On July 3, the four day standoff between Microsoft Digital Crimes Unit and No-IP ended. Per a blog post update from No-IP's Natalie Goguen, the 23 domains that Microsoft has legally absconded were back under No-IP's control.
Microsoft's intent, of course, was to eliminate some serious strains of malware that were being proliferated by domains under No-IP's mastery. While the intention was good, and the company was able to wrangle a Nevada court to approve the action, the consequential result was the loss of connectivity for millions of innocent bystanders. The actual number has not been substantiated, but No-IP sets it at millions of hostnames and millions of customers.
Microsoft Digital Crimes Unit (DCU) has been making some considerably aggressive moves toward eliminating electronic crime worldwide and has taken to publicly calling out its successes. The company has been lauded by customers and security vendors alike for its efforts. The No-IP effort was to be yet another jewel in DCU's crown, but due to technical issues, any success was overshadowed by failure. Microsoft may have been overzealous and put intent before ability. I heard someone state that Microsoft's action was like planting charges to demolish a single building, but taking out the entire city block with it.
David Finn, Executive Director and Associate General Counsel for the Digital Crimes Unit responded this way:
"Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners’ knowledge through the abuse of No-IP, an Internet solutions service. Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced."
Since then, No-IP has provided updates that the domains were back under the company's control, and that the DNS records would soon be available.
The only piece remaining, is if Microsoft was able to glean any success from the operation. Was DCU able to actually eliminate the targeted malware threats?
But, also, it will be interesting to watch if Microsoft will take similar actions in the future. No-IP complained that it was never formally contacted by Microsoft, and if it had, things would have been different. DCU is relatively new and there's room to learn, but how was Microsoft able to determine that No-IP was harboring tainted domains if the company itself had no clue? No-IP praised its own daily scanning and monitoring technologies, but infections continued for over a year. No-IP swore that Microsoft had never contacted it about the problem, and if true, Microsoft needs to amend its practices.