EXHIBIT 17 - noticeofpleadings.com · exparte for an emergency temporary restraining order and...
Transcript of EXHIBIT 17 - noticeofpleadings.com · exparte for an emergency temporary restraining order and...
IN THE UNITED STATES DISTRICT COURT
FOR THE EASTERN DISTRICT OF VIRGINIA
Alexandria Division
MICROSOFT CORPORATION, aWashington corporation.
Pl-Uaintiff.
v.
DOMINIQUE ALEXANDER PATTI. anindividual: DOTFREE GROUP S.R.O.. aCzech limited liability company, JOHNDOES 1-22. CONTROLLING ACOMPUTER BOTNET THEREBYINJURING MICROSOFT AND ITSCUSTOMERS
Defendants.
No. \:ucvloHCivil Action No:
FILED UNDER SEAL
EX PARTE TEMPORARY RESTRAINING ORDER ANDORDER TO SHOW CAUSE RE PRELIMINARY INJUNCTION
Plaintiff Microsoft Corp. ("Microsoft") has file a complaint for injunctive and otherrelief
pursuant to: (1) the Computer Fraud and Abuse Act (18 U.S.C. § 1030); (2) the CAN-SPAM Act
(15 U.S.C. § 7704): (3) the Lanham Act (15 U.S.C. §§ 1114(a)(1). 1125(a). (c)); and (4) the
common law of trespass, unjust enrichment, conversion, and negligence. Microsoft has moved
exparte for an emergency temporary restraining order and an order to show cause why a
preliminary injunction should not be granted pursuant to Rule 65(b) of the Federal Rules ofCivil
Procedure and the All-Writs Act. 28 U.S.C. § 1651.
FINDINGS
The Court has considered the pleadings, declarations, exhibits, and memorandum filed in
support of Microsoft's motion and finds that:
I. This Court hasjurisdiction over the subject matter of this case and there is good
cause to believe that it will have jurisdiction over all parties thereto: the Complaint states a
- 1 -EX PARTE TRO AND ORDER TO SHOW
CAUSE RE PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 14 Filed 09/22/11 Page 1 of 9 PageID# 711
IN T I-iE UN IT EJ) STATES J)I STRI CT C O URT FOR TI-IE EASTElm J)I STRI CT OF VIRG INIA
Alexandria Division
MICROSOFT CORPORATION_ a Washi ngton corporation.
Plainlil[
v_
DOM IN IQ UE ALEXAN DER rATrI. an individual: DOTFREE G ROU P S.R.O __ a Czech limited liability company, JOHN DOES 1-22. CONTRO LLING A COM PUTER 1l0TNET TI IERE Il Y INJU RI NG MICROSOFT AN D ITS CUSTOMERS
Defendants.
)
) ) ) ) ) ) ) ) ) ) ) ) ) )
-------------------------)
Civil Action No: \ : \ \ C v \ 0 \ '\
FILEJ) UN J)ER SEAL
EX PAIITETEMI'ORARY REST RAI NING ORJ) ER ANJ) OllDEI~ TO S I-IOW CAUSE RE PRELIM INA RY INJ UNCTION
Plaintiff M icrosoft Corp. ("M icrosoft") has file a complaint for injunctive and other relief
pursuant to: ( I ) the Computer Fraud and Abuse Act (18 U.S.C. § 1030); (2) the CIIN-SPAM Ac t
(15 U.S.c. § 7704); (3) the Lanham IIct ( 15 U .S.c. §§ I 114(a)( I). I 125 (a). (c ) : and (4) the
common law of trespass. unjust enrichment. conversion. and negligence. tv! icrosoli has moved
c'X parle lor an emergency temporary restraini ng order and an order to show cause why a
preliminary injunction should nOI be granted pursuant to Rule 65(b) of the Federal Rules of Civi l
Procedure and the All-Writs Act. 28 U.S.c. § 1651.
FINDINGS
The Court has considered the pleadings. declarations. exhibits, and memorandum filed in
support of Microsoli's motion and finds that:
I. This Court has jurisdiction over the subjcct mailer of this case and there is good
calise to believe that it will have jurisdict ion over all parties thereto: the Complaint states a
- I - EX I'AHTE mU,\NDOHDER rOSHOW C,\ USE I{E I'f{EUMIN,\ltY INJUNCTIU:-.r
Case 1:11-cv-01017-JCC -IDD Document 14 Filed 09/22/11 Page 2 of 9 PageID# 712
claim upon relief may be granted against Defendants under the Computer Fraud and Abuse Act
(18 U.S.c. § 1030), CAN-SPAM Act (15 U.S.C. § 7704), Electronic Communications Privacy
Act (18 U.S.C. § 2701), the Lanham Act (15 U.S.C. § 1125), common law trespass to chattels.
unjust enrichment. conversion, and negligence.
2. There is good cause to believe that Defendants have engaged in and are likely to
engage in acts or practices that violate the Computer Fraud and Abuse Act (18 U.S.C. § 1030).
CAN-SPAM Act (15 U.S.C. § 7704), Electronic Communications Privacy Act (18 U.S.c. §
270 I), the Lanham Act (15 U .S.C. § 1125), common law trespass to chattels, unjust enrichment,
conversion, and negligence, and that Microsoft is, therefore, likely to prevail on the merits of
this action;
3. There is good cause to believe that, unless the Defendants are restrained and
enjoined by Order of this Court, immediate and irreparable harm will result from the
Defendants' ongoing violations of the Computer Fraud and Abuse Act (18 U.S.C. § 1030),
CAN-SPAM Act (15 U.S.C. § 7704), Electronic Communications Privacy Act (18 U.S.c. §
2701). the Lanham Act (15 U .S.C. § 1125), common law trespass to chattels, unjust enrichment,
conversion, and negligence. The evidence set forth in Microsoft's Brief in Support of
Application for a Temporary Restraining Order and Order to Show Cause Re Preliminary
Injunction ("TRO Motion"), and the accompanying declarations and exhibits, demonstrates that
Microsoft is likely to prevail on its claim that Defendants have engaged in violations of the
toregoing law by:
a. intentionally accessing and sending malicious code to Microsoft's and its
customers' protected computers and operating systems, without authorization, in
order to infect those computers and make them part of the botnet;
b. sending malicious code to configure, deploy and operate a botnet;
c. sending unsolicited spam email to Microsoft's Hotmail accounts;
d. collecting personal information, including personal email addresses; and
e. delivering malicious code.
- 2 - EX PARTE TRO AND ORDER TO SHOW CAUSE RE PRF.LlMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 14 Filed 09/22/11 Page 3 of 9 PageID# 713
4. There is good cause to believe that if such conduct continues, irreparable harm
will occur to Microsoft, its customers, and the public. There is good cause to believe that the
Defendants will continue to engage in such unlawful actions if not immediately restrained from
doing so by Order of this Court;
5. There is good cause to believe that immediate and irreparable damage to this
Court's ability to grant effective tinal relief will result from the sale, transfer, or other
disposition or concealment by Defendants of the IP addresses and Internet domains at issue in
Microsoft's TRO Motion and other discoverable evidence of Defendants' misconduct available
through such IP addresses and Internet domains if the Defendants receive advance notice of this
action. Based on the evidence cited in Microsoft's TRO Motion and accompanying declarations
and exhibits, Microsoft is likely to be able to prove that:
a. Defendants are engaged in activities that directly violate United States law and
harms Microsoft, its customers and the public;
b. Defendants have continued their unlawful conduct despite the clear injury to
Microsoft, its customers, and the public;
c. Defendants are likely to relocate the information and evidence of their misconduct
stored at the IP addresses and Internet domains at issue in Microsoft's TRO
Motion and the harmful and malicious code disseminated through these IP
addresses and Internet domains; and
d. Defendants are likely to warn its associates engaged in such activities if informed
of Microsoft's action.
6. Microsoft's request for this emergency ex parte relief is not the result of any lack
of diligence on Microsoft's part, but instead based upon the nature of Defendants' unlawful
conduct. Therefore, in accordance with Fed. R. Civ. P. 65(b), Civil L.R. 65-1 and the All-Writs
Act. 28 U .S.C. § 1651, good cause and the interest of justice require that this Order be Granted
without prior notice to Defendants, and accordingly, Microsoft is relieved of the duty to provide
Defendants with prior notice of Microsoft's motion;
- 3 -EX PARTE TRO AND ORDER TO SIIOW
CAUSE RE PRELIMINARY INJUNCflON
Case 1:11-cv-01017-JCC -IDD Document 14 Filed 09/22/11 Page 4 of 9 PageID# 714
7. There is good cause to believe that Defendants have engaged in illegal activity
lIsing the IP addresses and the .com and .cc domains that are maintained by the top level domain
registry Veri sign, located in the United States and the Eastern District of Virginia.
8. There is good cause to believe that to immediately halt the injury caused by
Defendants, the hosting companies, IP registries, domain registries and domain registrars set
forth in Appendices A and B, must be ordered, at 3:00 a.m. Eastern Daylight Time on
September 26,20 I I or such other date and time as requested by Microsoft within seven days of
this Order:
a. to immediately take all steps necessary to lock at the registry level the domains at
issue in the TRO Motion, and which are set forth at Appendix A hereto. to ensure
that changes to the domain names cannot be made absent a court order;
b. to immediately take all steps required to propagate the foregoing domain registry
changes to domain name registrars; and
c. to hold the domains in escrow and take all steps necessary to ensure that the
evidence of misconduct available through the domains be preserved.
d. to immediately take all steps necessary to disable access to the IP addresses at
issue in the TRO Motion, and which are set forth at Appendix B hereto, to ensure
that access to the IP addresses cannot be made absent a court order;
9. There is good cause to permit notice of the instant order, notice of the Preliminary
(njunction hearing and service of the Complaint by formal and alternative means, given the
exigency of the circumstances and the need for prompt relief. The following means of service
are authorized by law, satisfy Due Process, satisfy Fed. R. Civ. Pro. 4(1)(3) and are reasonably
calculated to notity Defendants of the instant order, the Preliminary Injunction hearing and of
this action: (I) personal delivery through the Hague Convention on Service Abroad or similar
treaties upon defendants who provided contact information in toreign countries that are
signatory to such treaties, (3) transmission by email.facsimile.mail and/or personal delivery to
the contact information provided by Defendants to their domain name registrars and as agreed to
- 4- EX I'ARTETROANDORDER TO SHOW CAUSE RE PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 14 Filed 09/22/11 Page 5 of 9 PageID# 715
by Detendants in their domain name registration agreements, (4) publishing notice on a
publically available Internet website andlor in newspapers in the communities where Defendants
are believed to reside.
TEMPORARY RESTRAINING ORDER AND ORDER TO SHOW CAUSE
IT IS THEREFORE ORDERED that, Defendants and their representatives are
temporarily restrained and enjoined from intentionally accessing and sending malicious software
or code to Microsoft's and its customers protected computers and operating systems, without
authorization, in order to infect those computers and make them part of the Kelihos botnet,
sending malicious code to configure, deploy and operate a botnet, sending unsolicited spam
email to Microsoft's email and messaging accounts and services, sending unsolicited spam email
that falsely indicates that they originated from Microsoft or are approved by Microsoft or are
trom its email and messaging accounts or services, collecting personal information including
personal email addresses, delivering malicious code including fake antivirus software, or
undertaking similar activity that inflicts harm on Microsoft, its customers, or the public.
IT IS FURTHER ORDERED that, Defendants and their representatives are temporarily
restrained and enjoined from configuring, deploying, operating or otherwise participating in or
facilitating the botnet described in the TRO Motion, including but not limited to the command
and control software hosted at and operating through the IP addresses and domains set forth
herein and through any other component or element of the botnet in any location.
IT IS FURTHER ORDERED that Defendants and their representatives are temporarily
restrained and enjoined from using the "Microsoft," "Windows," "Hotmail;' "Windows Live"
and "MSN" trade names, trademarks or service marks, in Internet Domain addresses or names, in
content or in any other infringing manner or context, or acting in any other manner which
suggests in any way that Defendants' products or services come from or are somehow sponsored
or aniliated with Microsoft, and from otherwise unfairly competing with Microsoft.
misappropriating that which rightfully belongs to Microsoft. or passing off their goods as
Microsoft's.
- 5 -EX PARTE TRO AND ORDER TO SHOW
CAUSE RE PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 14 Filed 09/22/11 Page 6 of 9 PageID# 716
IT IS FURTHER ORDERED that the domain registries and registrars set torth in
Appendix A must:
u. immediately take all steps necessary to lock at the registry level the domains at
issue in the TRO Motion. an which are set forth at Appendix A hereto, to ensure
that changes to the domain names cannot be made absent a court order;
b. immediately take all steps required to propagate to the toregoing domain registry
changes to domain name registrars; and
c. hold the domains in escrow and take all steps necessary to ensure that the
evidence of misconduct available through the domains be preserved.
d. Shall completely refrain from providing any notice or warning to, or
communicating in any way with Defendants or Detendants' representatives and
shall refrain from publicizing this Order until this Order is executed in full, except
as explicitly provided for in this Order;
u. Shall save all communications to or from Detendants or Detendants'
Representatives and/or related to the domains set torth in Appendix A;
c. Shall preserve and retain all records and documents associated with Defendants'
or Defendants' Representatives' use of or access to the domains set forth in
Appendix A, including billing and contact information relating to the Defendants
or Defendants' representatives using these servers and all logs associated with
these servers.
IT IS FURTHER ORDERED that the Internet hosting and service providers identified
in Appendix B to this order:
b. Shall immediately take all reasonable steps necessary to completely block all
access by Defendants. Defendants' representatives, resellers. and any other person
or computer to the IP addresses set forth in Appendix B, except as explicitly
provided for in this Order;
- 6 -EX PARTE TRO AND ORDER TO SIIOW
CAUSE RE PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 14 Filed 09/22/11 Page 7 of 9 PageID# 717
c. Shall immediately and completely disable the computers, servers, electronic data
storage devices, sottware, data or media assigned to or otherwise associated with
the IP addresses set forth in Appendix B and make them inaccessible from any
other computer on the Internet, any internal network, or in any other manner. to
Defendants, Defendants' representatives and all other persons, except as
otherwise ordered herein;
d. Shall immediately, completely, and until further order of this Court, suspend all
services associated with the IP addresses set forth in Appendix B;
c. Shall not enable. and shall take all reasonable steps to prevent. any circumvention
of this order by Defendants or Deftmdants' representatives associated with the IP
addresses or any other person;
f. Shall disable, and shall deny to Defendants and Defendants' representatives,
access to any and all "backup" systems, arrangements or services that might
otherwise be used to support the IP addresses set forth in Appendix B or that
might otherwise be used to circumvent this Order;
g. Shall log all attempts to connect to or communicate with the IP addresses set forth
in Appendix B;
h. Shall save all communications to or from Defendants or Defendants'
Representatives and/or related to the IP addresses set forth in Appendix B;
1. Shall preserve and retain all records and documents associated with Defendants'
or Defendants' Representatives' use of or access to the IP addresses set forth in
Appendix B, including billing and contact information relating to the Defendants
or Defendants' representatives using these servers and all logs associated with
these servers;
j. Shall completely refrain from providing any notice or warning to, or
communicating in any way with Defendants or Defendants' representatives and
- 7 -EX PARTE TRO AND ORDER TO SIIOW
CAUSE RE PRELIMINARY INJUNCnON
Case 1:11-cv-01017-JCC -IDD Document 14 Filed 09/22/11 Page 8 of 9 PageID# 718
shall refrain from publicizing this Order until this Order is executed in full, except
as explicitly provided for in this Order;
IT IS FURTHER ORDERED that Internet hosting and service providers identified in
Appendix B to this Order:
a. Shall immediately identify and create a written list of domains, if any, hosted
at the IP addresses set forth in Appendix B; shall transfer any content and
software associated with such domains to IP addresses not listed in Appendix
B; and shall notify the domain owners of the new IP addresses, and direct the
domain owners to contact Microsoft's Counsel, Gabriel M. Ramsey, Orrick
Herrington & SutclitTe, 1000 Marsh Road, Menlo Park, CA 90425-1015,
(Tel: 650-614-7400), to facilitate any follow-on action.
b. Shall produce to Microsoft documents and information sufficient to identitY
and contact Defendants and Defendants' representatives operating or
controlling the IP addresses set forth in Appendix B, including any and all
individual or entity names, mailing addresses, e-mail addresses, facsimile
numbers and telephone numbers or similar contact information, including but
not limited to such contact information retlected in billing, usage and contact
records.
IT IS FURTHER ORDERED that copies of this Order, notice of the Preliminary
Injunction hearing and service of the Complaint may be served by any means authorized by
law, including (1) by personal delivery upon defendants who provided contact information in
the U.S.; (2) personal delivery through the Hague Convention on Service Abroad upon
defendants who provided contact information outside the U.S.; (3) by transmission by e
mail, facsimile and mail to the contact information provided by defendants to the data
centers, Internet hosting providers and domain registrars who hosted the software code
associated with the domains and IP addresses set forth at Appendices A and B; and (4) by
- 8 - EX PARTE TRO AND ORDER TO SIIOW CAUSE RE PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 14 Filed 09/22/11 Page 9 of 9 PageID# 719
publishing notice 10 Dc rendallls on a publi cly avai lab le Internet webs ite and/or in
11\!\Vspapers in the communities in which Delendants arc believed to reside .
