
How Microsoft Appointed Itself Sheriff of the Internet - ghosh
http://www.wired.com/2014/10/microsoft-pinkerton/
======
rlpb
"Microsoft had a plan in place to keep legitimate customers online, while
stopping the malware, but it didn’t work."

Presumably Microsoft were able to convince a judge that their plan was
acceptable on the basis that they had a plan and it would work.

IMHO, that should be enough in itself to hold Microsoft culpable for all
damages as a consequence of their plan failing.

Nothing against Microsoft in particular here; anyone can screw up. It should
just be a general rule that applies equally to everyone in this sort of case.
Doing this "ex parte temporary restraining order" without any opportunity for
the targeted party to respond presents enough of a risk to the target that it
should only be permitted if the party requesting it is prepared to take the
financial hit should they screw up.

Perhaps the funds should even be required to be held in escrow. Enough to
cover the target's financial collapse.

~~~
drivingmenuts
>Nothing against Microsoft in particular here; anyone can screw up.

Well, except for the bit where they appointed themselves Sheriff without any
legal authority. Sure, what they _did_ may have been legal, but anointing
themselves doesn't sound legal to me.

It's the moral equivalent of someone appointing themself the President because
he or she has the biggest and most guns.

~~~
rlpb
> Well, except for the bit where they appointed themselves Sheriff without any
> legal authority.

AFAICT, this is factually incorrect. They acquired a court order, did they
not? They didn't appoint themselves as anything. They asked a court, and a
court agreed.

This is how the legal system should work.

If you have a problem with it, then you can petition for laws that bind a
court to do something else instead. This is what I am saying: a court should
be bound by law to ensure the target is adequately protected financially in
this sort of case.

~~~
UnoriginalGuy
> This is how the legal system should work.

Nonsense. The legal system is a two party system where both sides get to make
an argument and an independent arbitrator makes a judgement.

The way Microsoft are using the law, effectively the other party never gets to
argue and the first they hear about the lawsuit is when Microsoft has already
won.

That isn't how the legal system is meant to work. The Lanham Act is broken.

~~~
rlpb
> The legal system is a two party system where both sides get to make an
> argument and an independent arbitrator makes a judgement.

And in exceptional cases, an independent arbitrator can agree to something
different where justice would be better served by doing so.

Search warrants are an example.

I don't have any problem with judges having this sort of power, because
somebody has to be able to intervene when justice requires it. A judge whose
job is to remain impartial is the best we can do. Provided that judgements are
able to receive public scrutiny as soon as is possible, and that the public
can (through their elected representatives) write laws for what they want done
in specific situations.

This case is receiving public scrutiny, so the system is working well up to
now. What happens next remains to be seen.

If your country has a problem with getting what the public wants written into
laws, then you have a political problem, not a legal one.

~~~
worklogin
Eh, typically, a private company shouldn't get the privilege the NSA enjoys
regarding one-party secret warrants.

~~~
ghshephard
I think Microsoft is liable for all the damage they did, (which could be in
the 10s of millions of dollars), but There was nothing secret about this - the
process server handed over everything, nobody was bound by law to not talk
about this. This is nothing like the NSLs.

~~~
worklogin
>Microsoft’s court maneuvering had played out in secret. Durrer’s company
didn’t have the chance to argue its case in court. By the time Durrer was
served with court papers on that June day, Microsoft had seized control of the
company’s services and ejected the hackers using them, while also locking out
all the legitimate users. Durrer eventually regained control of his company,
but only after it had been offline for days.

The owner of a legitimate company was notified of the confiscation by MS of
his business as and after it happened...

EDIT: Actually, read the entire paragraph under ‘As the hours creeped by, more
and more people were falling offline.’ header.

~~~
ghshephard
I understand what happened in the Microsoft case - but it's important not to
confuse this with an NSL. In the case of a search warrant, and Microsoft's
court maneuvering's everything is done in secret, until it's executed
(otherwise the parties could simply take action to avoid the warrant)- at
which point everything comes out into the open.

