The US Government has yet again shuttered several domain names this week. The Department of Justice and Homeland Security’s ICE office proudly announced that they had seized domains related to counterfeit goods and child pornography. What they failed to mention, however, is that one of the targeted domains belongs to a free DNS provider, and that 84,000 websites were wrongfully accused of links to child pornography crimes.
As part of “Operation Save Our Children” ICE’s Cyber Crimes Center has again seized several domain names, but not without making a huge error. Last Friday, thousands of site owners were surprised by a rather worrying banner that was placed on their domain.
“Advertisement, distribution, transportation, receipt, and possession of child pornography constitute federal crimes that carry penalties for first time offenders of up to 30 years in federal prison, a $250,000 fine, forfeiture and restitution,” was the worrying message they read on their websites.
As with previous seizures, ICE convinced a District Court judge to sign a seizure warrant, and then contacted the domain registries to point the domains in question to a server that hosts the warning message. However, somewhere in this process a mistake was made and as a result the domain of a large DNS service provider was seized.
The domain in question is mooo.com, which belongs to the DNS provider FreeDNS. It is the most popular shared domain at afraid.org and as a result of the authorities’ actions a massive 84,000 subdomains were wrongfully seized as well. All sites were redirected to the banner below.
The FreeDNS owner was taken by surprise and quickly released the following statement on their website. “Freedns.afraid.org has never allowed this type of abuse of its DNS service. We are working to get the issue sorted as quickly as possible.”
Eventually, on Sunday the domain seizure was reverted and the subdomains slowly started to point to the old sites again instead of the accusatory banner. However, since the DNS entries have to propagate, it took another 3 days before the images disappeared completely.
Most of the subdomains in question are personal sites and sites of small businesses. A search on Bing still shows how innocent sites were claimed to promote child pornography. A rather damaging accusation, which scared and upset many of the site’s owners.
One of the customers quickly went out to assure visitors that his site was not involved in any of the alleged crimes.
“You can rest assured that I have not and would never be found to be trafficking in such distasteful and horrific content. A little sleuthing shows that the whole of the mooo.com TLD is impacted. At first, the legitimacy of the alerts seems to be questionable — after all, what reputable agency would display their warning in a fancily formatted image referenced by the underlying HTML? I wouldn’t expect to see that.”
Even at the time of writing people can still replicate the effect by adding...MORE