Microsoft's self-proclaimed "internet prosecutor" holds the power to kill the domain name business

domain.cn October 20 News, as a veteran technology giants, Microsoft's position in the global scientific and technological world is important, but little known is that Microsoft also has some Internet management rights, it even for the domain name service providers also have "life and death." Foreign science and Technology media, "Wired" magazine network version of this has been elaborated and analyzed, the article that Microsoft's self-proclaimed "internet prosecutor", can "maintain network security" in the name of the takeover of the domain name business services, this behavior has to arouse the scientific and technological attention. The following is the main content of the article.

7 o'clock in the morning, Dan Durrill (Dan durrer) was awakened by a knock at the door, his dog began to bark, Durrill thought it was delivery, but after opening the door, found not a parcel, but a court summons delivery of the 3-inch thick court documents, The documents included news from Microsoft's takeover of Durrill's company, but he didn't have time to read it carefully, and at the same time, Durrill's pager received news that the company's Internet service had been forced to halt.

For the past 15 years, Durrill has been the CEO of No-ip, a small Internet service provider, with only 16 employees in the Nevada State City, whose main business is to provide special DNS services for ordinary and small business customers, This service enables customers to obtain a stable Internet connection using a dynamic IP address. Such services include geeks obsessed with network security, parents who need to monitor children under nanny care, and chain retailers who control the registers of various stores, and of course, some criminals use the service to launch malicious attacks on the Internet.

This is also the main reason why Microsoft is sending legal documents to Durrill and halting NO-IP-related services, and NO-IP has become the object of concern for Microsoft's assistant general counsel for Digital Crime, Richard Boscovic (Richard Boscovich). There are more malware associated with NO-IP services than we think, "Boscovich said.

He tried to crack down on the people behind the malware, most of them using Microsoft's Windows operating system, so he used a controversial but legitimate and effective way to use what is called a "unilateral temporary restriction order" (Ex parte Temporary Restraining order) "to give Microsoft a certain law enforcement capabilities, so that some private property can be forced to deal with.

Microsoft tends to use this power in secret, in Durrill, for example, his company did not have a chance to litigate with Microsoft, because when he received a Microsoft court document in June, Microsoft had controlled the services it provided and organized hackers to continue to use them, while also locking in all legitimate users. Although Durrill eventually regain control of the company after a few days after the company's service was disconnected, he was not sure how much compensation he had to pay to customers because he had signed an annual contract with most of his clients.

In the past 6 years, Boscovich and Microsoft have handled dozens of similar cases, the final results of which are basically the same: Microsoft is hoping to stop criminal activity and clean up infected systems, in which case Microsoft has managed to stop some of the more low-level criminal activities, Of course no-ip is not a bad company, it is just a variety of customers.

Microsoft says it needs this slightly more extreme power to secure the Internet. Since the Windows operating system was hit by a series of worm attacks a decade ago, Microsoft has been highly focused on the security of the network, which is certainly commendable and appreciated, because it will help the healthy growth of the Internet. But there are those who argue that Microsoft could abuse that power and portray itself as an "internet policeman", and that it could shut down legitimate companies in the name of protecting the security of the Internet.

Although the No-ip case has been properly resolved, Boscovich says Microsoft believes it is continuing to follow the trend of those malware networks.

Legal coercive power

When Durrill received the court documents, his pager rang, and he did not connect the two, and when he learned that No-ip's Internet service was forced to stop, his first reaction was that the company had been hacked.

But when he arrived at the office and found that the company had not been hacked, 23 of the company's domain names-most of which involved key businesses-had been Las Vegas to computers controlled by Microsoft, while the local court had asked all companies registering domain names in No-ip to submit their domain names to Microsoft. While Microsoft has a plan to keep legitimate users online and organize the software, the plan is not working, so millions of addresses used by NO-IP customers are eventually forced offline.

In the face of this situation, Durrill and his company at a time of helpless. "Over time, more and more customers find themselves unable to get online properly," Duren Ginis Dylan Zigenis, No-ip's business development manager, recalls, "the customer blew up our phones, but it was just the beginning." ”

Microsoft's actions were licensed by the courts, but Guinness and Durrill were unaware of it, so they could tell their clients the truth because No-ip had not been prosecuted, "we are still a legitimate business," Guinness said. Durrill then called the company's lawyers and made a series of response plans, and by the same night he communicated with Boscovich on the phone.

It was an unfriendly conversation. Although Microsoft agreed to return the domain name to NO-IP, but require the company to meet certain conditions can be, because the specific requirements of Microsoft received confidentiality agreement protection, so we can not get detailed content, but according to Durrill's introduction, if he agreed to these requirements, then No-ip could not continue to operate.

Durrill and Boscovich and lawyers from both sides have been talking late into the night and failed to reach an agreement, while Microsoft still controls the domain name of No-ip, so the latter's clients are still unable to access the Internet.

In the face of such a fatal blow to the company's business, Durrill also powerless. Two days later, because of the beginning of a large number of negative reports, Microsoft had to return the domain name to No-ip, and No-ip spent two days to debug after the opening of all customer service.

Changing the Microsoft Worm

In 2008, Boscovich, who worked for 17 years at the U.S. Department of Justice, joined Microsoft as part of Microsoft's Digital crime department. Microsoft's engineers were working overtime to develop the company's next operating system, Windows Vista, when Vista was considered the safest Windows operating system. The security experts who have derided Microsoft for a few years ago to discover windows vulnerabilities have been "bought" by Microsoft, which has asked them to discover and patch windows as much as possible before Vista is released.