In the case of an NSL, when it is served - the person who it's served upon is
_bound by law_ not to discuss it, and must keep it secret.

Totally different.

------
peterwwillis
_" The irony is that No-IP had worked with Microsoft in the past. The company
had collaborated with Microsoft’s anti-piracy group, and it also worked on the
takedown of the Mariposa botnet, which was dismantled in 2010. Especially give
their prior relationship, No-IP’s Zigenis wishes Microsoft had reached out for
help with the takedown instead of going to the courts. “All this action, all
the work that Microsoft did,” he says. “Whatever they spent on their lawsuit
could have been saved by a phone call.”_

 _" His point is that, with the No-IP takedown, Microsoft didn’t work with
others. It didn’t even work with No-IP. It served the company papers without
asking the No-IP to shutdown bad actors or even telling the company what it
planned to do."_

Fuck. Microsoft.

~~~
TheRealDunkirk
Yeah, there's really no excuse for not talking to the people at the company
first. The only reason I can fathom would be that if Microsoft suspected the
owner of No-IP to be actually involved with the botnet operators. (Especially
given that they had a previous relationship, this is inexcusable, but it
shouldn't have mattered anyway.) If Microsoft had contacted them first, and
No-IP had given them some _reason_ to suspect that they were culpable, then,
by all means, work through the legal system. The whole notion of sealed legal
precedings, as with the FISA court, gives me the willies. It's almost like the
exact opposite of what the Bill of Rights was supposed to ensure for
protections of the populace against their government. How much more offensive
is it that this type of action was used against a individual running a
commercial company, not involved in any way with "national defense" issues?

~~~
anonbanker
This was an international case. The Bill of Rights of the United States of
America does not apply. To impose the BoR on a non party would be a violation
of their human rights, guaranteed by the Universal Declaration of Human
Rights.

~~~
TheCoelacanth
The court was in Las Vegas, and Microsoft, No-IP and the company that was
ordered to redirect the domains are all based in the US. In what sense is this
an international case?

~~~
anonbanker
The documents were served to no-ip in Nevada, but the other parties were in an
arabic-speaking country. The case was filed in multiple jurisdictions if you
read the court documents. I invite you to read noticeoflawsuit.com and see
what actually happened.

~~~
TheCoelacanth
I don't see anything on that site that gives evidence of cases filed in other
jurisdictions. Which documents are you referring to?

------
at-fates-hands
_It was an unfriendly conversation. Microsoft was willing to hand over No-IP’s
domains, but only if the company met certain terms. Microsoft’s specific
demands are protected by a confidentiality agreement, so we can’t say exactly
what they were, but Durrer says that, if he had complied, they would have put
No-IP out of business._

This should make anyone scared to death. The fact a company with little or no
oversight can simply lock down a companies servers and then hold them for
ransom is quite freighting.

Add in the fact No-IP had no say in the issue and this was all done in secret
is rather unnerving.

------
MattyRad
The exact same legal precedent could be used to seize hotmail.com for all the
spam, scams, and viruses floating through it. I am willing to bet the judge
was handed a 2 foot tall stack of papers with technical gibberish which she of
course, didn't read, but had _complete assurance_ from these slimy Microsoft
lawyers that they knew what they were doing. If any other company tried the
same move, the judge would dismiss it instantly. But of course, the law can't
operate the same way for a 16 person company vs. a 100,000+ person company.

I think this clip fairly accurately summarizes the ordeal:
[https://www.youtube.com/watch?v=8vxEimC3HME](https://www.youtube.com/watch?v=8vxEimC3HME)

------
coldcode
I'm sorry that people are hacking Microsoft's OSs, but this is "legal" piracy.
The US courts should not and cannot condone one-sided private legal decisions.
Sure the Federal government can vaguely justify doing this themselves but
allowing a private corporation this right is beyond even a random reading of
the constituion.