IT IS FURTHER ORD ERED. pursuant to Fedeml Rule or Civil Procedure 65(b) O~ 19~5--..-u> 11 oY-fD :$o f\;M f! .
thm the Defendants sha ll appear before this Court within 1 'I dB) 5 fl Oll1 the llate of th is e rder. f/
to show calise. irthe re is any. why Ihis COU rl should not enter a Preliminary Injunction.
pending lina l ru ling on the Complaint against the Defendants. enjo in ing them li'om the
conduct temporari ly restrained by the preceding provisions of thi s Order.
IT IS FURTHER ORDERED thm rvticrosoft shall post bond in the amount or
S I 0.000 as cash to be paid into the Court regi stry.
IT IS FURTHER ORDERED that the Defendants shall tile with the Court and
serve on ;vlic rosoWs counsel any answering affidav its. pleadings, mot ions. t:xpert reports or
declarations and/or legal memoranda no later than four (4) da ys prior 10 the hearing on
Microsolt·s request for a preliminary injunction. Microsoft may file responsive or
supplemental pleadings, materi als. affidavits, or memoranda wi th the Court and serve the
same on cOllnsel lo r the Defendants no later than one (I) day prior to the preliminary
inj unction hearing in this mailer. Provided that service shall be pcrfonned by personal or
overn ight delivery. facsimile or electronic mail , and documents shall be delivered so Ihat
they shall be received by the other parties no late r than 4:00 p.m. (Eastern Standard Time) on
the appropri atc dates listed in thi s paragruph.
IT IS SO Q RDERED fJames C. Cacheris . _ . /) 'lJ" . ' '1 d States District 1udge Entered thiS _r_ day o f September. 2011. n_l_c __________ _
United States District Judgc
/0 :1'1 ~}1.
Is!
E J)-:I.
- 9 - I.:X r','RTETRO ,'NI)OHDER rosllow C,' USE RE I'RELIMINA I{Y INJUNC."ION
IN THE UNITED STATES DISTRICT COURT
FOR THE EASTERN D
Alexandri
MICROSOFT CORPORATION, aWashington corporation,
Plaintiff,
DOMINIQUE ALEXANDER PIATTI, anindividual; DOTFREE GROUP S.R.O., aCzech limited liability company, JOHNDOES 1-22, CONTROLLING ACOMPUTER BOTNET THEREBYINJURING MICROSOFT AND ITSCUSTOMERS
Defendants.
STRICT OF VIRGINIA
a Division
Civil Action No: 1:1 lev1017 (JCC/IDD)
CONSENT PRELIMINARY INJUNCTION
PlaintiffMicrosoftCorp. ("Microsoft") has filed a complaint for injunctiveand other
relief pursuant to: (1) the Computer Fraudand Abuse Act (18 U.S.C. § 1030); (2) the CAN-
SPAM Act (15 U.S.C. § 7704); (3) the Lanham Act (15 U.S.C. §§ 1114(a)(1), 1125(a), (c)); and
(4) thecommon lawof trespass, unjust enrichment, conversion, and negligence. Microsoft has
moved for a preliminary injunction pursuant to Rule 65(b)of the Federal Rules of Civil
Procedure and the All-Writs Act, 28 U.S.C. § 1651.
FINDINGS
Findings Regarding The Domain "CZ.CC"
With respect to the internetdomainname"cz.ee," one of the domains that is the subject
of Microsoft's motion for a preliminary injunction, the Court makes the following findings:
1. Plaintiff Microsoft and Defendants Dominique Piatti and dotFree Group s.r.o.,
havejointly advised the Court that the parties have reached agreement regarding the disposition
of the "cz.ee" domain during the pendency of this action. Microsoft, Dominique Piatti and
1 PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 1 of 13 PageID# 1266
IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF VIRGINIA
Alexandria Division
MICROSOFT CORPORATION, a Washington corporation,
Plaintiff,
v.
DOMINIQUE ALEXANDER PIA TTl, an individual; DOTFREE GROUP S.R.O., a Czech limited liability company, JOHN DOES 1-22, CONTROLLING A COMPUTER BOTNET THEREBY INJURING MICROSOFT AND ITS CUSTOMERS
Defendants.
) ) ) ) ) ) ) ) ) ) ) ) ) ) )
-----------------------------)
Civil Action No: 1:llcvlO17 (JCC/IDD)
CONSENT PRELIMINARY INJUNCTION
Plaintiff Microsoft Corp. ("Microsoft") has filed a complaint for injunctive and other
relief pursuant to: (I) the Computer Fraud and Abuse Act (18 U.S.C. § 1030); (2) the CAN
SPAM Act (IS U.S.C. § 7704); (3) the Lanham Act (IS U.S.C. §§ I I 14(a)(I), 1125(a), (c»; and
(4) the common law of trespass, unjust enrichment, conversion, and negligence. Microsoft has
moved for a preliminary injunction pursuant to Rule 65(b) of the Federal Rules of Civil
Procedure and the All-Writs Act, 28 U.S.C. § 1651.
FINDINGS
Findings Regarding The Domain "CZ.CC"
With respect to the internet domain name "cz.cc," one of the domains that is the subject
of Microsoft's motion for a preliminary injunction, the Court makes the following findings:
1. Plaintiff Microsoft and Defendants Dominique Piatti and dotFree Group s.r.o.,
have jointly advised the Court that the parties have reached agreement regarding the disposition
of the "cz.cc" domain during the pendency of this action. Microsoft, Dominique Piatti and
- I - PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 2 of 13 PageID# 1267
dotFree Group have specifically advised the Court that such agreement includes provisions to
disable malicious subdomains and a process to verify the identities of sub-domain registrants,
and that Mr. Piatti and dotFree Group s.r.o. desire to comply with and adhere to the terms of that
agreement and this Order.
2. Plaintiff Microsoft and Defendants Dominique Piatti and dotFree Group s.r.o.
have jointly advised the Court that the parties stipulate to the Court's jurisdiction and authority to
enter the relief set forth herein regarding the domain "cz.cc," without waiver of any of the
parties' rights or positions in this action.
Findings Regarding Domains Registered By John Doe Defendants
The Court has considered the pleadings, declarations, exhibits, and memorandum filed in
support of Microsoft's motion and finds, with respect to Defendants John Does 1-22 that:
1. This Court has jurisdiction over the subject matter of this case and there is good
cause to believe that it will have jurisdiction over all parties thereto; the Complaint states a
claim upon which relief may be granted against John Doe Defendants under the Computer
Fraud and Abuse Act (18 U.S.C. § 1030), CAN-SPAM Act (15 U.S.C. § 7704), Electronic
Communications Privacy Act (18 U.S.C. § 2701), the Lanham Act (15 U.S.C. § 1125), common
law trespass to chattels, unjust enrichment, conversion, and negligence;
2. There is good cause to believe that John Doe Defendants have engaged in and are
likely to engage in acts or practices that violate the Computer Fraud and Abuse Act (18 U .S.C. §
1030), CAN-SPAM Act (15 U.S.C. § 7704), Electronic Communications Privacy Act (18
U.S.C. § 2701), the Lanham Act (15 U.S.C. § 1125), common law trespass to chattels, unjust
enrichment, conversion, and negligence, and that Microsoft is, therefore, likely to prevail on the
merits of this action;
3. There is good cause to believe that, unless the John Doe Defendants are enjoined
by Order of this Court, immediate and irreparable harm will result from the Defendants'
ongoing violations of the Computer Fraud and Abuse Act (18 U.S.C. § 1030), CAN-SPAM Act
(15 U.S.C. § 7704), Electronic Communications Privacy Act (18 U.S.C. § 2701), the Lanham
-2- PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 3 of 13 PageID# 1268
Act (15 U.S.C. § 1125), common law trespass to chattels, unjust enrichment, conversion, and
negligence. The evidence set forth in Microsoft's Brief in Support of Application for a
Temporary Restraining Order and Order to Show Cause Re Preliminary Injunction ("TRO
Motion"), and the accompanying declarations and exhibits, demonstrates that Microsoft is likely
to prevail on its claim that John Doe Defendants have engaged in violations of the foregoing law
by:
a. intentionally accessing and sending malicious code to Microsoft's and its
customers' protected computers and operating systems, without authorization, in
order to infect those computers and make them part of the botnet;
b. sending malicious code to configure, deploy and operate a botnet;
c. sending unsolicited spam email to Microsoft's Hotmail accounts;
d. collecting personal infonnation, including personal email addresses; and
e. delivering malicious code.
4. There is good cause to believe that if such conduct continues, irreparable hann
will occur to Microsoft, its customers, and the public. There is good cause to believe that the
John Doe Defendants will continue to engage in such unlawful actions if not immediately
restrained from doing so by Order of this Court;
5. There is good cause to believe that immediate and irreparable damage to this
Court's ability to grant effective final relief will result from the sale, transfer, or other
disposition or concealment by John Doe Defendants of the Internet domains at issue in
Microsoft's Motion for Preliminary Injunction and other discoverable evidence of John Doe
Defendants' misconduct available through such Internet domains if the John Doe Defendants
receive advance notice of this action. Based on the evidence cited in Microsoft's Motion for
Preliminary Injunction and accompanying declarations and exhibits, Microsoft is likely to be
able to prove that:
a. John Doe Defendants are engaged in activities that directly violate United States
law and harms Microsoft, its customers and the public;
- 3 - PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 4 of 13 PageID# 1269
b. John Doe Defendants have continued their unlawful conduct despite the clear
injury to Microsoft, its customers, and the public;
c. John Doe Defendants are likely to relocate the information and evidence of their
misconduct stored at the Internet domains at issue in Microsoft's Motion and the
harmful and malicious code disseminated through these Internet domains; and
d. John Doe Defendants are likely to warn its associates engaged in such activities if
informed of Microsoft's action.
6. Microsoft's request for this emergency ex parle relief is not the result of any lack
of diligence on Microsoft's part, but instead based upon the nature of John Doe Defendants'
unlawful conduct.
7. There is good cause to believe that John Doe Defendants have engaged in illegal
activity using domains that are maintained by the top level domain registry Verisign, located in
the United States and the Eastern District of Virginia.
8. There is good cause to believe that to immediately halt the injury caused by John
Doe Defendants, the domain registries and domain registrars set forth in Appendix A in relation
to all domains other than Cz.cc, must be ordered:
a. to immediately take all steps necessary to lock at the registry level and to place on
registry hold all of the domains set forth at Appendix A hereto (except for
"cz.cc"), to ensure that such domains are disabled during the pendency of this
action and that changes to the domain names cannot be made absent a court order;
b. to immediately take all steps required to propagate the foregoing domain registry
changes to domain name registrars; and
c. to hold the domains in escrow and take all steps necessary to ensure that the
evidence of misconduct available through the domains be preserved.
9. There is good cause to permit notice of the instant order and service of the
Complaint by formal and alternative means, given the exigency of the circumstances and the
need for prompt relief. The following means of service are authorized by law, satisfy Due
-4- PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 5 of 13 PageID# 1270
Process, satisfy Fed. R. Civ. Pro. 4(1)(3) and are reasonably calculated to notify Defendants of
the instant order and of this action: (1) personal delivery through the Hague Convention on
Service Abroad or similar treaties upon defendants who provided contact information in foreign
countries that are signatory to such treaties, (2) transmission by email.facsimile.mail and/or
personal delivery to the contact information provided by Defendants to their domain name
registrars and as agreed to by Defendants in their domain name registration agreements, (3)
publishing notice on a publically available Internet website and/or in newspapers in the
communities where Defendants are believed to reside.
PRELIMINARY INJUNCTION
IT IS THEREFORE ORDERED that Plaintiff Microsoft and Defendants Dominique
Piatti and dotFree Group s.r.o. are directed to adhere strictly to the terms ofthe agreement
between them regarding disposition of the domain "cz.cc" during the pendency of this action, to
prevent the irreparable harm that has been caused by others through the "cz.cc" internet domain
name. In particular, Plaintiff Microsoft and Defendants Dominique Piatti and dotFree Group are
directed to adhere strictly to the provisions of the agreement regarding disablement of malicious
subdomains and provisions concerning a process to verify the identities of sub-domain
registrants.
IT IS THEREFORE ORDERED that, John Doe Defendants and their representatives
are temporarily restrained and enjoined from intentionally accessing and sending malicious
software or code to Microsoft's and its customers protected computers and operating systems,
without authorization, in order to infect those computers and make them part of the Kelihos
botnet, sending malicious code to configure, deploy and operate a botnet, sending unsolicited
spam email to Microsoft's email and messaging accounts and services, sending unsolicited spam
email that falsely indicates that they originated from Microsoft or are approved by Microsoft or
are from its email and messaging accounts or services, collecting personal information including
personal email addresses, delivering malicious code including fake antivirus software, or
undertaking similar activity that inflicts harm on Microsoft, its customers, or the public.
- 5- PRELIMINARY INJUNCfION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 6 of 13 PageID# 1271
IT IS FURTHER ORDERED that, John Doe Defendants and their representatives are
temporarily restrained and enjoined from configuring, deploying, operating or otherwise
participating in or facilitating the botnet described in the TRO Motion, including but not limited
to the command and control software hosted at and operating through the domains set forth
herein and through any other component or element of the botnet in any location.
IT IS FURTHER ORDERED that John Doe Defendants and their representatives are
temporarily restrained and enjoined from using the "Microsoft," "Windows," "Hotmail,"
"Windows Live" and "MSN" trade names, trademarks or service marks, in Internet Domain
addresses or names, in content or in any other infringing manner or context, or acting in any
other manner which suggests in any way that John Doe Defendants' products or services come
from or are somehow sponsored or affiliated with Microsoft, and from otherwise unfairly
competing with Microsoft, misappropriating that which rightfully belongs to Microsoft, or
passing off their goods as Microsoft's.
IT IS FURTHER ORDERED that the domain registries and registrars set forth in
Appendix A must:
a. immediately take all steps necessary to lock at the registry level and to place on
registry hold all of the domains set forth at Appendix A hereto (except for
"cz.cc"), to ensure that such domains are disabled during the pendency of this
action and that changes to the domain names cannot be made absent a court order;
b. to immediately take all steps required to propagate the foregoing domain registry
changes to domain name registrars; and
c. to hold the domains in escrow and take all steps necessary to ensure that the
evidence of misconduct available through the domains be preserved.
d. Shall save all communications to or from Defendants or Defendants'
Representatives and/or related to the domains set forth in Appendix A;
e. Shall preserve and retain all records and documents associated with Defendants'
or Defendants' Representatives' use of or access to the domains set forth in
-6- PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 7 of 13 PageID# 1272
Appendix A, including billing and contact infonnation relating to the Defendants
or Defendants' representatives using these servers and all logs associated with
these servers.
IT IS FURTHER ORDERED that copies of this Order and service of the Complaint
may be served by any means authorized by law, including (1) by personal delivery upon
defendants who provided contact infonnation in the U.S.; (2) personal delivery through the
Hague Convention on Service Abroad upon defendants who provided contact infonnation
outside the U.S.; (3) by transmission bye-mail, facsimile and mail to the contact infonnation
provided by defendants to domain registrars through which the domains set forth at Appendix A
were registered; and (4) by publishing notice to Defendants on a publicly available Internet
website and/or in newspapers in the communities in which Defendants are believed to reside.
IT IS FURTHER ORDERED that Microsoft shall post bond in the amount of
$10,000 as cash to be paid into the Court registry.
IT IS SO ORDERED () A .........:; lsi
¥ '\1(\./ ~a~es C. Cacheris
/ ~ Umted States District Judge
Entered this _,,_ day of October, 2011. James C. Cacheris United States District Judge
-7- PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 8 of 13 PageID# 1273
WE ASK FOR THIS:
1A-~ ~ ~ REBECCA L. MROZ- c::7 Va. State Bar No. 77114 CHRISTOPHER M. O'CONNELL Va. State Bar No. 65790 Attorneys for Plaintiff Microsoft Corp. ORRICK, HERRINGTON & SUTCLIFFE LLP 1152 15th Street, N.W. Washington, D.C. 20005-1706 Telephone: (202) 339-8400 Facsimile: (202) 339-8500 bmroz(a),orrick.com [email protected]
Of counsel:
GABRIEL M. RAMSEY (pro hac vice) JACOB M. HEATH (pro hac vice) Attorneys for Plaintiff Microsoft Corp. ORRICK, HERRINGTON & SUTCLIFFE LLP 1000 Marsh Road Menlo Park, CA 94025 Telephone: (650) 614-7400 Facsimile: (650) 614-7401 [email protected] [email protected]
Counsel fOr PlaintiffMicrosofi Corp.
a2r. fA -R '\ ( Da (".IIh J sT. Bacon Va. Bar No. 22146 Warner F. Young, III Va. Bar No. 24259 Attorneys for Defendants Dominique A. Piatti and dotFree Group s.r.o. Allred, Bacon, Halfhill & Young, PC 11350 Random Hills Road, Ste. 700 Fairfax, Virginia 22030 Tel.: (703) 352-1300 Fax: (703) 352-1301 [email protected] [email protected]
Counsel fOr Defendants Dominique A. Piatt; and dotFree Group s.r.o.
