Cleaning the mean streets of the Internet: The Microsoft takedown

Eric Schmidt once said that, “The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had.” I think that this is as accurate of a statement as any about the nature of the Internet, even today. In the 1990s, the Internet went through a period of commercial whitewashing. What was once limited to academia, scientists, and technically sophisticated users was suddenly exploited by commercial interests realizing the massive potential of this new technology. The Internet slowly started to resemble a virtual "city" of sorts, with Amazon and eBay making up the shopping district, TD Ameritrade and Schwab online brokerages forming the financial district, and AOL chat rooms and early social networking making up an entertainment & nightlife district.

Despite the commercial investment into creating a profitable and family-friendly World Wide Web, the Internet has remained largely a seedy red-light district of sorts. In addition to the obviously sizeable adult entertainment market which has proliferated over the years, illegal activities such as high-volume spam, botnets & malware, credit card & identity theft (read Kingpin for a great in-depth expose), child exploitation, terrorist chatter, and black market activities have continued to grow. The continuous addition of naive end-users who don't fully understand the technology of the Internet and the threats they face have fed money and opportunities into this underworld, prompting organized crime and state-sponsored actors to get in on the action. Last but not least, the recent innovations Bitcoin and Tor have opened up channels for hackers to move money anonymously, browse the deep web without fear of surveillance, and monetize botted computers, to law enforcement's chagrin.

The proliferation of Internet crime has created an image in my head of the Internet watchdogs (companies such as Microsoft and Cisco, as well as the FBI and the NSA) as burned out detectives in a noir movie. Just like Detectives Rust Cohle and Marty Hart in HBO's True Detective (shown above), they are sick of playing whack-a-mole with slippery criminals, and resort to some violent, loose-cannon tactics to finally squash the one that got away.

Microsoft, in their own words, has decided to start "playing offense against cybercriminals" by sending an order through federal court allowing them to seize 23 commonly-used domains belonging to No-IP is one of only a few services out there that offer a free, basic Dynamic DNS service to customers. This essentially allows users to resolve a regularly changing IP address to a consistent subdomain, such as The service might be used to give a domain name to a continually changing dynamic IP address, such as what customers with a residential ISP receive. Or it might be used to resolve requests to a server that actually changes locations over time. On one hand, the service might be used by technically-minded users to host a file server on their home Internet connection, remote into a Minecraft server, or monitor their home surveillance cameras over the Internet. But on the other hand, it is used for nefarious reasons, often by botnet operators to command and control slave computers.

Microsoft's action may very well have disrupted a huge swath of botnet activity, allowing them to essentially take down the master server that slave computers were reporting to, and instead replace it with their own, legitimate server. In this position, Microsoft may even be able to deactivate the malware on the slave computers, ensuring they can't be exploited again by a new slave master. But the action also disrupted a presumably large amount of legitimate activity on No-IP's service, prompting a formal statement from No-IP and heated debate about the action on Slashdot and Hacker News. Commentators attacked the idea of a private entity seizing property from another company to root out a few troublesome customers, while others defended Microsoft due to their own experience in IT security and the trouble that No-IP domains cause them. Angry editorials were penned as outrage over the outage spread, but in the end, Microsoft relinquished control of the seized domains Wednesday, presumably after their botnet-dismantling operation concluded. A crux of the issue revolves around whether Microsoft ever put formal requests through to No-IP's abuse reporting department - if they failed to take that basic step first, the action seems quite a bit more heavy handed than originally thought.

The news of the massive domain seizure comes on the heels of some other heavy handed Internet policing action. Austrian police have decided to prosecute Tor Exit Node operators in the country. While Tor is undoubtedly used for illicit activity such as Silk Road, it is also used by journalists in authoritarian countries and whistleblowers, as well as others seeking privacy on the Internet. The action is in some ways comparable to the developer of a new encryption method being prosecuted when criminals utilize it to exchange clandestine messages, and is therefore being taken very seriously by Internet privacy advocates.

As more NSA revelations come out in the wake of the Snowden leaks, an eyebrow-raising report about a traffic-flagging program used to "red-flag" Internet traffic shows that interest in secure, open source software is enough to flag you as a potential threat. Visitors to the Linux operating system blog were shocked to find out that visiting their site is documented in the source code for the surveillance tool XKEYSCORE as a selector marking users in question as "extremists". ArsTechnica has the full text of the source code, which also calls out the Tails operating system in a comment as "a comsec mechanism advocated by extremists on extremist forums". The leak also shows that use of the aforementioned privacy tool Tor is enough to flag someone in a similar way, and the EFF has a good write-up on the implications a policy like this can have.

In the wake of these stories, one has to be concerned about the organizations with authority over the Internet and whether they will be a "good cop" or a "bad cop" as time goes on. The good cop character collects data and waits until they're completely sure they have the right suspect before making a move, while the bad cop is grabbing suspects left and right, slapping them around until someone confesses. We all know the Internet is a seedy, crime-ridden city with a teeming red-light district, but locking up innocent users won't make the proverbial streets any safer.

Level 3 Communications and the perpetual game of ISP "Chicken"
Medium, Tumblr, and the re-consolidation of online publishing