~~~
hollerith
Well, Microsoft only acted after they got a court order.

So, it seems to me that your "real" objection, if I may presume to say, is
that the Courts are giving Microsoft a lot of say as to which entities on the
internet are bad actors.

But do you _really_ want FBI agents or other federal executive-branch
employees to have that say instead? Isn't it better for decisions like that to
be made by organizations with greater technical competency than the executive
branch of the US government?

Of course, if Microsoft starts using these court orders to hobble their
competitors, then that is bad, but no one is asserting that they have started
doing that; are they?

Also, if other computer companies, e.g., Google and Apple, started doing what
Microsoft is, the Courts would give their expertise approximately the same
amount of deference that they currently give Microsoft -- or more precisely, I
have seen no signs that that is not the case.

An analogy: would you not prefer for the laws and executive-branch policies
related to _software patents_ to be decided by computer companies and software
professionals rather than elected officials, their legislative aids and
lobbyists? (According to Eben Moglen, current US laws and policy around
software patents are largely influenced by lobbyists for the _pharmaceutical_
companies who feel the need to oppose any weakening of patent "rights" in any
industry.)

More precisely: if individuals and organizations without deep technical
knowledge were prohibited from influencing policy on software patents, would
not that be an improvement over the current situation?

~~~
xorcist
> But do you really want FBI agents or other federal executive-branch
> employees to have that say instead?

Dear god yes. Law enforcement may need these enforcements from time to time,
but you can not let a private company slap around their competitors at will
using the same methods.

~~~
hollerith
What competitor did Microsoft slap around?

Do you consider No-IP a competitor to Microsoft?

~~~
pmontra
With Azure they are more or less in the same business.

~~~
morganvachon
Really? That's like saying a guy on the corner selling tourist maps is more or
less in the same business as Delta Air Lines, because Delta has a brochure
stand in the airport lobby. No-IP offers domain/DDNS service, Microsoft Azure
is a full stack cloud service similar to Amazon's AWS, and is a small part of
a much larger company. There is no competition there.

~~~
xorcist
No-IP sells managed DNS, which you can get with Azure as well, so in that
particular service they are direct competitors. But with an as large company
as Microsoft there will be overlap with pretty much every other company on the
planet, so that's not necessarily relevant.

I was speaking in a more general sense. If Microsoft could do this, other
companies can. If they could do it against No-IP, they can the same thing to
others.

------
SG-
What I don't understand is how a botnet could negatively affect Microsoft
other than showing the world through news articles how it infected vulnerable
Microsoft software?

Is the bad press basically the reason and justification?

~~~
oconnor663
Botnets are responsible for lots of (most?) spam and DDOSs. Those hurt
everyone on the internet, not just Windows users.

~~~
SG-
I understand that, and they should be taken down. But Microsoft is using
justification that it's hurting their business in order to take over other
businesses and shut them down.

------
ath0
Good article and timely, because they just did another big response two days
ago: [http://blogs.technet.com/b/mmpc/archive/2014/10/14/msrt-
octo...](http://blogs.technet.com/b/mmpc/archive/2014/10/14/msrt-
october-2014-hikiti.aspx)

While this didn't involve a broad takedown of a public provider (as far as I'm
aware), it did involve coordinated release of tools and more-targeted takedown
requests through their semi-private "Coordinated Malware Eradication" program.
On balance, I think what Microsoft is doing is a good thing, but public
scrutiny and discussion of any organization/cartel that operates in secret is
equally important.

------
anonbanker
I've shamelessly copied Microsoft's noticeoflawsuit.com and have used it as a
template to recover two domains from people holding them ransom from the
rightful owners. It's a fantastic process, and I have to thank Mr. Haimovichi
for the cool legal tricks he taught me in his paperwork.

Just make sure you have someone competent in the other jurisdiction that can
file/serve the paperwork (Australia/Canada in my case), and it's remarkably
straightforward. The defendant can only argue once the domain has been
transferred over, so you'll get your domain back asap. In our case, the
defendant didn't want to hire a lawyer (we're all self-representing advocates
on the plaintiff's side), and we're expecting him to default in 15 days. The
last four months of head games and BOFH behavior were quashed in less than 72
hours after the filing was completed in both jurisdictions.

Before Microsoft vs. No-ip.com, I was not a fan of ICANN. This process has
certainly changed my tune, however.

