Jul 1st 2014
1 decade ago
Their Formal Statement is from their site:
https://www.noip.com/blog/2014/06/30/ips-formal-statement-microsoft-takedown/
Anonymous
Jul 1st 2014
1 decade ago
Anonymous
Jul 1st 2014
1 decade ago
Sorry, but I have to call BS on that. Microsoft takes weeks to follow through with Azure abuse complaints.
Anonymous
Jul 1st 2014
1 decade ago
the claims within their order are rather infuriating.
"III. The Balance Of Hardships Tips Sharply In Microsoft’s Favor ....Cutting communications to No-IP sub-domains confirmed to be enabling
malware will prevent Malware Defendants from sending instructions or additional malware modules
to infected personal computers during that time and will preserve the evidence of the malwares’
operations and illegal activities. Defendant Vitalwerks will suffer no harm if a TRO and preliminary
injunction are issued because Defendant derives no known income form the operation of its free
Dynamic DNS service
....
If there is any legitimate activity carried out on the No-IP sub-domains, it will be allowed to proceed under the terms of the proposed order with no disruption.
...
Similarly, there will be only negligible impact on the third-party domain registries that will
need to implement part of the proposed order."
Anonymous
Jul 1st 2014
1 decade ago
The only justification I see is that Windows machines are being compromised.
Still trying to find similarly disturbing analogy; vehicule or arms industry comes to mind right now...
Anonymous
Jul 1st 2014
1 decade ago
Anonymous
Jul 2nd 2014
1 decade ago
This is clearly a case that should have been handled by the FBI, and not the Microsoft Police.
Guess the court was fooled by Microsoft. The next thing we will see is, that that Kalashnikov wants to take over the factories of Colt, as their guns has been used to kill Americans. Then deliver only to the Military, and sell the rest to war mongers abroad.
Anonymous
Jul 2nd 2014
1 decade ago
Anonymous
Jul 2nd 2014
1 decade ago
I propose banning the internet, and requiring that every single computer be powered off.
This will be much more effective at stopping APT than disrupting one internet service, as it will disconnect nearly 100% of the bad actors.
Anonymous
Jul 2nd 2014
1 decade ago