- 8- PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 9 of 13 PageID# 1274
APPENDIX A Domain Names Of Domain Rq~ist'1' And Registrant Information
Command And Regis t ."a '"S
Contml SCI"H.'I"S
cz.cc Veri sign Naming Services Dominique Alexander Piatti 21345 Ridgetop Circle dotFree Group s.r.o. 4th Floor prazska 636 Dulles, Virginia 20166 Dolni Brezany
Praha-Zapad Moniker Online Services, Inc. I 25241 Moniker Online Services LLC Czech Republic 20 SW 27'h Ave, [email protected] Suite 201 Pompano Beach, Florida 33069 Dominique Piatti
Postfach 127 Guemligen Bern 3073 Switzerland Dominique j>[email protected]
bricord.com Verisign Naming Services Private Whois bricord.com 21345 Ridgetop Circle c/o bricord.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
fI yzOmt4db6aa I [email protected] Internet.bs Corp. oq9wmmx4db6aa I [email protected] 98 Hampshire Street n8h23 tc4db6aa 1 b675 f5@oqjij874d9300d54bd9 5 .privatewhois.net N-4892 Nassau The Bahamas
bevvyky.com Veri sign Naming Services Private Whois bevvyky.com 21345 Ridgetop Circle clo bevvyky.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
[email protected] Internet.bs Corp. [email protected] 98 Hampshire Street kh9 I bdf4e3 [email protected] N-4892 Nassau The Bahamas
carbili.com Verisign Naming Services Private Whois carbili.com 21345 Ridgetop Circle c/o carbili.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Int5 finn4daJ 3006da6ad@oqjij874d9300dS4bd9 5 .pri vatewhois.net Intemet.bs Corp. [email protected] 98 Hampshire Street [email protected] N-4892 Nassau The Bahamas
-9- PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 10 of 13 PageID# 1275
codfirm.com Verisign Naming Services Private Whois codtirm.com 21345 Ridgetop Circle c/o codtirm.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. [email protected] 98 Hampshire Street otqbyon4da5e55a480d4@oqj ij874d9300d54bd95.privatewhois.net N-4892 Nassau k I [email protected] The Bahamas
dissump.com Verisign Naming Services Private Whois dissump.com 21345 Ridgetop Circle c/o dissump.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. itamzr [email protected] 98 Hampshire Street [email protected] N-4892 Nassau [email protected] The Bahamas
doloas.com Verisign Naming Services Private Whois doloas.com 21345 Ridgetop Circle c/o doloas.com 4th Floor N4892 Nassau Dulles. Virginia 20166 Bahamas
Intemet.bs Corp. sk2xcdp4db6aa I e I [email protected] 98 Hampshire Street satosfb4db6aa I e I [email protected] N-4892 Nassau ka94bx44db6aal e I [email protected] The Bahamas
editial.com Verisign Naming Services Private Whois editial.com 21345 Ridgetop Circle c/o editial.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. ugz6k834db6aa I [email protected] 98 Hampshire Street klabhbh4db6aa I be [email protected] N-4892 Nassau [email protected] The Bahamas
gratima.com Verisign Naming Services Private Whois gratima.com 21345 Ridgetop Circle c/o gratima.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. nmpzuvs4db6aa I [email protected] 98 Hampshire Street [email protected] N-4892 Nassau vmjy2s54db6aa I e99a3 [email protected] The Bahamas
hellohello 123 .com Verisign Naming Services Verisign Naming Services 21345 Ridgetop Circle Attn: VNDS Monitoring-East 4th Floor 21345 Ridgetop Circle Dulles, Virginia 20166 4th Floor
- 10- PRELIMINARY INJUNCfION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 11 of 13 PageID# 1276
Dulles. Virginia 20166 Intemet.bs Corp. 98 Hampshire Street N-4892 Nassau The Bahamas
knifell.com Verisign Naming Services Private Whois knifell.com 21345 Ridgetop Circle c/o knifell.com 41h Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Internet.bs Corp. nff7lac4db6aa I [email protected] 98 Hampshire Street f9rcd314db6aa 1 c61 [email protected] N-4892 Nassau [email protected] The Bahamas
lalare.com Verisign Naming Services Private Whois lalare.com 21345 Ridgetop Circle c/o lalare.com 4111 Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. qSsgyzx4da5e5 5abaOcb@oqjij874d9300d54bd9 5 .privatewhois.net 98 Hampshire Street gh8xk5h4da5e55abbc 1 [email protected] N-4892 Nassau fmci3dk4da5e55abb061 @oqjij874d9300d54bd95.privatewhois.net The Bahamas
magdali.com Verisign Naming Services Private Whois magdali.com 21345 Ridgetop Circle c/o magdali.com 41h Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Internet.bs Corp. nOvo7qm4da5e55b7a 191 @oqjij874d9300d54bd95.privatewhois.net 98 Hampshire Street bvdkatd4daSeS5b82230@oqjij874d9300d54bd9 5 .privatewhois.net N-4892 Nassau w I [email protected] The Bahamas
partric.com Verisign Naming Services Private Whois partric.com 21345 Ridgetop Circle c/o partric.com 41h Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Internet.bs Corp. [email protected] 98 Hampshire Street t9js2644db6aa 1 d2dO [email protected] N-4892 Nassau [email protected] The Bahamas
restonal.com Verisign Naming Services Private Whois restonal.com 21345 Ridgetop Circle c/o restonal.com 41h Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. [email protected] 98 Hampshire Street [email protected] N-4892 Nassau ck I [email protected] The Bahamas
- II - PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 12 of 13 PageID# 1277
subcosLcom Verisign Naming Services Private Whois subcosLcom 21345 Ridgetop Circle c/o subcosi.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. IzOxca94da5e5 59c6462@oqj ij 8 7 4d9 300d54bd95. privatewhois.net 98 Hampshire Street [email protected] N-4892 Nassau zzhu7vv4da5e559c7b9b@oqj ij874d9300d54bd95.privatewhois.net The Bahamas
uncter.com Verisign Naming Services Private Whois uncter.com 21345 Ridgetop Circle c/o uncter.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. cv4 7vj f4daSe55be390 [email protected] 98 Hampshire Street cvvnij f4da5e5 5 be5bfl @oqjij874d9300d54bd95.privatewhois.net N-4892 Nassau Ikvy5 [email protected] The Bahamas
wargalo.com Verisign Naming Services Private Whois wargalo.com 21345 Ridgetop Circle c/o wargalo.com 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. dyOstoh4db6aa I da2eda@oqjij874d9300d54bd9 5 .privatewhois.net 98 Hampshire Street o2j tj p64db6aa I da 7 522@oqjij8 7 4d9300d54 bd95. privatewhois.net N-4892 Nassau ty3s2ct4db6aa I [email protected] The Bahamas
wonnetal.com Verisign Naming Services Private Whois wormetal.com 21345 Ridgetop Circle c/o wormetal.com 4tl1 Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. u5248i34db6aa 1 [email protected] 98 Hampshire Street bjhll334db6aal [email protected] N-4892 Nassau oykewjr4db6aa 1 [email protected] The Bahamas
earplat.com Verisign Naming Services Private Whois earplat.com 21345 Ridgetop Circle c/o earplat.com 4tl1 Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
Intemet.bs Corp. x I giip [email protected] 98 Hampshire Street [email protected] N-4892 Nassau sbh8 ipe4e3 1563 107 e 77@oqjij874d9300d54bd9 5 .privatewhois.net The Bahamas
metapli.com Verisign Naming Services Private Whois metapli.com 21345 Ridgetop Circle c/o metaplLcom 4th Floor N4892 Nassau Dulles, Virginia 20166 Bahamas
- 12 - PRELIMINARY INJUNCTION
Case 1:11-cv-01017-JCC -IDD Document 26 Filed 10/12/11 Page 13 of 13 PageID# 1278
Intemet.bs Corp. pziinfc4e31 SSe 1 [email protected] 98 Hampshire Street yeij2yh4e31 SSe 1 [email protected] N-4892 Nassau zv2ea604e315Se 1 [email protected] The Bahamas
- 13 - PRELIMINAR Y INJUNCTION
' ; .
Richard A. Jacobsen (RJ5136) ORRICK, HERRINGTON & SUTCLIFFE LLP 51 West 52nd Street New York, New York 10019 Telephone: (212) 506-5000 Facsimile: (212) 506-5151
Gabriel M. Ramsey (pro hac vice application pending) ORRICK, HERRINGTON & SUTCLIFFE LLP 1000 Marsh Road Menlo Park, California 94025 Telephone: (650) 614-7400 Facsimile: (650) 614-7401
\
ORJGINAL DOCUMENT
Attorneys for Plaintiffs 1 n 3 e:_ MICROSOFT CORPORATION, .1 2 - iJ ~ <G; FS-ISAC, INC. and NATIONAL AUT OM _ :;' v, ;:::; CLEARING HOUSE ASSOCIATION . . .· \~~S' _ i:
KOdWJiN.;t P~ UNITED STATES DISTRICT COURT EASTERN DISTRICT OF NEW YORK
MICROSOFT CORP., FS-ISAC, INC., and NATIONAL AUTOMATED CLEARING HOUSE i ASSOCIATION, j
Plaintiffs V.
JOHN DOES 1-39 D/B/A Slavik, Monstr, 100, Null, nvidiag, zebra7753, lexa_Mef, gss, iceiX, Harderrnan, Gribodemon, Aqua, aquaSecond, it, percent, cpOI, hct, xman, Pepsi, miami, miamibc, petrOvich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx 1, Daniel Harnza, Danielbxl,jah, Jonni,jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits AND JabberZeus Crew CONTROLLING COMPUTER BOTNETS THEREBY INJURING PLAINTIFFS, AND THEIR CUSTOMERS AND MEMBERS,
Defendants.
. ~:=;- n .. ,.., r-~ G --< ,. ":D n1
.-::: "•-I ,---, ::1.: ::;;,; 0 ~;:· ::_: (:--:
(":·c. ?.'
Case No. 12: CIV
FILED UNDER SEAL
MANN. M.J.
PLAINTIFFS' EX PARTE APPLICATION FOR AN EMERGENCY TEMPORARY RESTRAINING ORDER, SEIZURE ORDER
AND ORDER TO SHOW CAUSE RE PRELIMINARY INJUNCTION
Case 1:12-cv-01335-SJ-RLM Document 12 Filed 03/19/12 Page 1 of 3 PageID #: 1333
' • Plaintiffs Microsoft Corporation ("Microsoft"), FS-ISAC, Inc., and the National
Automated Clearing House Association ("NACHA"), pursuant to Federal Rule of Civil
Procedure 65(b) and (c), the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the CAN
SPAM Act (15 U.S.C. § 7704), the Electronic Communications Privacy Act (18 U.S.C. § 2701),
the Lanham Act (15 U.S.C. § 1125), the Racketeer Influenced And Corrupt Organizations Act
(18 U.S.C. § 1962(c)), the common law, and the All Writs Act (28 U.S.C. § 1651), respectfully
apply to this Court for an emergency ex parte temporary restraining order, seizure order and
order to show cause why a preliminary injunction should not issue.
As discussed in Plaintiffs' brief in support of this Application, Plaintiffs request an order
disabling a number of Internet Domains and Internet Protocol (IP) addresses and seizing the
command and control servers and software by which Defendants control a harmful computer
"botnet." Botnets are computer networks made up of tens of thousands and sometimes millions
of end-user computers infected with malicious software that puts them under the control of
individuals and organizations who use them for illegal activities, including stealing end-users
financial information and other personal information, sending spam email, and infringing
companies' trademarks. The requested relief is necessary to halt the growth of the botnet that is
causing irreparable injury to Plaintiffs, Plaintiffs' customers and members, and the public. As
discussed in Plaintiffs' brief in support of this Application, ex parte relief is essential because if
Defendants are given prior notice they will be able to destroy, move, conceal, or otherwise make
inaccessible the facilities through which Defendants direct the harmful Zeus Botnets.
Plaintiffs' Application is based on this Plaintiffs' Brief In Support of this Application; the
Declarations of Mark De benham, Pamela Moore, William B. Nelson, Jesse D. Kornblum,
William Johnson, and Jacob M. Heath in support of Plaintiffs' Application and the exhibits
attached thereto; the pleadings on file in this action; and such argument and evidence as may be
2
Case 1:12-cv-01335-SJ-RLM Document 12 Filed 03/19/12 Page 2 of 3 PageID #: 1334
s/WFK
-· -·
'
presented at the hearing on this Application. Plaintiffs respectfully request that this Court grant
the Application, such that it is hereby:
I. ORDERED, that the above-named Defendants show cause before this Court, at
room / J( United States District Court House, Cadman Plaza East, Kings County, in the State
of New York, (}JA , March;?./, 2012, at ,/#: CJO o'cloc!J!.m., or as soon thereafter as
counsel may be heard, why an Order should not be issued pursuant to Rule 65 of the Federal
Rules of Civil Procedure granting Plaintiffs the relief sought in the Application; and it is further
2. ORDERED, that sufficient reason has been shown, pending the hearing of the
Application by Plaintiffs, pursuant to Rule 65 of the Federal Rules of Civil Procedure and that
the relief included under Plaintiffs' Proposed Order attached hereto be adopted.
SO ORDERED.
Q:b' Signed this J7_ day of March, 2012.
-/ I-- 6' ~
I UNITED STATES DISTRICT COURT JUDGE
3
Case 1:12-cv-01335-SJ-RLM Document 12 Filed 03/19/12 Page 3 of 3 PageID #: 1335
Richard A. Jacobsen (RJ5136) ORRICK. HERRINGTON & SUTCLIFFE LLP 51 West 52nd Street New York, New York 10019 TeleJll1One: (212) 506-!)OOO Facsimile: (212) 506-5151
Gabriel M. Ramsey (adtniUedpro hac vice) ORRICK, HERRINGTON & SUTCLIFFE LLP l000~Road Menlo Park, California 94025 Tel.llPh~: (il5(»6f4-7400 Faesill)iie: (65()) 614-1401
AiUJrneys for Plaintiffs ~OSOrrCORJ>ORA'OON, .. . FS-ISAC, iNC. ~NAT1ONAL AUTOMAtED CLEARINGHOUSE ASSOCIATION
UNITED· STATES QlSTlUCT COURT EASTERN DfSimIeT.OF NEW YORK ------------------------,
Plaintiffs v.
Defendants. 1 !
--------------~-j
FILED IN CLERK'S OFFICE
u.S DISTRICT COURT ED.NY
* MAR 2 9 2012 * BROOKLYN OFFICE
Hell, Sterling Johnson, Jr.
Case No. 12-cv-01335 (SJIRLM)
,
Courtesy Copy -I
Filed by ECF
(PROPOSED) ORDER FQR PRELIMINARY INJUNCTION:
.. Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 1 of 10 PageID #: 1598
Plaintiffs Microsoft Corp. ("Microsoft"), the FS-lSAC, Inc. (Financial Services
Information Sharing and Analysis Center) ("FS-ISAC"), and the National Automated Clearing
House Association (''NACHA'') «:oJlective~, the "Plaintiffs") filed a Complaint fo~ injunctive
and other reliefputSUatltto,rhe.Computer Fraudand Abuse Act (18 U.S.C. § 1030); the CAN
SPAM Act (IS U.S.Co § 7704);..the Electr01lieConnnJJDications Privacy Act (18 U.S.C. § 2701); i
Trademark Infringement, Fame DesignatiooofOrigin, and Trademark Dilution und¢r the
Lanham Act (15. U.S.C, §~ 1114el s.eq.); vlol~ofthe Racketeer Influenced an~ Corrupt
Oi:ganizations Act (18 00$£. § 19(2);andthe.t:0tn!!non law of trespass, conversionJ and unjust
enridunent. OnMarch 19, 20'12, the Court grantetlPlaintiffs' Application for an Erltergency , Temporary R'eStraini:ng~, SeizWte OrderandO!:der to Show Cause Re Prelimi~
Injunction. The Plaintiftlihavee,xecutedtlJatMkr. Plaintiff now lnOVe$ for an Oriler for
Preliminary ltijunctiOn~king to keep in placetbe relief granted by the March 19i1i Order, with
respIlctto the domallis, ~addresse$ and .file.pathsattllQhed hereto.
F~mtJ.i'MlT~CWSfQNSQFk.+W ,
Having reviewedthe·Pa~, declll\'jltjOris; "xbibIts,and memotiUldum filed iin support , ofP!aintiffs' Appli~fQfanamergeni:yTe!l!jlpl$y Restraining Order.,.Seizure brder,
;
and Order to :Show ~. for Preliminary' Injunction (''TRO ApplieatiOn"), the Couft hereby
makes the follOWing fmdings of iRetand cOfillllWonoflaw:
1. This CblUthal;jurisdictiortoVti'theSllbjectmatter of this_ and ~ is . I
good C8U$t: to~JieveUi!ltit:WiJl have jnriSdilltibll()vetail' parties hereto. the Complaint ;
states a claim upon wbichl'diet:may be granted. !IgaitJst Defi:ndants. un:4er the Com~uter . . .' . . . . '. " . '. . I
Fraud and Abuse ActO t U,S,C.§ 1030); theCAN-SPAM Act (15 U.S.C. § 7704 );!the I
Electronic ConnnunicanomPrivacy Ad (l8 u.S.C.g 2701); Trademark Infringem~nt,False
Designation of Origin. and Trademark Dilution under the Lanham Act (15 U.S.C. §J§ 1114 et I
seq.); the Racketeer Influeneedand Corrupt Organizations Act (18 U .S.C. § 1962); rod the !
common law oftrespass, C9Jlvetsion, and unjti&tenrichment.