~~~
bo1024
> the defendant can only argue once the domain has been transferred over

Sounds like a very scummy thing to do. Any legal system that allows this sort
of tactic is ripe for abuse.

~~~
anonbanker
Welcome to international contract law. You are guilty (and are expected to
make reparations) until proven innocent.

The legal system is more ripe for abuse than anyone really knows. Another
reason contract law should be taught in high schools

------
wyager
This is a prime example of why critical internet systems (namely domain name
resolution) need to be completely and absolutely out of reach of government
officials (some of whom are guaranteed to be corrupt) and private corporations
(some of which are guaranteed to have interests contrary to the public).

~~~
harryjo
And controlled by... who?

~~~
wyager
No one. See namecoin.

------
gregd
I can't help but feel that with a judiciary that seems to be largely "out of
touch" with technology, that when Microsoft walks into the courtroom and says
something is bad...that the enamored judge thinks to herself, "well then it
must be bad".

------
socrates1998
So Microsoft build a product, Windows, that a customer was using to run his
business and that he purchased legally.

Then, when the product that they built wasn't working correctly, they seized
this guys business and held it for ransom.

Not exactly what I would call "free market", but this is how Microsoft has
done business for years.

------
_nullandnull_
It wasn't mentioned in the article but there was also a lot of controversy on
how Microsoft handled the Operation B71.

[http://blog.fox-it.com/2012/04/12/critical-analysis-of-
micro...](http://blog.fox-it.com/2012/04/12/critical-analysis-of-microsoft-
operation-b71/)

------
lostcolony
"Boscovich remembered a case he’d seen argued back in his Florida days. A
maker of designer handbags had been granted the right to seize the bags from
the counterfeiters. Because its brand was being harmed by the infringement,
the court gave it the ok to seize the bags. A year after Waledac, Boscovich
used this argument to seize the Rustock servers."

This is fascinating. This is an actual, tangible case where intellectual
property law had more teeth, and more negative side effects, than the existing
cyberlaws. It's evidence both that trying to take law that applies to physical
goods and apply it digitally is not trivial (if even possible to do fairly),
as well as how much cyberlaw has lagged behind the evolution of technology, in
a context completely separate from the usual ones (DRM, copying = piracy?,
etc).

------
orf
I'm glad Microsoft is doing what law enforcement seems incapable of doing.
Microsoft also has a huge vested interest in cleaning up Windows related
malware, and huge cash reserves. I expect they spend more than most countries
do on combatting cybercrime.

~~~
serf
>I'm glad Microsoft is doing what law enforcement seems incapable of doing.

Yeah! why make our seized domains go to waste redirecting to a landing page
like the FBI when we could make them work for _us_ while ruining some
company's user experience like Microsoft did!! Yeah!

law enforcement & microsoft are equally capable of feeding judges bullshit in
order to put their hands where they don't belong and destroy fragile systems.

~~~
iso27002
Why not aim your anger towards No-IP, given the following?

"Our research revealed that out of all Dynamic DNS providers, No-IP domains
are used 93 percent of the time for Bladabindi-Jenxcus infections, which are
the most prevalent among the 245 different types of malware currently
exploiting No-IP domains. Microsoft has seen more than 7.4 million Bladabindi-
Jenxcus detections over the past 12 months, which doesn’t account for
detections by other anti-virus providers. Despite numerous reports by the
security community on No-IP domain abuse, the company has not taken sufficient
steps to correct, remedy, prevent or control the abuse or help keep its
domains safe from malicious activity."
[http://blogs.microsoft.com/blog/2014/06/30/microsoft-
takes-o...](http://blogs.microsoft.com/blog/2014/06/30/microsoft-takes-on-
global-cybercrime-epidemic-in-tenth-malware-disruption/)

