Slyck.com
 
Slyck Chatbox - And More

Microsoft Angers Millions by Abrupt Seizure of No-IP Domains, Admits Massive Outage was Technical Error

Discuss Slyck's latest news
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

Microsoft Angers Millions by Abrupt Seizure of No-IP Domains, Admits Massive Outage was Technical Error

Postby sunnyd » Wed Jul 02, 2014 11:28 am

At the time of publishing this story, many of the No-IP domains are still down, but customers that filed support tickets due to the massive outage have been receiving emails from No-IP telling them that they hope to have the issue resolved within 24 to 48 hours. To complicate matters further following the original seizure of the 22 No-IP domains by Microsoft on Monday, No-IP’s main website was down on Tuesday due to a DDoS attack which No-IP tweeted about yesterday, saying they were doing their best to mitigate the attack. The Domain Name Service (DNS) provider had begun to offer other free domains for customers to use, but with the No-IP.com website offline, millions were helpless to do anything while their own sites remained down. No-IP’s website is back up now, and a message on their main page still states, "NOTICE: Our domains are still experiencing outages due to the Microsoft takedown. Please read our formal statement on the matter."


No-IP customers including many businesses are beyond outraged with the way this was handled by Microsoft in an attempt to control malware on infected computers, and that some of the subdomains on No-IP's network had been abused by creators of malware. The word “draconian” is appearing frequently in many news articles and conversations following the the seizure of the domains on Monday as documented by ars technica.

Microsoft was granted a temporary restraining order by a court in Nevada, which gave it permission to seize the No-IP domains, and which was done without advance notice to No-IP. In the court document Microsoft claims that the requested action was based on "The Computer Fraud and Abuse Act, 18 U.S.C.1030; (2) The Anti-Cybersquatting Consumer Protection Act, 15 U.S.C. 1125; (3) Nevada’s Unlawful Acts Regarding Computers and Information Services, N.R.S. 205.4765; (4) Trespass to Chattel; (5) Conversion; and (6) Negligence. Microsoft seeks injunctive and other equitable relief and damages against the cybercriminals who created, distributed, and infected computers with Bladabindi and Jenxcus malware, and against the registered owner of the Internet domains that have been used to facilitate the malware infection that has and will continue to cause irreparable harm to Microsoft, its customers, and the public."

No-IP issued a formal statement on Monday following the takedowns and said, "We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors."

Microsoft took down 22 domains which included: 3utilities.com, no-ip.biz, serveblog.net, servemp3.com, bounceme.net, no-ip.info, servecounterstrike.com, servepics.com, hopto.org, zapto.org, serveftp.com, servequake.com, myftp.biz no-ip.org, servegame.com, sytes.net, myftp.org, redirectme.net, servehalflife.com, myvnc.com, servebeer.com and servehttp.com. Microsoft claimed that there were more than 18,000 malicious hostnames involved with the malware, but No-IP could only find a little over 2,000 hostnames on Microsoft’s list that were still active as of Monday morning. The takedowns resulted in over four million hostnames being taken offline.

There is an ongoing debate as to whether or not No-IP did or didn’t take a proactive approach in steps against malware infections which were first identified as large scale in blog post by Cisco in February of 2014, and at that time, No-IP did provide a statement following the malware report by Cisco.

A recent article by Forbes, was headlined as "Security World to Microsoft: Stop Trying to Police the Internet." The first paragraph reads, "Crazy. Outrageous. Unbelievable. These are a few of the many vitriolic words being levelled at Microsoft today, which is taking a kicking from the security community over the dismantling of a cybercriminal campaign said to have infected millions."

In an article published Tuesday night by IDG News Service, Microsoft admitted it made a technical error after it re-routed traffic from No-IP’s network in order to shut down a botnet. The report also stated, "Although No-IP was not accused of wrongdoing, Microsoft maintained the company had not done enough to stop abuse on its networks. Microsoft's intention by seizing the domains was to block only the computers using No-IP's services that were being used as part of a botnet."

But "due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service," according to an email statement from David Finn, executive director and associate general counsel of Microsoft's Digital Crimes Unit.

"We regret any inconvenience these customers experienced," Finn wrote via email late on Tuesday. He claimed that No-IP's services were restored at 6:00am Pacific Time Tuesday. No-IP spokeswoman Natalie Goguen wrote via email that Microsoft made a technical change on Tuesday to forward legitimate traffic back to No-IP, but stated that "it didn't do anything."

As of 12:15pm Eastern Time on Wednesday, many domains are still down. We’ll update this story in the "you can discuss this story here" link at the bottom of this page as more news becomes available, or if we receive word that the No-IP domains are back up and accessible. At the time of publishing this story, there have been no new tweets from No-IP, nor have there been any new updates on their Facebook page. No-IP is reviewing its options for litigation against Microsoft for their drastic actions, and for the massive outage as a result of those actions.

Stay tuned!





Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
sunnyd
 
Posts: 30027
Joined: Mon Jan 21, 2008 2:34 pm

Re: Microsoft Angers Millions by Abrupt Seizure of No-IP Dom

Postby sunnyd » Wed Jul 02, 2014 1:15 pm

No-Ip CEO Dan Durrer, has issued the following statement:

https://www.noip.com/blog/2014/07/02/me ... an-durrer/

As you certainly know by now, on Monday control of our most popular domain names were seized. As a result, millions of hostnames have gone dark and millions of our users have been put out of service.