2. Microsoft owns the registered trademarks "Microsoft," "Windows," ~d
2
Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 2 of 10 PageID #: 1599
"Outlook" used in connection with its services, software, and products. FS-ISAC's JIlembers
have invested in developing their brands, trademarks and trade names in assaciationlwith the
financial services they offer. NACHA owns .the registered trademark "NACHA" and the
NACHA logo used in conjU'llction with its services.
3. There is good cause to believe that Defendants have engagedbl and ~ likely
to engage in acts or practices that violate theCo~ flraudand Abuse Act (18 u.b.c. I
§ 1030); the CAN-SPAM Act(lS U.S.C.§ 7704T,itheElectronic Conununications ~rivacy
Act (18 U.S.C. § 2701); Tl"ltllemarkInfringemeat ~Desi~ation of Origin, and I Trademark Dilution undetthecLlmhamAct (150.S.C. {§ in4 el seq.); theRackete/rr
Influenced and ColTUpt Organizations Act (18 O;S.C, § 1962); and the.cmnmon 1a~ of
trespass, conversion, and unjUSt enricIunent ,
4. There is good cause to believe thlJt, unless {)efendants are r~ed poo enjoined by Order of tllis Court. immediatean.diu~lelwm wiltresuJ.t from
. I
Defendants' ongoing violatiensof the Compl!ctet: Fraud;lndAbuse Act (18 U.S.C. §I 1 030); I
the CAN-SPAM Act (15 U.S.C. § 7704); the Electrol!icCommunications Privacy A!ct (18
U.S.C. § 2701); Trademark htfringement, F~ ~n.Qf Origin, andTrade~ . I
Dilution under the Lanham ~ct(15 U.S.C. §§,ltI4,el'setJ.); theRack~ Influenc<fd and
Corrupt Organizations Act (18 U.$;C. § 1962); and the~JIlmOnJaw of trespass, co,version,
and unjust emicIunent. The .evidence set fortbin 'PfaUilitlr'TaO Application and cle I
accompanying declarationsllfid exhibits, demo~ that Plaintiffs are likely to ptvail on I
their claim that Defendants have engaged inviolali<msofthe foregoing laws by: (l~
intentionally accessing and ~ding ma1icious~ to the protected oontputers dnd !
operating systems of the customers or associated member organizations of Miefoso~, FS
ISAC, and NACHA, without authorization, in order to infect those computers and ~() them part of the Zeus Botnets; (2) ~ma1icioussoftware to configure. deploy +nd
I operate a botnet; (3) sending unsolicitedspRJll e.mail to Microsoft's Hotmail accowilts; (4)
sending unsolicited spam e·mails that falsely indicate that they are from or approvej! by
3
Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 3 of 10 PageID #: 1600
...
Plaintiffs or their associated member organizations, the purpose of which is to deceilVe
computer users into taking steps that will result in the infection of their computers ~th
botnet code and/or the disclosure of personal and financial a.ccount information; (5) Istealing !
personal and financial account information from computer users; (6) using stolen
information to steal money from the financial accounts of those users; and (7) associating !
with oneanothet in a common enterprise engaged. in these illegal acts. There jsgof canse
to believe that ifsuch conduct continues, irreparable harm will occur to Plaintiffsa¥ the
public, includiJlg l'laintiffs' customers and associated member organizations. Ther~ is good
cause tobelieve.that the. Defendants are engaging, and will continue40 engage, in +h I
unlawful actions if not immediately reStrained from doing SO by Order of this Court; I
5. There is good canse to believe that immediate and irreparable ~to this
Court's ability to grant effective final reJiefwilJ result from the sale, transfer, or o~ disposition llr concealment by Defendants of the botnet command.and control so~ that
I
is hosted atamf otherwise QPeTates through the In.ternet domains listed in Appendix!A, the I
Internet Ptotoool (JP) addresses listed. in AppendixB, and the file directories lisle<ir Exhibit I
C, and from the destru.. etion or concealment of OtherdisGolVerab. Ie .evidence ofDeferts'
misconduct available at thoSe locatiGilS.Based oil theevidtnce cited in Plaintiffs' to I
Application and acc.ompanying declarations and eXhibits, Plaintiffs are likely to be jlble to I
prove that: (l}Dofendants are engaged inactivities that~y villiate. U.S. law anh harm I
Plaintiffs 1Ulttthepublic, including Plaintiffs' eustornersandmember-Qrganiutronsl (2) I
Defendantshave oontinued their \1IIlawful cooduct despite the ciearinjury to the fo+going
'. . . .' . . " .' . i interests; (3) Defendants are likely to delete or relocate the botnet command and co"\1trol , SQftware at issue in Plaintiffs' no Application and the harmful, malicious, and tra~emark
i infringing software disseminated through these IP addresses and domains. I
6. There is gllod ClIIIOOtll believe that Defendants have engaged in ille!!lal
activity using the data centers and/or Internet hosting providers identified in Appendix B to
host the command and co.ntrol SQftware and the malicious botoet code and content t\sed tll
4
Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 4 of 10 PageID #: 1601
maintain and opemte the botnet at computers, servers, electronic data storage devices or
media at the IP addresses identified in Appendix B.
7. There is good cause to believe that to immediately halt the injury caJ1sed by
Defendants, data and evidence at Defendants' IF addresses identified in Appendix B must be
preserved and held in escrow pending further order of the court, Defendants' comptlting
resources related.to such IF addresses. must then be disconnected from the Internet, :
Defendants must be prohibited from accessing Defendants' computer resources tel~ed to , such IP addresses and the data and evidence located on those computer resources mPst be
secured and preserved.
8. There is good cause to believe that Defendants have engaged in iIIegill
activity using the Internet domains identified .in Appendix A to this order to host the
command and control software and content used to maQrtaln and operate the botned There is
good cause to believe that to immediately halt the injury caused by Pefendants, each of
Defendants' cUrrent and prospective domains setrorthin Appendix A must beimm&liately i
redirected to theM'1(lrosoft-securedIPaqdress 199 .2.137 .14l,llSing name servers
ns l.microsoflilltemetsafety .net and ns2.mtctosofiintemetsafety.net, or, altemativel~ the i
domain registries, registrars andlor registrants located or with a presence in the Uni'jed States
should take othei'reasonable steps to. work wjth Plaintiffs to eusure that Defendantsicannot I
use the AppeDdiItA dOmains to oohtrol1hebotneL Such reasGnable assistance in tJie implementatiOll.Qfthis Order and topreventfrllStrationofthc' implementation and ~ses
I of this Order, are authorized pursuantl028 U.S.C. § I 651 (a)(theAll Writs Act). i
9. This Court respectfully requests, butdoes not order, that foreign do~ain
registries and registrars take reasonable steps to work with Plaintiffs to ensure that '
Defendants cannot use the Appendix A domains to coutrol the botnet. I
10. There is good cause to perinitnotice of the instant Order and servicejofthe ,
Complaint by formal and alternative means, given the exigency of the circurnstanc~s and the i
need for prompt relief. The following means of service are authorized by law, sati~ Due
5
Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 5 of 10 PageID #: 1602
-
Process, satisfy Fed. R. Civ. Pro. 4(f)(3), and are reasonably calculated to notify Defendants
of the instant order, the Preliminary Injunction hearing and of this action: (1) personal
delivery upon Defendants who provided to the data centers and Internet hosting providers
contact information in the U.S.; (2) personal delivery Ihrough the Hague Convention on
Service Abroad or other treaties upt:lI1 Defendants who provided contact infonnation outside
the United States; (3) transmission by e-mail, electroruc messaging addresses, facsithile, and
mail to the known email and messagii!gaddressesofDefendants and to their contact
ittfonnalionpt~by Defemiants,to the domain registrars, registries, datacented, Internet
hosting provi(ler$, and *ebllife providers who hOSt the software code associated witl\ the 11'
addresses in Appendix B, or through which.dottl!lins in Appendix A are registered; </JId (4)
publishing noticefO the Defendants on a publicly ,available Internet website and in
newspapers in j~sdictions where Defendants are believed to reside.
11. There is gOWClUISe to believe thatthe·ham! to Plaintiffs of denying the relief
requested in1heir ~uestfota:Pl1:limmary JnjUllctiOil<1llt'weighs any harm to any· legitimate ,
interests of Defendants 8Ildth8t there is no. undue hmqen to any third party.
~MNADYBmJNC'nON
IT IS~RE ORDElUilllaslollows:
A. Defendants, their representatives8lld<f!er50nS who are in active concert or , , participati0n With them are tet!JP!)rariIy .restrainedandenjoined from: Intentionally!
accessing and sending malicious software.'tO Pl8intiffs 1!II\'l. the protected computers !md i
operating systems ofPlaintiffs'cu~' and asso¢iatedmember orgaruza.tions, v.tithout , ,
autborization,.in ordertoinfuctthosecomputersand.malce them part of the botnet; $ending [
malicious software to configure, deploy and operate a botnet; sending unsolicited SpaID e-
mail to Wcrosoft's Hotmail accounts; sendingunsoJicitedspam e-mail that falsely jndicate i
that they are from or approved by Plaintiffs or Plaintiffs' associated member orgallifBtions;
creating false websites that falsely indicate thaI they are associated with or approve4 by
Plaintiffs or Plaintiffs' member organizations; or stealing infonnation, money or pr~perty
6
Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 6 of 10 PageID #: 1603
from Plaintiffs, Plaintiffs' customers or Plaintiffs' member organizations, or undertaking any
similar activity that inflicts harm on Plaintiffs, or the. public, including Plaintiffs' cU/itomers
or associated member organizations.
B. Defendlurts, theirr~reselltlltives and persons who are in active concert or I
participation with them are temporarily re$lrained and enjoined from configuring, dfploying,
operating or otherwise participating iit .01" .illCilimting the botllets described in the r~o i
Application, inClulJing~ ~t lirnitedto fie OOlImland and eodol software hosted .t and •
operating throughthedllmains andlPaddresses set forth herein and through any ottjer
component or elmnentofthe botnetsfuanylncation. •
C. Defendants, their representatives and.personswbo are in active eoncft or
participationwith.them are tempotariLyrestrained and enjoined from using the trad_ks I
"Microsoft," "Windows," "Qutlook,""NACHA,''' the NACHAlogo, trademarks of pnancial
institution mentbeTs.ofFS-ISAC andIor.otherttademarks; trade1lllllles; servicema+; or
Internet Domain.addi'essesor llitmes~onrcting many other manner which ~ggests In any
way that Defelldattts' PJ:OdUllts or ~$ cornefrom,pt atesome!1\}w sponsored or!affiliated I
with PlaintiffsorPlaintitfs' asso¢jlJted~ organimtions,and from otherwise ~fairlY
co~~tingwith. ffaintiffs,:i~OPria1ing.·. :.. ..that. which rlgIrtfUI._ ·.1:. belongs to ~lainti+S ~r Plamtdfs' customers or Plaintitfs' ~d memberorgaQiz!ltiong, or passmg off~etr goods or serviCll$ asPlaintilifs Or P/alnt{ifs' a8$Oclate4m. ol1!lanizations. I
I
D. Defendartts, their ~tativesand persons who are in l'ICtive COl'ICfrt or
participation with th.ent are temporariLy restramedand enjoinedfrolll irtfrirtging PI+titfs'
registered ~ks, Registration NOs, ~$7270S, 115467641, ~463510, 3419145 ~d others.
E. Defendants, their representatives and persons who are in active conc~rt or
participation willi them are temporarily restrained and enjoined from using in connJction
with Defendant$' activities any:false or deceptive designation, representation or +Ption
of Defendants' or of their representatives' activities, whether by symbols, words, d~signs or . ,
statements, which would damage or injure Plaintiff's or give Defendants an unfair
7
Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 7 of 10 PageID #: 1604
competitive advantage or result in deception of conSumers.
F. Defendants' materials bearing infringing marks, the.means ofmakin$ the
counterfeit marks, and records documenting the. manufacture, sale, or receipt of thi~s !
involved in such violation, in the possession of data centers0pera\!ed by ContinuumlData I
Centers LLCandBurstnet Technologies,Inc., which have been seized pursuant to l~ U.S.C.
§ 1116( d), sball be held in secure escro .. w byStroz F.riedberg,.1925 c .. entury p.ark mf, Suite
1350, Los Angeles, CA 90067, whichwiH !\ctas sul:istitute~dianofany and all flata and I
properties seized and evidence preserved pursuant to this .order. S.lIch matedals sblfI be
stored securely and not accessed by any party until further order oftbis Court. I ,
O. The registries of the domains identified in Exhibit A to this Order (~
"Registries") sball implement the provisions of this order in the following fashion: i I
1. For currently registered domains, the domain lIanIe registran~ ; ,
information and pOint of contact shall not.OO changed and associat~ WHOlS infonp.ation
shall not be changed;
2. i
Domain names shall not be deleted or.otberwIse.made aVaila+1e for
registration by any party, but rather shottlrlrt:mlI.in active andredi'rected to IP ad~ I
199.2.137.141, using name servers ns I.miomsollinternetsafety.net and 1
ns2.microsoftinternetsafety.net. I 3. Domains shalilnot'be~rred tolllty,other person orreg~,
pending further order of the court; I 4. The Registriesshall.'lISSUIlIeauthod~for name resolutionOf~mlI.in
I
names to IP address 199.2.137.141, using the name servers nsLmicrosoftinteme~e1Y.net !
and ns2.microsoftintemetsafety.net; I
5. Name resolution services shall not be suspended;
6. The Registdes and Plaintiffs shall otherwise work together ill good I
faith to take any other reasonable steps necessary to prevent Defendants from usingjthe
Appendix A domains.
8
Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 8 of 10 PageID #: 1605
H. Defendants are directed to pennanently disable access to the file paths
identified in Appendix C; permanently delete or otherwise disable the content at thOile file
paths; and take all necessary steps to ensure that such file paths are not re-enabled nor the
content recreated. Pursuant to the All Writs Act, U.S. based free website hosting providers I
of the domains set forth in Appendix C are directed to permanently delete or otherw$se
disable the content at the ftle paths in Appendix C.
IT IS FURTHER ORDERED, that ~opies of this Order, notiw of the Preli,lninary I
Injunction hearing andserviw oftbe Complaint may be served by any means imtho~zed by law,
including (1) by persollal delivery upon defendants who provided contact informati6n in the I
U.S.; (2) personal delivery throUgh the Hague Convention on Service Abroad upon ~efendants I I
who provided contactinformation outside the U.s.; (3) by transmission by e-mail, electronic
messaging addresses, facsimlle and mail to the known contact information of DefenfJants and to
such contact information provided by defendants to the data centers, Internet hosting providers
and domain registtars who hosted the software code associated with the IP addres~ set forth at
Appendix B or through which domains in Appendix A are registered; and (4) by pu~lishing I
notiw to Defendants on a publicly available Internet website orin llewspapers in th~ jurisdictions I
where Defendants are believed to reside; I
I IT IS FURTBJ.ilRORDEREDthat Plaintiffs shall post bond in the amountlof
$300,000 as cash to be paid intotbe Courttegistry. . i
IT IS FURTBEIt ORDERED that Plaintiffs shal1cetnpenSatethe data ce*rs, i
Internet hosting providersandlordomain registries andlor website providers identi~ed in
Appendiws A, B and C at prevailing rates for tecbnicalassistance rendered in impl~menting
the Order.
IT IS FURTHER ORDERED that this Order shall be implemented with tI1e least
degree of interferenw with the normal operation of the data wnters and Internet ho~ting
providers andlor domain registries andlor website providers identified in Appendietls A, B
and C consistent with thorough and prompt implementation of this Order.
9
Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 9 of 10 PageID #: 1606
IT IS FURTHER ORDERED, specifically with regard to the preserved Internet
traffic to and from the servers corresponding to the IP addresses listed in Exhibit B,that this
evidence shall be preserved. held in escrow and kept under seal by Stroz Friedberg, ~d not
accessed by any party, pending further order of this Court.
IT IS FURTHERORDERED, specifically with regard to the Internet traffic that is
redirected from the domains listed in Exhibit A to the Mierosoft-secured IP address:
199.2.137.141, using name servers ns).microsoftintemetsafety.net and
ns2.mierosoftintemetsafety~net, that Microsoft shaI1 not record more than the IP aMresses of
incoming connections.
IT IS SO ORDERED
~ Entered this ~ day of March, 2012.
