As part of “Operation Save Our Children” ICE’s Cyber Crimes Center has again seized several domain names, but not without making a huge error. Last Friday, thousands of site owners were surprised by a rather worrying banner that was placed on their domain.
“Advertisement, distribution, transportation, receipt, and possession of child pornography constitute federal crimes that carry penalties for first time offenders of up to 30 years in federal prison, a $250,000 fine, forfeiture and restitution,” was the worrying message they read on their websites.
As with previous seizures, ICE convinced a District Court judge to sign a seizure warrant, and then contacted the domain registries to point the domains in question to a server that hosts the warning message. However, somewhere in this process a mistake was made and as a result the domain of a large DNS service provider was seized.
The domain in question is mooo.com, which belongs to the DNS provider FreeDNS. It is the most popular shared domain at afraid.org and as a result of the authorities’ actions a massive 84,000 subdomains were wrongfully seized as well. All sites were redirected to the banner below.
This banner was visible on the 84,000 sites
The FreeDNS owner was taken by surprise and quickly released the following statement on their website. “Freedns.afraid.org has never allowed this type of abuse of its DNS service. We are working to get the issue sorted as quickly as possible.”
Eventually, on Sunday the domain seizure was reverted and the subdomains slowly started to point to the old sites again instead of the accusatory banner. However, since the DNS entries have to propagate, it took another 3 days before the images disappeared completely.
Most of the subdomains in question are personal sites and sites of small businesses. A search on Bing still shows how innocent sites were claimed to promote child pornography. A rather damaging accusation, which scared and upset many of the site’s owners.
One of the customers quickly went out to assure visitors that his site was not involved in any of the alleged crimes.
“You can rest assured that I have not and would never be found to be trafficking in such distasteful and horrific content. A little sleuthing shows that the whole of the mooo.com TLD is impacted. At first, the legitimacy of the alerts seems to be questionable — after all, what reputable agency would display their warning in a fancily formatted image referenced by the underlying HTML? I wouldn’t expect to see that.”
Even at the time of writing people can still replicate the effect by adding “220.127.116.11 mooo.com” to their hosts file as the authorities have not dropped the domain pointer yet. Adding mooo.com will produce a different image than picking a random domain (child porn vs. copyright), which confirms the mistake.
Although it is not clear where this massive error was made, and who’s responsible for it, the Department of Homeland security is conveniently sweeping it under the rug. In a press release that went out a few hours ago the authorities were clearly proud of themselves for taking down 10 domain names.
However, DHS conveniently failed to mention that 84,000 websites were wrongfully taken down in the process, shaming thousands of people in the process.
“Each year, far too many children fall prey to sexual predators and all too often, these heinous acts are recorded in photos and on video and released on the Internet,” Secretary of Homeland Security Janet Napolitano commented.
“DHS is committed to working with our law enforcement partners to shut down websites that promote child pornography to protect these children from further victimization,” she added.
A noble initiative, but one that went wrong, badly. The above failure again shows that the seizure process is a flawed one, as has been shown several times before in earlier copyright infringement sweeps. If the Government would only allow for due process to take place, this and other mistakes wouldn’t have been made.