twitter facebook rss

Microsoft condemns the innocent to catch the guilty

Posted by on July 11, 2014.

With great power comes great responsibility. Last week Microsoft exercised the former without practicing the latter: it demonized an innocent company and millions of innocent users to catch two criminals. The ends were good; but the means were not justified.

Back in June it obtained an ex parte court ruling that allowed it to take over the IP addresses used by Vitalwerks in its No-IP service. This company offers a service that allows users with no static IP address to face the world as if they have a static IP address – it would, for example, allow the man in the street to run a web site off his standard domestic broadband service.

Microsoft had determined that two hackers were operating the Bladabindi (NJrat) and Jenxcus (NJw0rm) trojans from servers using the No-IP service. It went to court and obtained a ruling, without No-IP being aware of the action, that enabled Microsoft to redirect everyone using No-IP to its own servers. The theory was that it would intercept all Bladabindi and Jenxcus traffic, and allow through everything else. But Microsoft seems to have miscalculated. It couldn’t handle the volume and ended up disrupting the service of many millions of innocent customers.

On June 30, Microsoft announced:

We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware… Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity.
Microsoft takes on global cybercrime epidemic in tenth malware disruption

It would seem that Microsoft claimed, and the judge agreed, that No-IP and its users must be criminals – but that’s similar to shutting down Dropbox and disconnecting everyone from their files simply because a few criminals have used Dropbox to provide C&C to botnets.

Yesterday Microsoft relented; but with no sign of an apology to Vitalwerks:

Today both Microsoft Corporation and Vitalwerks Internet Solutions, LLC announce they have reached a settlement in the matter of Microsoft Corporation v. Mutairi, et al.

Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks’ services.

Microsoft did at least offer a grudging apology to the disrupted innocent users of No-IP:

In the process of redirecting traffic to its servers for malware detection, Microsoft acknowledges that a number of Vitalwerks customers were impacted by service outages as a result of a technical error. Microsoft regrets any inconvenience these customers may have experienced.

The Electronic Frontier Foundation has doubts about the ultimate legality of Microsoft’s action:

Microsoft… took out the world’s largest dynamic DNS provider using a dangerous legal theory and without any prior notice to Vitalwerks Internet Solutions—the company that runs—or to the millions of innocent users who rely on every day.
What Were They Thinking? Microsoft Seizes, Returns Majority of’s Business

The reality, however, is that the legal system gave Microsoft the right to do this – and we should all learn some basic realities of modern life from the process:

  1. the courts will nod through the applications received from powerful organizations (and that will include government agencies) with very little technical scrutiny
  2. the war against cybercriminals (and cyber terrorists) cares little about collateral damage
  3. it is easier to classify everyone as a criminal and then let them go when they prove their innocence, than prove guilt in the first place
  4. there is no difference between Microsoft’s action here and governments’ action generally in demonizing everyone in case one or two are genuine criminals.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News, News_malware, News_politics | Tags: , , , , ,