( \ \
10
Case 1:12-cv-01335-SJ-RLM Document 22 Filed 03/29/12 Page 10 of 10 PageID #: 1607
Source: Privacy & Security Law Report: News Archive > 2012 > 03/05/2012 > Conference Report: RSA Conference2012 > Internet: White House Advisor Schmidt Discusses Online Trusted ID Plan, Fighting Botnets
11 PVLR 404Internet
White House Advisor Schmidt DiscussesOnline Trusted ID Plan, Fighting Botnets
By Joyce E. Cutler
SAN FRANCISCO—The private sector is going to be in the driver's seat for creating a framework for trustedidentities in online transactions, White House Cybersecurity Coordinator Howard Schmidt said Feb. 29.
Schmidt, speaking at a session of the RSA Conference 2012, said that the core of the administration's NationalStrategy for Trusted Identities in Cyberspace (NSTIC) is to make sure individuals, businesses, and computer-to-computer activities can use interoperable digital credentials.
The cybersecurity chief stressed that the framework will draw on industry expertise and the marketplace tohave online identities validated and privacy protections addressed.
“The government will be and is a consumer of this technology and not the one thatis going to go out and build this. Government should not be in that business. It'snot the core competency. It's not the role of the government, but clearly it's theidea of the marketplace being driven by innovators and entrepreneurs,’’ Schmidtsaid.
In April 2011, the Obama White House released its final draft of the NSTIC, whichit said is designed to make internet communications and transactions more secureto reduce fraud and identity theft (10 PVLR 618, 4/25/11).
The private sector will build it “so we can get out of this massive, expensive,password management environment that we live in today,’’ Schmidt said.
Moving Against Botnets
The Commerce Department's National Institute of Standards and Technology and the Department ofHomeland Security are teaming up with the private sector to look at a voluntary industry code of conduct toaddress detection and shutdown of botnets (10 PVLR 1377, 9/26/11).
Botnets are networks of infected computers used to launch malicious denial of service attacks, send spam,and store illegal content.
Australia through its internet association has an “iCode’’ of conduct with its internet service providers toreduce these so-called “zombie” attacks, Schmidt noted. While Australia is still developing statistics about howeffective the code is, “the bottom line is if we have 5 percent less botnets, that's better than where we aretoday,’’ he said.
Industry has raised concerns that owners and operators would be opening themselves to more governmentregulation, Schmidt said.
“None of us can predict what somebody might think about in the future,’’ he said. ‘‘But what we need to makesure is what we're doing right now is [that] we're doing what we can to reduce the likelihood [of a successfulcyber-attack], so it doesn't give someone in the future ammunition to say [that the] ‘private sector is notresponding.’’’
White House Cybersecurity Plan
In June 2011, Commerce release a final draft paper developing cybersecurity strategies for non-coveredcritical infrastructure (10 PVLR 871, 6/13/11), Ari Schwartz, NIST senior internet policy adviser said.
He added that “no one right now is suggesting regulating, but yet there's an acknowledgment there aresecurity issues at hand.”
Privacy & Security Law Report®
BNA INSIGHTSARCHIVE
Building an OnlineIdentity LegalFramework: The ProposedNational Strategy—Thomas J. Smedinghoff,Wildman Harrold, Chicago
Page 1 of 2Privacy & Security Law Report
3/2/2012http://news.bna.com/pvln/display/batch_print_display.adp
Within the next 90 days, the government is going to ask its private sector partners to roll out the frameworkaddressing the issue and “develop the group that will lead this thing going forward,’’ Schmidt said.
“This is not something we're going to continue to sit by and watch. We know it's out there. We've admired theproblem long enough. It's time to act on it. We have the right people, the right stakeholders, the right leaderson the government side to help facilitate it, and I think it's going to move forward in a rapid manner,’’ Schmidtpredicted.
For More Information
Further information on the RSA Conference 2012 is available athttp://365.rsaconference.com/index.jspa.
Contact us at http://www.bna.com/contact/index.html or call 1-800-372-1033
ISSN 1538-3431Copyright © 2012, The Bureau of National Affairs, Inc.. Reproduction or redistribution, in whole or in part, and in
any form, without express written permission, is prohibited except as permitted by the BNA Copyright Policy.http://www.bna.com/corp/index.html#V
Page 2 of 2Privacy & Security Law Report
3/2/2012http://news.bna.com/pvln/display/batch_print_display.adp
Guidance for Domain Name Orders Contact: Dave Piscitello
1
Guidance for Preparing Domain Name Orders, Seizures & Takedowns
Abstract
This “thought paper” offers guidance for anyone who prepares an order that seeks to seize or take down domain names. Its purpose is to help preparers of legal or regulatory actions understand what information top level domain name (TLD) registration providers such as registries and registrars will need to respond promptly and effectively to a legal or regulatory order or action. The paper explains how information about a domain name is managed and by whom. In particular, it explains that a seizure typically affects three operational elements of the Internet name system – domain name registration services, the domain name system (DNS) and WHOIS services – and encourages preparers of legal or regulatory actions to consider each when they prepare documentation for a court action.
Table of Contents
GUIDANCE FOR PREPARING DOMAIN NAME ORDERS, SEIZURES & TAKEDOWNS ......... 1 PURPOSE OF THIS PAPER ................................................................................................................... 2 WHAT INFORMATION SHOULD ACCOMPANY A LEGAL OR REGULATORY ORDER OR ACTION?.................................................................................................................................................... 4 CHECKLIST OF INFORMATION TO SUBMIT WITH A LEGAL OR REGULATORY ACTION . 5 ADDITIONAL CONSIDERATIONS.....................................................................................................12 CONTACT US..........................................................................................................................................13 REFERENCES..........................................................................................................................................16
Guidance for Domain Name Orders Contact: Dave Piscitello
2
Purpose of this paper Recent legal actions resulting in disrupting or dismantling major criminal networks (Rustocki, Corefloodii, Kelihosiii) have involved seizures of domain names, domain name system (DNS) name server reconfiguration, and transfers of domain name registrations as part of the take down actions. These activities have been taken to mitigate criminal activities and will likely continue to be elements of future anticrime efforts. Generally, court-‐issued seizure warrants or restraining orders in the United States or similar governmental jurisdictions identify the required, immediate actions a party must take and accompany these with sufficient information for domain name registration providers such as registry operators or registrars to comply. Domain name registration providers can promptly obey complaints or legal or regulatory actions (or voluntarily cooperate with law enforcement agents and the private sector) when the instructions of the court or regulatory entity specify the immediate and long-‐term actions required as completely and unambiguously as possible. Providing all of the information that registry operators or registrars need to comply with an order or request requires some familiarity with Internet protocols, technology and operations. Law enforcement agents, attorneys, officers of courts and others who are not familiar with the operation and interrelationship of domain name registration services, the domain name system (DNS), and WHOIS services can benefit from a reference list of questions and guidance for “answers” (information) that ideally would be made available when action is specified in a court order. We offer a list of questions and encourage preparers to answer each when the legal or regulatory action seeks to seize or take down a domain name. For each question, a checklist or explanation of information that preparers should make available to registry operators or registrars is provided. Note that it may not necessarily be the case that all of the information identified in this list will be relevant for all types of seizure or take down actions. The information discussed here is not exhaustive, nor are these questions prescriptive. However, the preparation and execution of actions or orders may be expedited if these details are considered during the preparation of a legal or regulatory action or during the onset of an incident involving the DNS, including domain name registrations. The comments and recommendations made in here are based on experience with actions and orders that have been prepared and executed by U.S. courts. This is a lay document. Its authors and contributors are technical and operational staff, not attorneys [although persons with legal expertise were consulted in the preparation
Guidance for Domain Name Orders Contact: Dave Piscitello
3
of this document for publication]. We offer no legal advice here. Our purpose is to share “field experience” so that these can be taken into consideration for future actions and orders involving domain name seizures and take downs. Domain name seizures are typically ordered in association with criminal acts. Preparers of orders should consider whether disputes concerning alleged abusive registrations of domain names (e.g., bad faith use, confusing similarity) may be handled through the Uniform Domain Name Dispute Resolution Policy and administrative procedure, found at [iv].
Guidance for Domain Name Orders Contact: Dave Piscitello
4
What information should accompany a legal or regulatory order or action? Domain name registration is a multi-‐step process. An organization or individual that wants to use a domain name first checks availability of the string of characters in a given Top Level Domain (TLD), and if available, must register the domain name. ICANN accredited registrars process registrations for ICANN generic TLDs (gTLD). Country-‐specific TLDs (ccTLDs) are not under obligation to use ICANN accredited registrars and may use any registration provider or they may provide registration services directly. A fee for a term of use is commonly paid to register a domain. Upon completing a domain name registration, the domain name is made active in the TLD registry, a registration record is created, and the Domain Name System is configured to allow name to Internet address resolution for the domain and services such as email or web. Often, several business entities coordinate to perform these actions on behalf of the registering party (the registrant) and to manage all the information associated with a domain throughout that domain’s life cycle. Nearly all of this information may be relevant or essential to a successful execution of a legal or regulatory order or action. Domain name registration providers such as registries or registrars require certain information to enable them to satisfy a court order or investigate a legal or regulatory action. As you prepare one of these documents, consider the following high-‐level questions: 1) Who is making the legal or regulatory action or issuing a request?
Examples: a court of law, a law enforcement agent/agency, a registry, a registrar, an attorney, or an intervener (e.g., a trusted or contracted agent of a complainant who has assisted in the technical or operational investigation of criminal activity).
2) What changes are required to the registration of the domain name(s) listed in the legal or regulatory order or action? Individuals or organizations register and pay an annual fee to use a domain name. The individual or organization then becomes the registrant on record of the domain. Parties that perform domain name registrations as a service (“registrars” or “registries”) collect contact, billing and other information from the registrant. A legal or regulatory action should describe if this information is to be altered, and how.
Guidance for Domain Name Orders Contact: Dave Piscitello
5
A domain name registration also identifies the status of the domainv. Status indicates the operational state of a domain name in a registry, i.e., whether or not the domain name is active or not. Status also serves as an access control, i.e., whether or not the registration of a domain name can be transferred, modified, or deleted. A legal or regulatory order or action should specify the status a registrar or registry should assign to the domain name(s) listed in the legal or regulatory order or action. [Note that status also preserves the state of information associated with a domain name in services such as data escrow and registration data information services such as WHOIS]. In cases where the registration of a domain name is to be transferred away from a party named in a legal or regulatory action to law enforcement or an agent operating on behalf of law enforcement, the legal or regulatory action should provide the “replacement” domain name registration data as described in ICANN’s registrar accreditation agreement (RAAvi).
3) Should the Domain Name System (DNS) continue to resolve the domain name(s) listed in the legal or regulatory action? Provisions must be made in the DNS to make the name usable, i.e., to make it possible for Internet users to locate (determine the Internet address of) web, mail, or other services the registrant intends to host. The process of locating hosts using the DNS is called domain name resolution. The legal or regulatory action should indicate whether and how the DNS is to be configured, whether domain name(s) listed in the order or action are to resolve, and how.
4) What changes are required to the WHOIS information associated with the
domain name(s) listed in the legal or regulatory action? Certain information about a domain name registration – the registrant on record, point of contact information, domain status, sponsoring registrar, name server address – may be available via an Internet service called WHOIS. The legal or regulatory action should identify what information WHOIS services should provide in response to queries about domain name(s) identified in the legal or regulatory action.
Checklist of information to submit with a legal or regulatory action Preparers of legal or regulatory actions are encouraged to consider whether the questions presented below have been answered in an order or action. For each question, there is an accompanying checklist or explanatory text to help preparers. The table considers a single domain. When legal or regulatory orders identify multiple domains, preparers can expedite handling of the order by grouping the domain names by Top Level Domain type (e.g., COM, NET, BIZ, INFO…).
Guidance for Domain Name Orders Contact: Dave Piscitello
6
Who is making the request? [ ] Complainant (plaintiff)
[ ] Respondent (defendant) [ ] Court of Record
Who are the primary points of contact?
Contact information for court officers, attorneys, technical/operational staff or agents, line or senior management of parties to the legal or regulatory action: • Name • Postal address • Telephone number(s) • Fax numbers(s) • Email address(es)
These prove beneficial should issues be identified that require a technical or operational action, legal consultation or business decisions; in particular, call attention to any person designated as the coordinator, lead or responsible party to the action. Important: Issuers of requests are encouraged to provide some form of official, verifiable contact information. Recipients of a court order may require a method to verify the legitimacy of the issuer of the request. The inability to validate a request, especially when the request comes from a foreign law enforcement agency, court, or other entity can delay action by the recipient. Indicate whether any contact information provided is to be kept confidential.
Guidance for Domain Name Orders Contact: Dave Piscitello
7
What kind of request is this? The request should clearly indicate whether this is a court order or request for action. For example, [ ] Court order (attached) or regulatory action [ ] 3rd party request for action. Examples:
[ ] Algorithmically generated domain name HOLD request
[ ] Child abuse material [ ] Copyright infringing materials [ ] Malware Command & Control host [ ] …
Note: 3rd party requests should be accompanied by verifiable evidence supporting the third party request.
What is the expected response time?
[ ] Date and time by which the actions indicated in the legal or regulatory action must be executed.
Document should make clear when the actions must be executed. This is particularly important when multiple parties must coordinate execution so that their actions are “simultaneous”.
Is there a desire to obtain records related to the domain at the same time the domain is seized?
[ ] Records and documents sought
The legal or regulatory action should list and describe all forms of records sought and indicate the span of time. Make clear whether or not the request is part of the action. Important: The issuer should always seek to direct requests to the party who is in possession of the information sought, especially when preparing sealed orders. For generic TLDs, registrars typically possess billing information and other customer (registrant) information that cannot be accessed using WHOIS services (e.g., information associated with privacy protection services).
Guidance for Domain Name Orders Contact: Dave Piscitello
8
How is the domain name registration record to be changed? Note: Identify all the changes ordered or requested.
[ ] change domain name registrant
The party identified as the domain name registrant is to be changed to the party specified in the complaint. The “gaining” party may be responsible for future registration fees.
[ ] Change domain name registration point of
contact information as specified
The point of contact information recorded in the domain name registration is to be changed to the contact information specified in the complaint. The legal or regulatory action should indicate how each point of contact (registrant, administrative contact, technical contact) is to be altered.
[ ] Disable DNSSEC
DNS information that has been cryptographically protected with a digital signature will be altered so that is no longer protected
[ ] Replace existing DNSSEC keys with new key(s) supplied
DNS information that has been cryptographically protected with a digital signature will be altered so that is now protected using the key(s) supplied by the requesting entity.
How is domain name status to be changed?
[ ] prevent transfer of domain name [ ] prevent updates to domain name
registration [ ] Delete domain name
Deleting a domain name “releases” the name into the pool of names available for registration by any party.
Guidance for Domain Name Orders Contact: Dave Piscitello
9
Is the domain name to be transferred to a different sponsoring registrar?
[ ] Transfer domain to new registrar specified
If the legal or regulatory action wants the domain name transferred from the current sponsoring registrar to a registrar identified in the order or action, the requesting entity should supply the “losing” registrar and the “gaining” registrar for this action. A unique authorization code (Auth-Code) may be required for this action. This is obtained from the losing registrar and provided to the gaining registrar as proof of consent to transfer the domain name.
Is the party that provides name resolution service (DNS) to be changed?
[ ] Change authority for DNS
Authority identifies the party that is responsible for managing and providing DNS for a domain name. A legal or regulatory action should identify parties that will assume authority for name resolution of domain names listed in the document.
This is a change to the DNS configuration of the registry (TLD) zone file. Specifically, the DNS records that identify the authoritative name server(s) for the domain name must be changed to point to IP address(es) under administrative control of the parties named in the legal or regulatory action (or request).
[ ] Change DNS configuration of the domain
This is a change to the DNS configuration of the zone file for the domain specified in the order or action. Requesting entities provide this information to registrars or 3rd party DNS providers. The requesting entity should provide current and desired values for all zone data (resource records, TTL values) that is to be changed.
Guidance for Domain Name Orders Contact: Dave Piscitello
10
Is name resolution service (DNS) to be suspended?
[ ] Suspend name resolution (DNS): “seize and take down”
The legal or regulatory action should specify that domain name(s) should not resolve. In this case, the TLD registry operator will take action so that the DNS will return a non-existent domain response to any queries for any delegation in this domain. This action implies that the domain name is to be “locked”; i.e., that no party (e.g., registrar, registrant) can modify the status and cause the DNS to resume name resolution of the domain name).
Is redirection to a text of notice page required?
[ ] Redirect domain name to text of notice page: “seize and post notice”
If the requesting entity intends to post a text of notice on a web page, the legal or regulatory action should provide the domain name(s) and IP address(es) for the name server that will perform name resolution for the domain names listed in the order or action. The legal or regulatory action should indicate the intended duration of time that redirection is to be performed.
Guidance for Domain Name Orders Contact: Dave Piscitello
11
Is redirection of Internet hosting required?
