Summary: Microsoft control over the Internet (control that should never have been granted) is used to shut down millions of legitimate services

THIS is an incident that has infuriated many people, companies, organisations, etc. It's widely publicised by now. Microsoft is above the law, apparently, or rather, Microsoft is the law in the United States (see our page about "Microsoft influence in the United States government").

Tux Machines, our near-real-time news site, relied on No-IP until some months ago. Millions of people use the site every month. Millions of services and sites use No-IP every month. It means that billions of people are dependent on No-IP . It is a critical service for perhaps tens of millions of Web sites and other services (such as LDAP, E-mail, and so on). Well, Microsoft's outrageous demands have ruined the services. It is Microsoft's fault (due to its own sabotage like back doors and incompetence that makes many insecurities). Do Microsoft's demands now supersede the rest of us? Can Microsoft knock offline millions of services all around the world and if so, where did Microsoft acquire such an infitinite power? Here is an explanation and roundup of the past few days' responses, which resulted in Microsoft relinquishing control of No-IP (when it was already too late and huge damage had been done).

"Can Microsoft knock offline millions of services all around the world and if so, where did Microsoft acquire such an infitinite power?"Let's start by stating that Microsoft has back doors and much of the blame for SPAM, DDOS etc. should be put on Microsoft Windows, which is insecure by design. Microsoft cannot claim to be pursuing better Internet security (ever!) while it does what it does for the NSA. For Microsoft to take a whole network to court is like the FBI and USDOJ going after MegaUpload; however, Microsoft, unlike the FBI and USDOJ, is not a Federal agency. So what the heck is going on here? And how can Microsoft get away with it? Surely there should be a class action lawsuit, but will victims be capable of finding each other, then organising? Here is the response from No-IP and an article about it which says:

Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.

"Apparently," it says, "the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt" (Microsoft is probably arrogant enough to not even apologise).

"Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users," says the above.

They should organise for class action lawsuit. Perhaps No-IP should sue Microsoft for loss of many customers and the customers too should sue Microsoft for the damage caused by its overreach and abuse. No-IP ought to help its clients organise for a class action lawsuit.

Two days ago I drafted a post about this, calling for class action against Microsoft over this whole overreach. I did not publish it at the time as I was waiting to see how much damage was done overall. The services had not been restored by that time. Some services were down for several days. Now, let's try to estimate the damage. If we assume $1000 compensation for 1.8 milion servers, then that's $1.8 billion, which Microsoft can probably borrow from one of its offshore havens to pay in reparations. Microsoft should be sued in an organised fashion and prepare to pay billions of dollars in compensation, just as they were forced to pay fines after browser-related crimes.

"So, to go after 2,000 or so bad sites, [Microsoft] has taken down four million,” Gogun said. Gogun is a senior employee at NoIP.

Here is some press coverage of interest and feedback from victims, including:

• "The dynamic DNS free domains from NoIp are working again. Thank @mictosoft for suspending 4mil honest users due to a "technical error"." (Source)



• "No-Ip.com categorically claims microsoft did not talk or consult with them before hijacking their networks! Disrupted millions!" (Source)



• "Good to see that in the "land of the free" the bully with the money can take down the small guy" (Source)



• "Dear Microsoft, please stop breaking the domains relied on by everyone who doesn't have a static IP - surely compensation due? #noip" (Source)

How can Microsoft gain the power to just shut down parts of the Web without an open legal process? Watch IDG's (partly Microsoft-funded) coverage of the No-IP fiasco (tilted in favour of Microsoft to make it look like innocent "error").

Tux Machines, which used to be No-IP-managed, went down around the same time that I repeatedly protested about this online. Interestingly enough (and that's a fact), DDOS attacks on Tux Machines (by Windows-running PCs) began just a few minutes after I repeatedly ranted about Microsoft's sabotage of No-IP. I can't prove the correlation, but it was curious enough to note. The botmaster/s attacking Tux Machines was not stupid. There was hammering on different parts of the site each time one was blocked/denied (I had to manually block huge chunks of IPs and addresses). Following Microsoft's logic, many of its back-doored (for NSA) Windows PCs attack Web sites, so it's fine to just shut down Windows PCs universally.

Here is some other and later coverage of developments and an official response from Microsoft (face-saving lies). 1.8 million customers are said to be affected and "Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process," says TechDirt:

Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process

Earlier today, we wrote about a ridiculous situation in which Microsoft was able to convince a judge to let it seize a bunch of popular domains from No-IP.com, the popular dynamic DNS provider, routing all their traffic through Microsoft servers, which were unable to handle the load, taking down a whole bunch of websites. Microsoft claimed that this was all part of a process of going after a few malware providers, though No-IP points out that Microsoft could have easily contacted them and the company's fraud and abuse team would have cut off those malware providers.

To quote the conclusion: "That's not a "technical error." That's Microsoft blatantly making an extreme claim that convinced a judge to hand over a whole bunch of domain names without any kind of due process or adversarial hearing. While Microsoft may have then had a technical error on top of that, what kicked this off was a very, very big legal error."

Microsoft probably knows that it's about to be sued, so it is making up stories about "errors" while Microsoft-funded press repeats the lies. Here is AOL coverage:

Microsoft seized 23 domains this week from No-IP, a provider of dynamic DNS services, after filing a civil suit alleging that the domains in question were used to distribute malware.

The domains, according to Microsoft, were used 93 percent of the time for distributing the Bladabindi and Jenxcus malware families. A court granted Microsoft custodianship — DNS authority — of the digital properties so that it could “identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats.”

This was an abuse of the Court. Microsoft deceived the Court to take over what one writer called "universe" (millions of domains). Microsoft broke the Internet for several days, having abused or bamboozled a court.

To quote one of our readers, Microsoft "is getting the heat for the attack against No-IP. Yes, they failed by trying to run Microsoft products in a production situation but the actual anger needs to be directed at the court which handed, ex parte, No-IP's business over to Microsoft. How on earth was that allowed? That's the real question and one that Microsoft appears to what to distract from with stupid side tracks on 'technical issues' to bring the attention away from legal issues. Fraud. There was no accidents involved: Microsoft took over the domain on purpose after a lot of work manipulating the court.

"Then underneath the technical side is Microsoft inherent, built-in vulnerability. Without Microsoft there would be no botnets." ⬆