We have been throwing everything we have at getting you back online with the least possible delay. For legal reasons, we have been restricted from reaching out to you, but we simply cannot stay quiet any longer. We are very close to a resolution and we will update you with more information as soon as we can.

We hear your overwhelming support on social media and would like you to know that we share your frustration. Thank you so much for your support! #FreeNoIP

Dan Durrer
Owner and CEO


(Click on the link above to read the rest of No-IP's statement)
Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
sunnyd
 
Posts: 30027
Joined: Mon Jan 21, 2008 2:34 pm

Re: Microsoft Angers Millions by Abrupt Seizure of No-IP Dom

Postby bmh67wa » Wed Jul 02, 2014 1:28 pm

Does this mean that no-ip has the right to do the same to Microsoft since search results on Bing can also lead to sites that distribute malware? Image
In the 60's, people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal.

zbeast wrote:80's porn is so strange big hair and lazy humping.
User avatar
bmh67wa
 
Posts: 3423
Joined: Sun Jul 28, 2002 10:32 pm
Location: sanctuary.darkservers.net:3456,4568 or 8888

Re: Microsoft Angers Millions by Abrupt Seizure of No-IP Dom

Postby sunnyd » Wed Jul 02, 2014 5:15 pm

According to Kaspersky,

https://www.securelist.com/en/blog/2082 ... operations

The takedown disrupted many other APT operations, which used NO-IP for their C&C infrastructure. These include:

● Flame/Miniflame
● Turla/Snake/Uroburos, including Epic
● Cycldek
● Shiqiang
● HackingTeam RCS customers
● Banechant
● Ladyoffice

The shutdown has affected in some form at least 25% of the APT groups we are tracking. Some of these hosts that were previously used in large and sophisticated cyberespionage operations are now pointing to what appears to be a Microsoft sinkhole, at 204.95.99.59.


Wednesday, 6:00pm ET, many domains are still down, and millions of host names are still not resolving, despite Microsoft stating the situation was remedied yesterday morning.

However...
A post from approximately 4:00pm ET on No-IP's Facebook page, says that some host names are beginning to resolve. "Some hostnames are starting to resolve again! We aren't out of the woods yet, but soon."
Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
sunnyd
 
Posts: 30027
Joined: Mon Jan 21, 2008 2:34 pm

Re: Microsoft Angers Millions by Abrupt Seizure of No-IP Dom

Postby sunnyd » Wed Jul 02, 2014 7:37 pm

Update: Within the last hour, many of the host names are now resolving, but not for all ISPs. Some are reporting the /refresh & /renew (force an IP refresh) is getting them back online.

no-ip.info is back up, so is bounceme.net, and so is serverbeer.com (and several others). For those not online yet, just keep trying, it seems like there has been a lot more progress in the last hour.
Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
sunnyd
 
Posts: 30027
Joined: Mon Jan 21, 2008 2:34 pm

Re: Microsoft Angers Millions by Abrupt Seizure of No-IP Dom

Postby sunnyd » Wed Jul 02, 2014 8:43 pm

It wouldn't be fair if I didn't at least point out that during the entire process of this massive outage, Microsoft was in fact successful in taking down some of the strongest botnets that had affected millions of computers. While their actions have been criticized as "draconian", Microsoft maintains it was the only way to achieve that success, and that the massive outage was a technical error, and was not done intentionally to hurt harmless traffic.

Per an email I received earlier (that I overlooked by mistake), Microsoft did surrender all domains, and No-IP has recovered 18 of them so far from the Public Interest Registry. They are in the process of trying to recover the others. Service should be restored soon (if not already) for all domains other than .org.

There has been no official word on any pending litigation against Microsoft from No-IP.
Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
sunnyd
 
Posts: 30027
Joined: Mon Jan 21, 2008 2:34 pm

Re: Microsoft Angers Millions by Abrupt Seizure of No-IP Dom

Postby bmh67wa » Thu Jul 03, 2014 4:54 pm

I just received this email from them...

We would like to give you an update and announce that ALL of the 23 domains that were seized by Microsoft on June 30 are now back in our control. Please realize that it may take up to 24 hours for the DNS to fully propagate, but everything should be fully functioning within the next day. One of the domains, noip.me, took longer to get back online, but it should be fully restored within the next day. Is your service back up? Please send us a tweet and let us know.
We are so sorry for the inconvenience that this takedown has caused our customers. Thank you so much for the support and for sticking with us through this entire process this week. More information surrounding the event will be released within the next few days, so stay tuned. Again, THANK YOU.
Have any questions or comments? Please do not hesitate to open a Support Ticket or give us a call at 775.853.1883, but please understand that we are still under heavy call/ticket volume and it may take more time than normal to get back to you.
In the 60's, people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal.

zbeast wrote:80's porn is so strange big hair and lazy humping.
User avatar
bmh67wa
 
Posts: 3423
Joined: Sun Jul 28, 2002 10:32 pm
Location: sanctuary.darkservers.net:3456,4568 or 8888

Re: Microsoft Angers Millions by Abrupt Seizure of No-IP Dom

Postby dreamthiev » Fri Jul 04, 2014 12:50 am

sunnyd wrote:There has been no official word on any pending litigation against Microsoft from No-IP.


Never mind no-ip, I wouldn't be surprised if someone isn't already organizing a class-action suit against microsoft. There's going to be plenty of people who claim financial damages.
dreamthiev
 
Posts: 13
Joined: Sat Sep 16, 2006 10:14 am


Return to Slyck News

Who is online

Users browsing this forum: No registered users and 2 guests

© 2001-2008 Slyck.com