[ ] Redirect to host operator: “seize and operate”
If the legal or regulatory action seeks to replace an Internet host1 with one that is operated under the requesting entityʼs purview, provide the domain name(s) and IP address(es) for the name server that will perform name resolution for the domain names listed in the legal or regulatory action. In other situations, the requesting entity may seek to keep the name (and name resolution) operational. This can happen when a problematic service is operational on the same domain name that also serves non-problematic services. The legal or regulatory action should indicate the intended duration of time that redirection is to be performed. 1 The requesting entity may operate a “command and
control (C&C)” for the purpose of monitoring or intercepting communications, substituting commands or responses or other actions to remotely disable or supervise software executing without authorization or consent on compromised computers. (Note that the requesting entity could operate any service it chooses. This will have no bearing on what information to provide to registries or registrars.
What should WHOIS for the domain name display?
[ ] WHOIS information display change
The legal or regulatory action should specify the information that the registry or registrar should use in response to queries for domain name registration data via a WHOIS service (See Appendix A for an example WHOIS response).
[ ] Reveal private/proxy registration
Individuals or organizations that register domain names may pay a fee to a registrar or 3rd party to protect part or all of the information displayed via WHOIS services from display. A legal or regulatory action should indicate when it requires the disclosure of “privacy protected” registration information.
Guidance for Domain Name Orders Contact: Dave Piscitello
12
Additional Considerations The nature and complexity of domain name seizures and takedown operations has evolved over time. Moreover, as criminals have demonstrated that they will adapt to technical measures to thwart crime, they are likely to adapt as they study legal measures. This section calls attention to some of the issues that past seizures and takedown actions have exposed. Legal or regulatory actions are typically specific with respect to the immediate obligation; for example, they will enumerate domain names, IP addresses, and equipment that are to be seized. A legal or regulatory action can be less clear with regard to how long an action is to remain ongoing, or can impose a constraint on a registry that creates an obstacle to satisfying the instructions in the order. Certain legal or regulatory actions identify domain names that are hosted in countries outside the U.S., where the offense is not against the law. Certain legal or regulatory actions create long-‐term administrative responsibilities for registries; for example, if a botnet algorithmically generates domain names, a registry may need to block registrations of these names as frequently as the algorithm generates to comply with an order. The number of domain names identified in these orders can accumulate to (tens of) thousands over a span of 1-‐2 years (100 algorithmically generated domains per day reaches 10,000 in 3 months’ time). Legal or regulatory actions do not always indicate how long seizure or hold actions are to persist. Domain seizures (holds) also demand “zero error”: should any party in the chain fail to identify or block even one domain name, a botnet that was successfully contained for months can be resurrected. Algorithmically generated domain names may also conflict with already registered domains. Registries would typically seek to protect a legitimate registrant that has the misfortune of having registered a second level label that is identical to one algorithmically generated, but if the court order seizes the domain, registries could note the conflict but ultimately would obey the order. Moreover, domain generation algorithms used in criminal activities may (are likely to) adapt to defeat blocking techniques; for example, blocking registrations may not be practical if an algorithm were to generate tens of thousands of domains per day. Sealed court orders pose operational challenges to TLD registry operators who rely on registrars to manage registrant contact information. The order prohibits the registry to communicate with the registrar of record but the registry cannot modify the contact information unless the registrar of record is engaged. Legal or regulatory actions may order registries, registrars, Internet (web or mail) hosting companies, and ISPs to take specified steps at a specified date and time.
Guidance for Domain Name Orders Contact: Dave Piscitello
13
Such steps require considerable coordination and preparers of legal or regulatory actions should consider how “lead” as well as “execution” time may affect outcome. Orders can create administrative responsibilities for registrars as well (for example, inter-‐registrar transfers of seized domain name registrations). Orders generally do not consider fee waivers, nor do they typically consider the ongoing financial obligation of the “gaining” registrant to pay annual domain registration fees.
Contact Us Dave Piscitello, Senior Security Technologist at ICANN, prepared this thought paper, with the assistance of the ICANN Security Team. Information. Reviews and comments from Internet security, technical and operational community members were essential in preparing this initial paper, and the Security Team thanks all who contributed. We welcome additional comments. Please forward all comments by electronic mail to [email protected]
Guidance for Domain Name Orders Contact: Dave Piscitello
14
Appendix A. Sample WHOIS response This is a sample response to a WHOIS query. The data labels and display format varies across registries and registrars. Values for registration data elements in BOLD should be provided by the requesting entity. Domain ID: D2347548-‐LROR Domain Name: ICANN.ORG Created On:1 4-‐Sep-‐1998 04:00:00 UTC Last Updated On:10-‐Jan-‐2012 21:32:13 UTC Expiration Date: 07-‐Dec-‐2017 17:04:26 UTC Sponsoring Registrar: GoDaddy.com, Inc. (R91-‐LROR) Status: CLIENT DELETE PROHIBITED Status: CLIENT RENEW PROHIBITED Status: CLIENT TRANSFER PROHIBITED Status: CLIENT UPDATE PROHIBITED Status: DELETE PROHIBITED Status: RENEW PROHIBITED Status: TRANSFER PROHIBITED Status: UPDATE PROHIBITED Registrant ID: CR12376439 Registrant Name: Domain Administrator Registrant Organization: ICANN Registrant Street1: 4676 Admiralty Way #330 Registrant City: Marina del Rey Registrant State/Province:California Registrant Postal Code: 90292 Registrant Country: US Registrant Phone: +1.4242171313 Registrant FAX:+1.4242171313 Registrant Email: domain-[email protected] Admin ID: CR12376441 Admin Name: Domain Administrator Admin Organization: ICANN Admin Street1:4 676 Admiralty Way #330 Admin City: Marina del Rey Admin State/Province: California Admin Postal Code: 90292 Admin Country: US Admin Phone: +1.4242171313 Admin FAX: +1.4242171313 Admin Email: domain-[email protected] Tech ID: CR12376440 Tech Name: Domain Administrator Tech Organization: ICANN
Guidance for Domain Name Orders Contact: Dave Piscitello
15
Tech Street1: 4676 Admiralty Way #330 Tech City: Marina del Rey Tech State/Province: California Tech Postal Code: 90292 Tech Country: US Tech Phone: +1.4242171313 Tech FAX: +1.4242171313 Tech Email: domain-[email protected] Name Server: NS.ICANN.ORG Name Server: A.IANA-SERVERS.NET Name Server: B.IANA-SERVERS.NET Name Server: C.IANA-SERVERS.NET Name Server: D.IANA-SERVERS.NET DNSSEC: Signed DS Created 1: 26-‐Mar-‐2010 15:12:06 UTC DS Key Tag 1: 41643 Algorithm 1: 7 Digest Type 1: 1 Digest 1: 93358db22e956a451eb5ae8d2ec39526ca6a87b9 DS Maximum Signature Life 1:1814400 seconds DS Created 2: 26-‐Mar-‐2010 15:12:28 UTC DS Key Tag 2: 41643 Algorithm 2: 7 Digest Type 2: 2 Digest
2:b8ab67d895e62087f0c5fc5a1a941c67a18e4b096f6c622aefae30dd7b1ea199
DS Maximum Signature Life 2:1814400 seconds
Guidance for Domain Name Orders Contact: Dave Piscitello
16
References i Defeating Rustock in the Courts http://www.microsoft.com/security/sir/story/default.aspx#!rustock_defeating
ii “Coreflood” Temporary Restraining Order http://www.fbi.gov/newhaven/press-‐releases/pdf/nh041311_5.pdf/at_download/file
iii “Kelihos” ex parte temporary restraining order http://www.noticeofpleadings.com/images/FAC-‐EN.pdf
iv Uniform Dispute Resolution Policy and procedures http://www.icann.org/en/dndr/udrp/policy.htm
v EPP Status Codes: What do they mean and why should I know? http://www.icann.org/en/transfers/epp-‐status-‐codes-‐30jun11-‐en.pdf
vi ICANN Registrar Accreditation Agreement 21 May 2009 http://www.icann.org/en/registrars/ra-‐agreement-‐21may09-‐en.htm
1/29/13 ISPrime - SLA
www.isprime.com/legal/sla.html 1/9
Acceptable Usage Policy
These ISPrime Acceptable Usage Policy ("Acceptable Usage Policy ") describe the proper kinds of conduct and prohibited uses of ISPrime's
hosting serv ices (the "Serv ices"), as described and subscribed to pursuant to the Hosting Agreement posted at www.ISPrime.com (the "Hosting
Agreement"). These Acceptable Usage Policy are not exhaustiv e and ISPrime reserv es the right to modif y these Acceptable Usage Policy at any
time, ef f ectiv e upon posting of the modif ied Acceptable Usage Policy to www.ISPrime.com. By registering f or and using the Serv ices, and
thereby accepting the terms and conditions of the Hosting Agreement, y ou agree to abide by these Acceptable Usage Policy as modif ied f rom
time to time. Any v iolation of these Acceptable Usage Policy may result in the suspension or termination of y our account or such other action as
ISPrime deems appropriate, which is described f urther in the Hosting Agreement.
1. YOUR GENERAL RESPONSIBILITIES
The Serv ices enable y ou to dev elop and display a Web site through which y ou can interact with users of the Internet and retriev e and send v ast
amounts of inf ormation. Generally , ISPrime will not activ ely monitor, censor, or directly control any content that is or will be display ed on y our
Web site(s) or inf ormation that y ou collect or use through y our Web site(s). ISPrime, howev er, prov ides the Serv ices with the goals of (a)
ensuring security , reliability and priv acy of the Serv ices and the users of the Serv ices, (b) maintaining an image and reputation of ISPrime as a
responsible prov ider of the Serv ices, (c) preserv ing the v alue of Internet resources as a conduit f or f ree expression, (d) encouraging the
responsible use of Internet resources and discouraging degrading, libelous or illegal uses of such resources. Consequently , ISPrime expects y ou,
and all other users of the Serv ices, to take responsibility in using the Internet with courtesy and responsibility , and be f amiliar with and to practice
good Internet etiquette, in f urtherance of the abov e stated goals.
VIOLATION OF ANY OF THESE GUIDELINES IS STRICTLY PROHIBITED AND MAY RESULT IN THE IMMEDIATE TERMINATION OR
SUSPENSION OF THE SERVICES YOU RECEIVE FROM ISPrime ACCORDING TO THE HOSTING AGREEMENT. YOU WILL REMAIN
SOLELY LIABLE AND RESPONSIBLE FOR YOUR USE OF THE SERVICES AND ANY AND ALL CONTENT THAT YOU DISPLAY, UPLOAD,
DOWNLOAD OR TRANSMIT THROUGH THE USE OF THE SERVICES. "CONTENT" INCLUDES, WITHOUT LIMITATION, YOUR E-MAIL, WEB
PAGES, PERSONAL HOME PAGES, AND DOMAIN NAMES. IT IS ISPrime'S POLICY TO TERMINATE REPEAT INFRINGERS.
2. ILLEGAL OR HARMFUL USE
You may use the Serv ices only f or lawf ul purposes. Transmission, distribution, sale, or storage of any material in v iolation of any applicable law,
regulation, or these Acceptable Usage Policy is prohibited. The f ollowing non-exhaustiv e list details the kinds of illegal or harmf ul conduct are
prohibited. ISPrime reserv es the rights to restrict or prohibit any and all uses of the Serv ices or content on y our Web site(s) and to remov e such
materials f rom its serv ers, that ISPrime determines in its sole discretion is harmf ul to its serv ers, sy stems, network, reputation, good will, other
ISPrime customers, or any third party .
Inf ringement. Inf ringement of intellectual property rights or other proprietary rights including, without limitation, material protected by copy right,
trademark, patent, trade secret, or other intellectual property right used without proper authorization. Inf ringement may result f rom, among other
activ ities, the unauthorized copy ing and posting of pictures, logos, sof tware, articles, musical works, and v ideos.
Of f ensiv e Materials. Transmission, disseminating, sale, storage or hosting material that is unlawf ul, libelous, def amatory , obscene, illigal,
indecent, lewd, harassing, threatening, harmf ul, inv asiv e of priv acy or publicity rights, abusiv e, inf lammatory or otherwise objectionable.
Export Violations. Posting or sending of sof tware or technical inf ormation in v iolation of U.S. export laws, including, without limitation, the Export
Administration Act and the Export Administration Regulations maintained by the Department of Commerce.
Harmf ul Content. Disseminating or hosting harmf ul content including, without limitation, v iruses, Trojan horses, worms, time bombs, cancelbots or
any other computer programming routines that may damage, interf ere with, surreptitiously intercept or expropriate any sy stem, program, data or
personal inf ormation.
Fraudulent Conduct. Of f ering or disseminating f raudulent goods, serv ices, schemes, or promotions (i.e., make money f ast schemes, chain
letters, py ramid schemes), or f urnishing f alse data on any signup f orm, contract or online application or registration, or the f raudulent use of any
inf ormation obtained through the use of the Serv ices, including without limitation use of credit card numbers.
3. SYSTEM AND NETWORK SECURITY AND INTEGRITY
Violations of ISPrime's or any third party 's serv er, sy stem or network security through the use of the Serv ices are prohibited, and may result in
criminal and civ il liability . ISPrime may inv estigate incidents inv olv ing such v iolations. ISPrime may inv olv e and cooperate with law enf orcement
if a criminal v iolation is suspected. Examples of serv er, sy stem or network security v iolations include, without limitation, the f ollowing:
Hacking. Unauthorized access to or use of data, sy stems, serv er or networks, including any attempt to probe, scan or test the v ulnerability of a
sy stem, serv er or network or to breach security or authentication measures without express authorization of the owner of the sy stem, serv er or
network.
Interception. Unauthorized monitoring of data or traf f ic on any network, serv er, or sy stem without express authorization of the owner of the
sy stem, serv er, or network.
Intentional Interf erence. Interf erence with serv ice to any user, host or network including, without limitation, mail bombing, news bombing, other
f looding techniques, deliberate attempts to ov erload a sy stem, broadcast attacks and any activ ity resulting in the crash of a host. Intentional
interf erence also means the use of any kind of program/script/command, or send messages of any kind, designed to interf ere with a user's
1/29/13 ISPrime - SLA
www.isprime.com/legal/sla.html 2/9
terminal session, v ia any means, locally or by the Internet.
Falsif ication of Origin. Forging of any TCP-IP packet header, e-mail header or any part of a message header. This prohibition does not include the
use of aliases or anony mous remailers.
Av oiding Sy stem Restrictions. Using manual or electronic means to av oid any use limitations placed on the Serv ices such as timing out.
Failure to Saf eguard Accounts. Failing to prev ent unauthorized access to accounts, including any account passwords.
4. E-MAIL
You may not distribute, publish, or send any of the f ollowing ty pes of e-mail: Unsolicited promotions, adv ertising or solicitations (commonly
ref erred to as "spam"), including, without limitation, commercial adv ertising and inf ormational announcements, except to those who hav e explicitly
requested such e-mails.
Commercial promotions, adv ertising, solicitations, or inf ormational announcements that contain f alse or misleading inf ormation in any f orm.
Harassing e-mail, whether through language, f requency , or size of messages.
Chain letters.
Malicious e-mail, including without limitation "mailbombing" (f looding a user or Web site with v ery large or numerous pieces of mail) or "trolling"
(posting outrageous messages to generate numerous responses).
E-mails containing f orged or f alsif ied inf ormation in the header (including sender name and routing inf ormation), or any other f orged or f alsif ied
inf ormation.
In addition, y ou may not use ISPrime's mail serv er or another Web site's mail serv er to relay mail without the express permission of the account
holder or the Web site. Posting the same or similar message to one or more newsgroups (excessiv e cross-posting or multiple-posting) also is
explicitly prohibited.
5. 100% UPTIME GUARANTEE
(a) Cov erage These ISPrime Acceptable Use And Serv ice Guidelines apply to y ou if y ou hav e registered f or either Shared Hosting Serv ices or
Dedicated Hosting Serv ices (collectiv ely , the "Serv ice") and y ou are in good f inancial standing with ISPrime.
(b) Serv ice Lev el
ISPrime endeav ors to hav e the content of y our Web site av ailable f or http access by third parties 100% of the time ("Web Site Av ailability ").
(c) Credits
In the ev ent that there is no Web Site Av ailability , ISPrime will credit the f ollowing month's serv ice f ee as f ollows. For Shared Hosting serv ices,
such credit will be retroactiv e and will be as calculated below and as measured 24-hours a day in a calendar month, with the maximum credit not to
exceed the monthly serv ice charge f or the af f ected month.
Customer Web Site Av ailability Credit
95% to 99.8% 25%
90% to 94.9% 50%
89.9% or below 100%
For Dedicated Hosting serv ices, if the Web Site Av ailability is between 98.9% and 99.9% f or any particular month, the credit will be retroactiv e
and equiv alent to the dif f erence between the guaranteed lev el of av ailability of the customer's serv ices during the month and the calculated
actual lev el of av ailability of the customer's serv ices, multiplied by the actual charges incurred by the customer f or the serv ices during that
month period. In addition, f or Dedicated Hosting serv ices, customers may be entitled to additional credits as calculated below and as measured
24-hours a day in a calendar month, with the maximum credit not to exceed f if ty percent (50%) of the monthly serv ice charge f or the af f ected
month.
