A Geek With Guns

Chronicling the depravities of the State.

Without Government Who Would Expose Us to Malware

without comments

When the state confiscates a domain name do they have to renew it until the investigation concludes? Apparently not. The Federal Bureau of Investigations (FBI) seized a series of domains related to Megaupload when it decided to go after Kim Dotcom. What were once legitimate sites service the wants of users are now service up malware and porn. This didn’t happen as a result of somebody compromising the account used to register the domain names, it was only made possible because the FBI allowed the domains to expire:

Earlier this week, something suspicious started happening with Web addresses related to sites seized by the FBI from Megaupload and a number of online gambling sites. Instead of directing browsers to a page with an FBI banner, they started dropping Web surfers onto a malicious feed of Web advertisements—some of them laden with malware.

The hijacking of the Megaupload domains wasn’t the result of some sophisticated hack. Based on evidence collected by Ars, it appears someone at the FBI’s Cyber Division failed to renew the domain registration for CIRFU.NET, the domain which in turn hosted Web and name servers used to redirect traffic headed to seized domains. As soon as they expired, they were snatched up in a GoDaddy auction by a self-described “black hat SEO marketer,” a British ex-pat who calls himself “Earl Grey.”

As of Thursday afternoon, all of the server names associated with the domain no longer resolve to Internet addresses. GoDaddy has apparently suspended the domain registration, and Earl Grey has been ranting about it ever since on Twitter. The CIRFU.NET domain currently remains in limbo.

This raises a couple of concerns. First, if the FBI liable for allowing domains related to an investigation to expire? Since the FBI is seldom held accountable for its failures I doubt the answer to this question is yes. Related to this question is whether or not the FBI is liable for exposing visitors to Megaupload to malware. Even though the site wasn’t providing file hosting it was under investigation and therefore people believed they could safely visit the domain for laughs (who doesn’t enjoy laughing at the FBI). It was only due to the FBI’s incompetence that malware was being served by that domain. Finally, if the FBI isn’t held liable for this kind of failure does that mean it can effectively censor sites by seizing domains and letting them expire? Why go through the rigors of a trial when you can just make up an investigation, seize a domain, and sit on it until it expires and can be bought up by some spammer? Perhaps domain registrars would step in to prevent such shenanigans but I’m not entirely sure since they let expired domains get purchased by spammers all the time.

Had the FBI never targeted Kim Dotcom it’s almost certain that the Megaupload domains wouldn’t have expired because they were part of his business model. When you’re deriving income from something you tend to protect it. So we can just write this off as another example of the government exposing Internet users to dangers they wouldn’t have otherwise faced.

Written by Christopher Burg

May 29th, 2015 at 11:00 am