~~~
kbart
Why stop here? Maybe just let Microsoft police whole Internet, after all, 100%
of malware operates on it. MS should clean their house first and start taking
OS security seriously instead of putting blame on legitimate business.

------
throwawaykf05
_> "Whatever they spent on their lawsuit could have been saved by a phone
call."_

Wasn't Microsoft's precise concern that such a call could have been tantamount
to giving botnet operators advance notice? I seem to recall when this was
discussed previously that some HN commenters had similar experiences with
traffic from No-Ip domains and considered them to be in cahoots with the
botnet operators.

~~~
xorcist
But those allegations just doesn't make sense. Does anyone seriously believe
botnet operators to be _paying_ _customers_ of No-IP?

Why else would they give them advance notice? Out of spite? No-IP has
absolutely nothing to gain from it and everything to lose.

It just doesn't make sense. Has there ever been any real indication that this
was the case?

~~~
marvy
They would not do it on purpose. The fear was about accidentally somehow
letting it slip. No idea how.

------
tzakrajs
This is ethically reprehensible.

------
geobz123
Interesting read,

I hate when I see that like the post says about this Attorney... he has no
idea about computers yet he is trying to fight something in computers. I get
that in real life all the time people that have no knowledge of computing and
the internet want to change it... cause they are trying to show other people
that they do.

------
paddyoloughlin
Wired: Stop making cursor keys initiate navigation!

This drives me nuts!

~~~
josu
What do you mean?

~~~
paddyoloughlin
When reading a Wired article, holding down shift and pressing left or right
cursor loads another article.

Often, when reading articles, I highlight the part I am currently reading and
then track where I'm reading by extending the highlight with shift and right
or down cursor.

This has been fine for me for over 15 years, until reading a few Wired
articles over the past while and coming across this new feature of theirs.

------
spanker
TD;DR? [http://www.noip.com/blog/2014/07/10/microsoft-takedown-
detai...](http://www.noip.com/blog/2014/07/10/microsoft-takedown-details-
updates/)

The "new Microsoft" is worse than the old one.

~~~
morganvachon
There's nothing really "new" about this though. Microsoft has been doing this
for a while; it didn't start with Nadella taking the reins.

My take: Microsoft dropped the ball while genuinely trying to do a good thing.
First, they should have communicated with No-IP as they have in the past
instead of seeking a secret court order; they have worked together in the past
and there was no reason they couldn't this time as well. Failing that, the
court should have required Microsoft to reimburse No-IP for any lost revenue
due to the action, given that No-IP was not allowed to even know about the
order, much less present their side or make an attempt to work with Microsoft.

I honestly don't think Microsoft set out to destroy No-IP's business, there
simply isn't a logical reason for that. They aren't a direct competitor
(Microsoft is not in the dynamic DNS business to my knowledge), and if they
were, using the court like this to destroy a competitor would end badly for
Microsoft. No, I think they just plain goofed. It definitely sucks that they
aren't more willing to help No-IP get back on their feet.

~~~
xorcist
> instead of seeking a secret court order

The blame here must reside with the justice system. There will always be
companies attacking their competitors by legal means, it must be the
responsibility of the system to not let them get away with it.

~~~
morganvachon
Indeed, the situation reeks of a rubber-stamp mentality among the court staff
involved with this case. Having worked in law enforcement in the past, I've
seen first hand how some judges can just blindly approve whatever warrant or
order comes across their desk without so much as a cursory glance at the
details, consequences be damned.