In order f or y ou to receiv e a credit on y our account, y ou must request such credit within sev en (7) business day s af ter y ou experienced no Web
Site Av ailability . You must request credit by sending an electronic mail message to [email protected]. For security , the body of this
message must contain y our account number, the dates and times of the unav ailability of y our Web site, and such other customer identif ication
requested by ISPrime. Credits will usually be applied within sixty (60) day s of y our credit request. Credit to y our account will be y our sole and
exclusiv e remedy in the ev ent that there is no Web Site Av ailability .
(d) Restrictions
1/29/13 ISPrime - SLA
www.isprime.com/legal/sla.html 3/9
Credits will not be prov ided to y ou in the ev ent that y ou hav e no Web Site Av ailability resulting f rom (i) scheduled maintenance as posted f rom
time to time at ISPrime.com, (ii) y our behav ior or the perf ormance or f ailure of y our equipment, f acilities or applications, or (iii) circumstances
bey ond ISPrime's reasonable control, including, without limitation, acts of any gov ernmental body , war, insurrection, sabotage, embargo, f ire,
f lood, strike or other labor disturbance, interruption of or delay in transportation, unav ailability of interruption or delay in telecommunications or
third party serv ices (including DNS propagation), f ailure of third party sof tware or hardware or inability to obtain raw materials, supplies, or power
used in or equipment needed f or prov ision of y our Web site.
6. NEXT BUSINESS DAY GUARANTEED PROVISIONING FOR DEDICATED SERVERS
(a) Cov erage
ISPrime's Next Business Day Guarantee will only apply to those standard, pre-conf igured Dedicated Serv ers specif ically noted as subject to the
Next Business Day Guarantee on the ISPrime.com web site ("Cov ered Serv ers"). This guarantee does not apply to non-standard conf igurations,
such as changing RAID lev els, and other add-on f eatures. ISPrime retains the right to add or delete Dedicated Serv ers f rom the Next Business
Day Guarantee, at any time without notice, or cancel the Next Business Day Guarantee at any time without notice.
(b) Guarantee
For those Cov ered Serv ers described in (a) abov e, ISPrime will Prov ision such serv ers by the Next Business Day of receiv ing a customer order,
once such customer order has been conf irmed and any necessary credit checks hav e been perf ormed. Next Business Day will mean that, f or
those customer orders f or Cov ered Serv ers receiv ed and conf irmed (including any necessary credit checks) by 6:00 p.m. United States Eastern
Time during a Business Day , the Cov ered Serv er will be Prov isioned by 6:00 p.m. United States Eastern Time the f ollowing Business Day .
Business Day will mean Monday through Friday , excluding the f ollowing holiday s: New Year's Day , Memorial Day , Independence Day , Labor
Day , Thanksgiv ing Day , Day af ter Thanksgiv ing, and Christmas Day . Prov ision will mean that ISPrime has generated an E-mail to the customer
with the proper inf ormation to enable the customer to send and receiv e inf ormation f rom and to the Cov ered Serv er.
(c) Credit
If ISPrime is unable to meet the Next Business Day Guarantee as described in this Section 6, ISPrime will issue a credit or ref und of One
Hundred Dollars ($100.00) of the Set-up f ee described f or the Cov ered Serv er on ISPrime.com. Such credit may be applied to f uture months
serv ice f ees in ISPrime's discretion.
(d) Restrictions
Credits will not be prov ided to y ou in the ev ent that y ou do not hav e y our Cov ered Serv er Prov isioned by the Next Business Day resulting f rom
(i) y our behav ior or the perf ormance or f ailure of y our equipment, f acilities or applications, or (ii) circumstances bey ond ISPrime's reasonable
control, including, without limitation, acts of any gov ernmental body , war, insurrection, sabotage, embargo, f ire, f lood, strike or other labor
disturbance, interruption of or delay in transportation, unav ailability of interruption or delay in telecommunications or third party serv ices (including
DNS propagation), f ailure of third party sof tware or hardware or inability to obtain raw materials, supplies, or power used in or equipment needed
f or prov ision of y our Web site.
INDIRECT OR ATTEMPTED VIOLATIONS OF THE ACCEPTABLE USAGE POLICY, AND ACTUAL OR ATTEMPTED VIOLATIONS BY A THIRD
PARTY ON YOUR BEHALF, WILL BE CONSIDERED VIOLATIONS OF THE ACCEPTABLE USAGE POLICY BY YOU.
If y ou want to report any v iolations of these Acceptable Usage Policy , please contact [email protected].
Service Level Agreement
Welcome to ISPrime, This Hosting Agreement ("Agreement") gov erns y our purchase and use of all Web site hosting serv ices, including the
Dedicated Hosting Serv ices and the Shared Hosting Serv ices (collectiv ely , the "Serv ices"), as described in the Order Form, that y ou order and
ISPrime Inc. ("ISPrime") accepts. The Shared Hosting Serv ices include the E-Commerce Serv ices. You must register and accept the terms of this
Agreement in order to use the Serv ices. BY CLICKING ON THE "I ACCEPT" BUTTON BELOW, AND /OR REGISTERING FOR AND USING THE
SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT AND AGREE TO BE BOUND BY ITS TERMS AND
CONDITIONS AS WELL AS ALL POLICIES AND GUIDELINES INCORPORATED BY REFERENCE. ISPrime may modif y any of the terms and
conditions contained in this Agreement and any policy or guideline incorporated by ref erence, at any time in its sole discretion and may also
determine whether and when the modif ications apply to existing or f uture customers. Any modif ications are ef f ectiv e upon posting of the
rev isions on the ISPrime Web site (the "Site"). ISPrime will post a notice of modif ications to this Agreement on the Site f or 30 day s. ISPrime may
post modif ications to ref erenced policies and guidelines without notice to y ou. Your continued use of the Serv ices f ollowing ISPrime's posting of
any modif ications constitutes y our acceptance of the modif ications. IF YOU DO NOT AGREE TO THIS AGREEMENT'S TERMS DO NOT CLICK
THE "I ACCEPT" BUTTON. IF YOU DO NOT AGREE TO THE TERMS OF ANY MODIFICATION, DO NOT CONTINUE TO USE THE SERVICES
AND IMMEDIATELY NOTIFY ISPrime OF YOUR TERMINATION OF THIS AGREEMENT IN THE MANNER DESCRIBED IN SECTION 1.2
BELOW.
1. Term and Pay ment f or Serv ices
1.1 Term. This Agreement will be f or an "Initial Term" of either: (a) 30 day s if y ou register f or Shared Hosting Serv ices, (b) 12 months
f rom the order date if y ou register f or Dedicated Hosting Serv ices, or (c) as otherwise chosen by y ou in the Order Form, located on the
Site, at the time y ou register f or the Serv ices. This Agreement will be automatically renewed (the "Renewal Term") at the end of the
1/29/13 ISPrime - SLA
www.isprime.com/legal/sla.html 4/9
Initial Term f or the same period as the Initial Term, unless y ou prov ide ISPrime with notice of termination either: (a) at least 7 day s
bef ore the end of the Initial Term or the Renewal Term, whichev er is then applicable, if y ou registered f or and are receiv ing Shared
Hosting Serv ices other than Shared Hosting Serv ices pre-paid f or a 1-y ear period, or (b) at least 30 day s bef ore the end of the Initial
Term or Renewal Term, whichev er is then applicable, if y ou registered f or and are receiv ing Dedicated Hosting Serv ices or hav e pre-paid
f or a 1-y ear period of Shared Hosting Serv ices. You must prov ide ISPrime with y our notice of termination in the f orm of a written
document, signed & dated, v ia f acsimile (+1-212-656-1932), or v ia email ([email protected]). You will then be asked to prov ide
suf f icient customer identif ication inf ormation so that ISPrime may properly identif y y ou and y our account. Any notice of termination will
be ef f ectiv e upon ISPrime's receipt of notice.
1.2 Termination Policy . If y ou terminate the Serv ices bef ore the end of the Initial Term or the Renewal Term, whichev er is then
applicable: (a) ISPrime will not ref und to y ou any f ees paid in adv ance of termination, and (b) y ou will be required to pay the lesser of 3
times the standard monthly charge or 100% of ISPrime's standard monthly charge f or each month remaining in the term, unless
otherwise expressly prov ided in this Agreement. But if y ou hav e pre-paid f or a 1-y ear period of Shared Hosting Serv ices, y ou are
entitled to a pro-rata ref und of the remaining months in the annual period, calculated at the standard monthly rate f or the Shared Hosting
Serv ices, not the discounted annual rate. You must submit y our termination request to ISPrime in the manner described in Section 1.1.
ISPrime may terminate this Agreement at any time and f or any reason by prov iding to y ou 30 day s' prior written notice of termination.
If ISPrime terminates this Agreement, ISPrime will ref und to y ou the pro-rata portion of pre-paid f ees attributable to Serv ices not y et
rendered as of the termination date, unless otherwise expressly prov ided in this Agreement.
1.3 Liability and Obligations on Termination. If the Agreement expires or is terminated f or any reason, ISPrime is not liable to y ou
because of the expiration or termination f or compensation, reimbursement or damages on account of the loss of prospectiv e prof its,
anticipated sales, goodwill or on account of expenditures, inv estments, leases or commitments in connection with y our business, or f or
any other reason whatsoev er f lowing f rom the termination or expiration. If y ou terminate this Agreement, ISPrime will not reliev e y ou of
any obligations to pay f ees and costs accrued bef ore the termination date or any other amounts y ou owe to ISPrime under this
Agreement.
1.4 Charges. You will pay all charges f or y our use of the Serv ices at the then current ISPrime prices, which will be exclusiv e of any
applicable taxes. You are responsible f or pay ing all f ederal, state, and local sales, use, v alue added, excise, duty and any other taxes
assessed with respect to the Serv ices, other than taxes based on ISPrime's net income.
1.5 Pay ment. You will pay all charges f or Serv ices in adv ance according to the then current price f or the Serv ices. When registering f or
Dedicated Hosting Serv ices, y ou must choose to pay f or the Serv ices either by credit card or upon y our receipt of an inv oice. If y ou
register f or Shared Hosting Serv ices, y ou must pay f or the Serv ices by credit card. If y ou choose to pay by credit card when
registering f or Dedicated Hosting Serv ices or if y ou register f or Shared Hosting Serv ices, y ou authorize ISPrime to charge y our credit or
debit card to pay f or any charges that may apply to y our account. ISPrime may accumulate any supplemental charges, as described in
the Order Form, that y ou incur in y our use of the Serv ices ("Supplemental Charges") until the charges exceed $20 and then charge y our
card. You must notif y ISPrime of any changes to y our card account (including, applicable account number or cancellation or expiration
of the account), y our billing address, or any inf ormation that may prohibit ISPrime f rom charging y our account. If y ou choose to be
inv oiced f or Dedicated Hosting Serv ices, ISPrime will send an inv oice to y ou f or the Serv ices f or the period f or which y ou hav e
registered f or the Serv ices. ISPrime may also send periodic inv oices to y ou f or any applicable Supplemental Charges associated with
y our use of the Serv ices. You will pay to ISPrime the amount indicated in each inv oice by the due date ref lected on the inv oice. If y ou
f ail to pay any f ees and taxes within 10 day s f rom the applicable due date f or credit card or inv oice pay ments, ISPrime will assess late
charges equal to the lesser of 10% per month or the maximum allowable under applicable law. Your f ailure to f ully pay any f ees and
taxes within 10 day s af ter the applicable due date is a material breach of this Agreement, justif y ing ISPrime in suspending its
perf ormance and terminating this Agreement. If ISPrime terminates f or y our material breach, y ou must still pay past due f ees plus
interest. You are responsible f or any costs ISPrime incurs in enf orcing collection, including reasonable attorney s' f ees, court costs and
collection agency f ees. If y ou reinstate Serv ices, y ou must pay any f ees associated with reinstating Serv ices.
2. Use of Serv ices
1/29/13 ISPrime - SLA
www.isprime.com/legal/sla.html 5/9
2.1 Applicable Policies and Guidelines. The ISPrime Acceptable Use And Serv ice Guidelines (the "Acceptable Usage Policy ") gov ern the
general policies and procedures f or use of the Serv ices. ISPrime's On-line Priv acy Statement gov erns how ISPrime collects, stores,
processes and uses inf ormation associated with y our use of the Serv ices. The Acceptable Usage Policy and the On-line Priv acy
Statement are posted on ISPrime's Web site at www.ISPrime.com (or such other location as ISPrime may specif y ) and may be updated
f rom time-to-time. YOU SHOULD CAREFULLY READ THE ACCEPTABLE USAGE POLICY. BY USING THE SERVICES, YOU AGREE
TO BE BOUND BY THE TERMS OF THE ACCEPTABLE USAGE POLICY AND ANY MODIFICATIONS TO THE TERMS. ISPrime MAY
TERMINATE YOUR ACCOUNT FOR ANY VIOLATION OF THE ACCEPTABLE USAGE POLICY OR THIS AGREEMENT.
2.2 Material and Product Requirements. You must ensure that all material and data placed on ISPrime's equipment is in a condition that
is "serv er-ready ," which is in a f orm requiring no additional manipulation by ISPrime. ISPrime will make no ef f ort to v alidate any of this
inf ormation f or content, correctness or usability . If y our material is not "serv er-ready ", ISPrime may reject this material. ISPrime will
notif y y ou of its ref usal of the material and af f ord y ou the opportunity to modif y the material to satisf y ISPrime's requirements. Use of
the Serv ices requires a certain lev el of knowledge in the use of Internet languages, protocols and sof tware. This lev el of knowledge
v aries depending on the anticipated use and desired content of y our Web site. You must hav e the necessary knowledge to create and
maintain a Web site. ISPrime does not prov ide this knowledge or customer support outside of the Serv ices.
2.3 Bandwidth, Storage, and E-Mail Usage. For Serv ices, y ou will not exceed the bandwidth, storage and E-mail usage limits in the Order
Form. If y ou use any bandwidth or storage space in excess of the agreed upon number of megaby tes per month or if y ou exceed E-
Mail storage and attachment size limitations, ISPrime may , in its sole discretion, assess y ou with additional charges, suspend the
Serv ice, or terminate this Agreement. If ISPrime elects to take any correctiv e action, ISPrime will not ref und any unused pre-paid f ees.
Your use of y our account and access to it is y our responsibility . You are responsible f or any unauthorized access to y our account
resulting in bandwidth, storage and/or E-mail usage exceeding the limits in the Order Form and resultant charges.
2.4 Domain Names. As part of the Serv ices, y ou will prov ide ISPrime with a registered domain name or names, or ISPrime will register
domain name(s) y ou select if the domain name is av ailable f or registration and does not v iolate any Network Solutions' or other
registration serv ices' policies, or any law or regulation. You will promptly reimburse ISPrime f or any f ees ISPrime pay s to Network
Solutions or other registration serv ices f or registering and maintaining the domain name(s). If any dispute or cause of action arises out
of or is related to y our domain name used in connection with the Serv ices, then upon y our request, ISPrime will attempt to register with
Network Solutions or other registrar an alternativ e domain name y ou chose. Upon registering y our domain name, y ou are bound by the
terms of Network Solutions' then current domain name policy and the policies of the national DNS registration authorities. ISPrime will
not ref und any f ees y ou paid with respect to the registration of a domain name y ou are unable to use. If y ou receiv ed a "Free Domain
Name Registration" of f er when y ou signed up f or the Serv ices, and y ou terminate the Serv ices within 1 y ear of the domain name
registration, y ou will immediately pay ISPrime the f ull retail price f or the domain name registration in ef f ect when y ou registered the
domain name, in addition to any other f ees f or early termination described in this Agreement.
2.5 Security . You are solely responsible f or any security breaches af f ecting serv ers or accounts under y our control. If y our serv er or
website is responsible f or or inv olv ed in an attack on or unauthorized access into another serv er or sy stem, ISPrime will shut it down
immediately . You will pay any charges resulting f rom the cost to correct security breaches af f ecting ISPrime or any of its other
customers.
2.6 Commercial Adv ertisements v ia E-Mail. You will not use ISPrime serv ices, y our account or serv er to send or f acilitate in any way
the transmission of unsolicited commercial email. ISPrime will enf orce substantial penalties, including charging y ou f or related network
costs and terminating y our account, f or v iolations.
3. Intellectual Property Rights
3.1 Your License Grant to ISPrime. You grant to ISPrime a non-exclusiv e, worldwide, and roy alty -f ree license f or the Initial Term and the
Renewal Term, if applicable, to edit, modif y , adapt, translate, exhibit, publish, transmit, participate in the transf er of , reproduce, create
deriv ativ e works f rom, distribute, perf orm, display , and otherwise use y our content as necessary f or the purposes of rendering and
operating the Serv ices to y ou under this Agreement. You expressly : (a) grant to ISPrime a license to cache materials distributed or
made av ailable f or distribution v ia the Serv ices, including content supplied by third parties, and (b) agree that this caching is not an
1/29/13 ISPrime - SLA
www.isprime.com/legal/sla.html 6/9
inf ringement of any of y our intellectual property rights or any third party 's intellectual property rights.
