[2/16/11] The US Government has yet again shuttered several domain names this week. The Department of Justice and Homeland Security’s ICE office proudly announced that they had seized domains related to counterfeit goods and child pornography. What they failed to mention, however, is that one of the targeted domains belongs to a free DNS provider, and that 84,000 websites were wrongfully accused of links to child pornography crimes.
As part of “Operation Save Our Children” ICE’s Cyber Crimes Center has again seized several domain names, but not without making a huge error. Last Friday, thousands of site owners were surprised by a rather worrying banner that was placed on their domain.
“Advertisement, distribution, transportation, receipt, and possession of child pornography constitute federal crimes that carry penalties for first time offenders of up to 30 years in federal prison, a $250,000 fine, forfeiture and restitution,” was the worrying message they read on their websites.
As with previous seizures, ICE convinced a District Court judge to sign a seizure warrant, and then contacted the domain registries to point the domains in question to a server that hosts the warning message. However, somewhere in this process a mistake was made and as a result the domain of a large DNS service provider was seized.
The domain in question is mooo.com, which belongs to the DNS provider FreeDNS. It is the most popular shared domain at afraid.org and as a result of the authorities’ actions a massive 84,000 subdomains were wrongfully seized as well. All sites were redirected to the banner below.
THIS BANNER WAS VISIBLE ON THE 84,000 SITES
The FreeDNS owner was taken by surprise and quickly released the followingstatement on their website. “Freedns.afraid.org has never allowed this type of abuse of its DNS service. We are working to get the issue sorted as quickly as possible.”
Eventually, on Sunday the domain seizure was reverted and the subdomains slowly started to point to the old sites again instead of the accusatory banner. However, since the DNS entries have to propagate, it took another 3 days before the images disappeared completely.
