The internet giant Microsoft made waves this week in the international computer security world after obtaining legal justification from a Nevada court to “steal” access to 23 domains belonging to the local Reno firm No-IP. Microsoft justified this action to the court by saying that up to 18,000 No-IP domain names were part of a malicious malware network responsible for distributing the Kuwaiti and Algerian malware known as Bladabindi and Jenxcus.
Microsoft claims that 93 percent of the distribution happened on N0-IP domains.
No-IP was not given a chance to represent itself in court, according to sources. The judge gave control of the domain names to Microsoft. At this point, No-IP has regained legal control of 18 of the 23 domains.
The takeover effected more than 1,800,000 customers, representing roughly four million websites, according to No-IP. This meant that normal services for over 3.9 million websites were interrupted. No-IP was not notified by Microsoft about this legal action. Microsoft released a statement defending their actions.
“Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service,“ said David Finn, executive director of Microsoft’s Digital Crimes Unit.
This legal action has drawn criticism from security experts. Why didn’t Microsoft contact NO-IP before taking legal action to clean up the affected sites? Why did a judge grant Microsoft the authority to not only set a standard for other companies but act as a governing body for these standards?
“It’s a crazy world where one corporation can decide that another one isn’t doing its job good enough and simply get legal backing for taking the services of the company down,” said Andreas Lindh, security analyst at I Secure Sweden AB, according to a Forbes report.
Microsoft claimed that No-IP failed to address the malicious internet activity. No-IP claims they were never contacted.
No-IP has come forward advocating for the 3.9 million users that lost service. According to a www.geek.com article, after Microsoft’s clean up, only 2,000 of the 18,000 No-IP domain names were active.