The notorious "Conficker worm" virus appeared, a turning point for Microsoft, a master-written malware that was still the most widespread virus in the Internet after 6 years, when Boscovich's boss Tim Clanston (Tim Cranston) Hopefully the company will be able to counter the people who wrote the virus, "everyone on our team was very frustrated," Boscovich said, "Although our defense system has improved markedly, we think we can do better." ”

So Microsoft subsequently joined a community called the Conficker workgroup to curb the virus's development, the community has assembled a number of well-known Internet experts and computer security researchers, but others believe that Microsoft's culture-every public statement is carefully worded and audited-does not conform to the Conficker Working Group "arbitrary qualities."

"There's a lot of discomfort when they work with the Conficker team, after all, there are too many participants in the community, and some of them are only involved for marketing purposes," said Jeff Williams, the head of Microsoft's security Strategy co-operation, Jeff Williams. There are many reasons why it is difficult to carry on from the point of view of operational security. ”

It is for this reason that Microsoft, in its subsequent operations, often chooses to fight solo or to work with small teams, which in turn improves Microsoft's productivity. "The perception of Microsoft in the industry is that they are playing their own game," said Mikko Hypponen, chief research officer at computer security firm F, "and no one has asked Microsoft to do that, and they can operate like Apple." Miko Haibon ”

Haibon, a former member of the Conficker Working Group, is unsure of Microsoft's success, but is also concerned about the damage it may cause, "they will share some information and their specific approach," said the sea Bonn. But this information is much less than we think. ”

Legal hackers

Conficker virus Let Microsoft understand the Internet domain name is the battle against cybercrime, the important battlefield, Conficker machine began to receive a series of pre-set domain name computer instructions, in order to fight against Conficker, Boscovich colleague TJ Campana (TJ Campana with a security expert your team works by registering domain names to make it impossible for the perpetrator to send new commands with infected computers.

But there are a lot of botnets, they are controlled by a computer under some domain name, and the domain name that is associated with the Conficker is that Microsoft can not be fixed by simple registration, in the face of this situation, if we can prove in some way that these botnets will cause harm to Microsoft and the public, It would then be possible to authorize Microsoft to take over these domain names directly, thus hitting the owners of these botnets.

Boscovich the idea to Cranston, who objected at the time, but later changed his mind after a thought. February 24, 2010, Microsoft announced a federal court order ". com" domain registrar VeriSign temporarily shut down the possible 277 top-level domain names related to the Waledac botnet. When Microsoft processed Rustock botnets, they took over the servers used by fraudsters.

In fact, Microsoft's approach to deal with NO-IP is similar to the WALEDAC case, the reason is that the perpetrators of infringement of our trademarks, but also to the public harm, so we must intervene to stop this behavior, then we ask the Court to give us the power to take over these domain names. Microsoft has used this argument for dozens of of the court's support. But the difference is that NO-IP is a legitimate service provider with thousands of legitimate customers, and if Microsoft can take over such companies directly, is it too big a point?

"The case of Microsoft taking over the NO-IP domain name illustrates the logic that if a resource on the internet is abused by the owner's care step, someone else can take it over," said one of the founders of the DNS system, the CEO of security company Farsight, Paul Wickers Paul Vixie said, "If you follow this logic, I think too many people can run hotmail.com and outlook.com better than Microsoft, would they be able to take over these domain names directly? So Microsoft's approach is really unprecedented." ”

According to lawyers, Microsoft's approach actually deprives companies such as No-ip of a say in court. Shortly after the No-ip case, the Electronic Frontier Foundation (Electronic Frontier Foundation) lashed out at Microsoft's behavior. Eric Goldman, a law professor at the University of Santa Clara, also questioned "unilateral temporary restraint orders", and "Our justice system has been designed to provide that the parties have the right to express their views before a final decision is made," he said. But Microsoft's behavior is clearly to listen to one side of the opinion, and do not scruple the other side, in this state of the decision is likely to be unfair, and even to the judicial system caused irreparable damage. ”

In addition, Wickers is also quite concerned that the current Microsoft seems to be acceptable for damaging legitimate users ' rights in the name of "cracking down on cyber crime", noting that Microsoft has also caused huge losses to its customers in 2012 when it shut down a dynamic DNS provider named 3322.org in China.

Indirect damage

Two weeks after the No-ip case, Boscovich and Wickers spoke separately on the issue of botnets at a hearing at the Senate Judiciary Committee. "The internet world cannot rely solely on us to deal with botnets," says Boscovich. "Wickers that this statement is not correct," we know that when a company or an institution or a country can take over a business on its own, the results are often disastrous, "he said," because Internet resources are interdependent, "he says. Many business management rules are actually unwritten. ”

Wickers that in the No-ip case, Microsoft did not cooperate with other parties, and it did not even cooperate with NO-IP, and it did not ask the NO-IP to control some of its clients ' bad behavior until it provided the court documents, and did not tell No-ip the next steps and plans to be taken.

Boscovich said it was impossible for Microsoft to co-operate with No-ip because there were a number of criminals using NO-IP's services, "if we disclose the future plans to no-ip ahead of time, then those criminals will probably get the information and move ahead with their facilities," he said. But No-ip does not agree with this statement.

Ironically, however, No-ip had previously cooperated with Microsoft, a member of the Microsoft Anti-piracy group that had been involved in Microsoft's crackdown on Mariposa botnets in 2010. Given this partnership, No-ip Guinness wants Microsoft to be lenient and no longer suing the courts, "now that we have done so, we still hope that Microsoft will be able to deal with the problem and let No-ip get through it as soon as possible," Guinness said.