3.2 Your Warranties And Representations to ISPrime. You warrant, represent, and cov enant to ISPrime that: (a) y ou are at least 18
y ears of age; (b) y ou possess the legal right and ability to enter into this Agreement; (c) y ou will use the Serv ices only f or lawf ul
purposes and in accordance with this Agreement and all applicable policies and guidelines; (d) y ou will be f inancially responsible f or the
use of y our account; (e) y ou hav e acquired or will acquire all authorization(s) necessary f or hy pertext links to third-party Web sites or
other content; (f ) y ou hav e v erif ied or will v erif y the accuracy of materials distributed or made av ailable f or distribution v ia the
Serv ices, including y our content, descriptiv e claims, warranties, guarantees, nature of business, and address where business is
conducted, and (g) y our content does not and will not inf ringe or v iolate any right of any third party (including any intellectual property
rights) or v iolate any applicable law, regulation or ordinance.
3.3 ISPrime Materials And Intellectual Property . All materials, including any computer sof tware (in object code and source code f orm),
data or inf ormation that ISPrime or its suppliers or agents dev elop or prov ide under this Agreement, and any know-how, methodologies,
equipment, or processes ISPrime uses to prov ide the Serv ices to y ou, including all copy rights, trademarks, patents, trade secrets, and
any other proprietary rights inherent therein and appurtenant thereto will remain ISPrime's or its suppliers' sole and exclusiv e property .
ISPrime will also maintain and control ownership of all Internet protocol ("IP") numbers and addresses that ISPrime may be assign to
y ou. ISPrime may , in its sole discretion, change or remov e any and all IP numbers and addresses.
4. Enf orcement
4.1 Inv estigation of Violations. ISPrime may inv estigate any reported v iolation of this Agreement, or its policies or any complaints and
take any action that it deems appropriate and reasonable under the circumstance to protect its sy stems, f acilities, customers or third
parties. ISPrime will not access or rev iew the contents of any e-mail or similar stored electronic communications except as required or
permitted by applicable law or legal process.
4.2 Actions. ISPrime may restrict or remov e f rom its serv ers any content that v iolates this Agreement or related policies or guidelines,
or is otherwise objectionable or potentially inf ringing on any third party 's rights or that potentially v iolates any laws. If ISPrime becomes
aware that y ou hav e possibly v iolated this Agreement, any related policies or guidelines, third party rights or laws, ISPrime may
immediately take correctiv e action, including: (a) issuing warnings, (b) suspending or terminating the Serv ice, (c) restricting or prohibiting
any and all uses of content hosted on ISPrime's sy stems, and (d) disabling or remov ing any hy pertext links to third-party Web sites,
any of y our content distributed or made av ailable f or distribution v ia the Serv ices, or other content not supplied by ISPrime that, in
ISPrime's sole discretion, may v iolate or inf ringe any law or third-party rights or that otherwise exposes or potentially exposes ISPrime
to civ il or criminal liability or public ridicule. It is ISPrime's policy to terminate repeat inf ringers. These rights of action, howev er, do not
obligate ISPrime to monitor or exert editorial control ov er the inf ormation made av ailable f or distribution v ia the Serv ices. If ISPrime
takes correctiv e action because of a possible v iolation, ISPrime will not ref und to y ou any f ees y ou paid in adv ance of the correctiv e
action.
4.3 Disclosure Rights. To comply with applicable laws and lawf ul gov ernmental requests, to protect ISPrime's sy stems and customers,
or to ensure the integrity and operation of ISPrime's business and sy stems, ISPrime may access and disclose any inf ormation it
considers necessary or appropriate, including, user prof ile inf ormation (i.e., name, e-mail address, etc.), IP addressing and traf f ic
inf ormation, usage history , and content residing on ISPrime's serv ers and sy stems. ISPrime may report any activ ity that it suspects
v iolates any law or regulation to appropriate law enf orcement of f icials, regulators, or other appropriate third parties. To the extent any
inconsistency exists between any terms of ISPrime's On-line Priv acy Statement and ISPrime's right to disclose under this section,
ISPrime's right to disclose under this section will control.
5. Disclaimed Warranties ISPrime exercises no control ov er, and accepts no responsibility f or, the content of the inf ormation passing through
ISPrime's host computers, network hubs and points of presence, or the Internet. ALL SERVICES PERFORMED UNDER THIS AGREEMENT ARE
PERFORMED "AS IS" AND WITHOUT WARRANTY AGAINST FAILURE OF PERFORMANCE INCLUDING, ANY FAILURE BECAUSE OF
COMPUTER HARDWARE OR COMMUNICATION SYSTEMS. EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, ISPrime DOES NOT
MAKE AND DISCLAIMS, AND YOU WAIVE ALL RELIANCE ON, ANY REPRESENTATIONS OR WARRANTIES, ARISING BY LAW OR
OTHERWISE, REGARDING THE SERVICES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, OR ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE IN TRADE.
6. Limitation and Exclusion of Liability
1/29/13 ISPrime - SLA
www.isprime.com/legal/sla.html 7/9
6.1 Limitations. IN NO EVENT WILL ISPrime OR ITS SUPPLIERS HAVE ANY LIABILITY FOR UNAUTHORIZED ACCESS TO, OR
ALTERATION, THEFT OR DESTRUCTION OF INFORMATION DISTRIBUTED OR MADE AVAILABLE FOR DISTRIBUTION VIA THE
SERVICES THROUGH ACCIDENT, FRAUDULENT MEANS OR DEVICES. NEITHER ISPrime NOR ITS SUPPLIERS WILL HAVE
LIABILITY WITH RESPECT TO ISPrime'S OBLIGATIONS UNDER THIS AGREEMENT, OR OTHERWISE FOR CONSEQUENTIAL,
EXEMPLARY, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES EVEN IF ISPrime HAS BEEN ADVISED OF THE POSSIBILITY OF
THESE DAMAGES. THE LIABILITY OF ISPrime AND ITS SUPPLIERS TO YOU FOR ANY REASON AND UPON ANY CAUSE OF
ACTION IS LIMITED TO THE AMOUNT YOU ACTUALLY PAID TO ISPrime UNDER THIS AGREEMENT DURING THE 3 MONTHS
IMMEDIATELY PRECEDING THE DATE ON WHICH THE CLAIM ACCRUED. THIS LIMITATION APPLIES TO ALL CAUSES OF
ACTION IN THE AGGREGATE, INCLUDING BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY,
MISREPRESENTATIONS, AND OTHER TORTS. THE FEES FOR THE SERVICES SET BY ISPrime UNDER THIS AGREEMENT HAVE
BEEN AND WILL CONTINUE TO BE BASED UPON THIS ALLOCATION OF RISK. ACCORDINGLY, YOU RELEASE ISPrime AND ITS
SUPPLIERS FROM ANY AND ALL OBLIGATIONS, LIABILITIES, AND CLAIMS IN EXCESS OF THE LIMITATION STATED IN THIS
SECTION 6.1.
6.2 Interruption of Serv ice. ISPrime and its suppliers are not liable f or any temporary delay , outages or interruptions of the Serv ices.
Further, ISPrime is not liable f or any delay or f ailure to perf orm its obligations under this Agreement, where the delay or f ailure results
f rom any act of God or other cause bey ond its reasonable control (including, any mechanical, electronic, communications or third-party
supplier f ailure).
7. Indemnif ication You release and hold harmless, and agree to indemnif y , ISPrime and its af f iliates and suppliers (and their respectiv e
employ ees, directors and representativ es) against any and all claims, actions, proceedings, suits, liabilities, damages, settlements, penalties,
f ines, costs or expenses (including, reasonable attorney s' f ees and other litigation expenses) incurred by ISPrime or its suppliers, arising out of or
relating to: (a) y our v iolation or breach of any term, condition, representation or warranty of this Agreement, or any applicable policy or guideline;
(b) y our improper or illegal use the Serv ices; or (c) y our v iolation, alleged v iolation, or misappropriation of any intellectual property right (including
trademark, copy right, patent, trade secrets) or non-proprietary right of a third party (including def amation, libel, v iolation of priv acy or publicity ).
8. MISCELLANEOUS PROVISIONS
8.1 Entire Agreement. This Agreement, in conjunction with all policies and guidelines incorporated by ref erence, constitutes the entire
agreement between y ou and ISPrime with respect to the subject matter of the Agreement, and there are no representations,
understandings or agreements that are not f ully expressed in this Agreement and the related policies and guidelines.
8.2 No Fiduciary Relationship; No Third-Party Benef iciaries. ISPrime is not the agent, f iduciary , trustee or other representativ e of y ou.
Except f or the rights of ISPrime's suppliers under sections 6 and 7, nothing expressed or mentioned in or implied f rom this Agreement is
intended or will be construed to giv e to any person (other than the parties to this Agreement) any legal or equitable right, remedy or claim
under or in respect to this Agreement. This Agreement and all of its representations, warranties, cov enants, conditions and prov isions
are intended to be and are f or the sole and exclusiv e benef it of the parties to this Agreement.
8.3 Amendments. Except as expressly prov ided in this Agreement, no amendment, change, waiv er, or discharge of this Agreement is
v alid unless in writing and signed by the parties.
8.4 Identif ication. ISPrime may , f ree of any obligation to pay compensation, use y our name and identif y y ou as a ISPrime client, in
adv ertising, publicity , or similar materials distributed or display ed to prospectiv e clients.
8.5 Choice of Law and Forum. THIS AGREEMENT IS GOVERNED BY THE LAWS OF THE UNITED STATES AND THE STATE OF NEW
YORK, WITHOUT REFERENCE TO RULES GOVERNING CHOICE OF LAWS. ANY ACTION RELATING TO THIS AGREEMENT MUST
BE BROUGHT IN THE FEDERAL OR STATE COURTS LOCATED IN, MANHATTAN COUNTY, NEW YORK, AND YOU IRREVOCABLY
CONSENT TO THE JURISDICTION OF THESE COURTS.
8.6 Compliance With Laws. You will comply with all applicable laws and regulations and will indemnif y and sav e ISPrime harmless f rom
y our f ailure to so comply . ISPrime will not hav e to perf orm any obligations set f orth in this Agreement if the perf ormance would v iolate
any present or f uture law, regulation or policy of any applicable gov ernment.
8.7 Non-Assignment. You may not assign this Agreement or any right or obligation under this Agreement, by operation of law or
otherwise, without ISPrime's prior written consent. ISPrime may assign its rights and obligations under this Agreement, and may utilize
af f iliates and agents in perf orming its duties and exercising its rights, without y our consent. This Agreement are binding on, inure to the
1/29/13 ISPrime - SLA
www.isprime.com/legal/sla.html 8/9
benef it of , and be enf orceable against the parties and their respectiv e successors and assigns.
8.8 No Waiv er. ISPrime's f ailure to enf orce the strict perf ormance of any prov ision of this Agreement does not constitute a waiv er of
ISPrime's right to subsequently enf orce the prov ision or any other prov isions of this Agreement.
8.9 Sev erability . If any term or prov ision of this Agreement is deemed inv alid, v oid or unenf orceable either in its entirety or in a
particular application, the remainder of this Agreement, if applicable, will remain in f ull f orce and ef f ect and, if the subject term or
prov ision is deemed to be inv alid, v oid or unenf orceable only with respect to a particular application, the term or prov ision will remain in
f ull f orce and ef f ect with respect to all other applications.
8.10 Headings. The section headings used in this Agreement are f or ref erence and conv enience only and will not enter into the
interpretation of the Agreement.
8.11 Surv iv al. All prov isions of this Agreement relating to y our warranties, intellectual property rights, limitation and exclusion of liability ,
y our indemnif ication obligations and pay ment obligations will surv iv e the termination or expiration of the Agreement.
WEB DESIGN SERVICE AGREEMENT
THIS WEB DESIGN SERVICE AGREEMENT ("AGREEMENT") IS ENTERED INTO BETWEEN ISPrime COMMUNICATIONS COMPANY L.P.
("ISPrime") AND THE PERSON OR ENTITY THAT CLICKS ON THE "ACCEPT" BUTTON BELOW ("CUSTOMER"). ISPrime IS WILLING TO
ENTER INTO THIS AGREEMENT ONLY ON THE CONDITION THAT CUSTOMER PAYS THE APPROPRIATE FEES AND ACCEPTS ALL OF THE
TERMS IN THIS AGREEMENT.
PLEASE READ THE TERMS CAREFULLY BEFORE CLICKING ON THE "ACCEPT" BUTTON. BY CLICKING ON THE "ACCEPT" BUTTON, YOU
ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT AND AGREE TO BE BOUND BY IT.
IF YOU DO NOT AGREE TO ALL THESE TERMS, ISPrime IS UNWILLING TO ENTER INTO THIS AGREEMENT, AND YOU SHOULD CLICK ON
THE "DO NOT ACCEPT" BUTTON TO DISCONTINUE THIS PROCESS.
ISPrime prov ides website design and dev elopment serv ices v ia the Internet and other platf orms (the "Serv ices") through ISPrime's Internet
website (the "Website"). Customer will use the Serv ices in accordance with this Agreement and as ISPrime request. Hosting Serv ices are prov ided
by ISPrime in accordance with the Hosting Agreement f ound at www.ISPrime.com. ISPrime is willing to prov ide Customer with the Serv ices as set
f orth below. The parties agree as f ollows:
1. PROVISION OF SERVICES; LICENSE.
(a) If Customer pay s ISPrime the f ees set f orth in the order summary , ISPrime will prov ide Customer with the Serv ices ordered and the website
ISPrime creates ("Deliv erable") as described in the order summary under this Agreement's terms and conditions.
(b) ISPrime grants to Customer a limited, personal, non-exclusiv e, non-transf erable license to use the Deliv erables set f orth in the Customer order
summary .
(c) This is a license, not a transf er of title, and is subject to the f ollowing restrictions: Customer may not (1) modif y the Deliv erables except with
the tools incorporated into the Deliv erables; (2) use Deliv erables f or any third party commercial purpose; (3) decompile, rev erse engineer, or
disassemble sof tware Deliv erables; (4) remov e any copy right or other proprietary notices f rom the Deliv erables; or (5) transf er the Deliv erables
to another person. Customer will prev ent any unauthorized copy ing of the Deliv erables.
(d) With respect to any ISPrime logos and hy pertext link logos prov ided with the Deliv erables, ISPrime grants Customer a non-assignable, non-
exclusiv e, roy alty f ree license solely to use the logos or link logo as a hy pertext link icon to allow users to link f rom Customer's web page to the
ISPrime web pages, based on the f ollowing terms and conditions:
1.1 Customer acknowledges the v alidity and ISPrime's and ISPrimeComputer Company 's exclusiv e ownership of all right, title, and interest in and
to all ISPrime, ISPrime, and ISPrimelogos and link logo marks (the "Marks") and, during or af ter the term of this Agreement, will not contest, or
help others to contest, the ownership or the v alidity of any registrations or rights of ISPrime, ISPrime, or ISPrimenow owned or obtained relating to
the Marks.
1.2 Customer will not use any names, marks, terms, graphics, or other materials on its Web page or site that are likely to cause conf usion with or
dilute the distinctiv eness of the Marks or to damage the reputation or commercial image of ISPrime, ISPrime or ISPrimeor any of their products.
1.3 ISPrime, in its sole discretion, may terminate this license immediately f or any reason. Upon termination of this license, Customer will
immediately cease all f urther use of the Marks, or any other similar mark, name or logo, including any name or mark comprising the term
"ISPrime" or "Dell."
2. OWNERSHIP
ISPrime and its suppliers will retain all title to and ownership of the Deliv erables. Deliv erables are copy righted and are protected by worldwide
copy right laws and treaty prov isions. Except as prov ided in this Agreement, the Deliv erables may not be copied, reproduced, modif ied, published,
uploaded, posted, transmitted, or distributed in any way , without ISPrime's prior written permission. Except as expressly prov ided in this
1/29/13 ISPrime - SLA
www.isprime.com/legal/sla.html 9/9
Agreement, ISPrime does not grant any express or implied right to Customer under any patents, copy rights, trademarks, or trade secret
inf ormation. Other rights may be granted to Customer by ISPrime in writing or incorporated elsewhere in the Deliv erables.
3. ISPrime OBLIGATIONS.
Except f or initial edits made bef ore f inal deliv ery , ISPrime is not obligated to correct any bugs, def ects or errors in the Serv ices or Deliv erables
or to otherwise support or maintain the Serv ices or Deliv erables. ISPrime will prov ide reasonable technical support to Customer in the f orm of
telephone consulting and "e-mail" to Customer during ISPrime's normal business hours and at ISPrime's standard pricing.
4. TERM AND TERMINATION.
(a) This Agreement is ef f ectiv e on the date Customer accepts the terms of this Agreement and will continue unless terminated under Section 4(b).
(b) Customer may terminate this Agreement without cause upon notice to ISPrime. ISPrime may terminate this Agreement af ter 5 day s' written
notice to Customer if Customer materially breaches this Agreement, including f ailure to pay and f ailure to cure the breach during the 5-day period.
(c) Upon the termination of this Agreement, Customer will return to ISPrime all copies of any Deliv erables ISPrime prov ided to it. Sections 1(c) 2,
5, 4 and 6 will surv iv e termination of this Agreement.
5. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY.
(a) THE SERVICES ARE PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, INCLUDING
IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR TITLE, WHICH
ISPrime DISCLAIMS.
(b) ISPrime IS NOT LIABLE FOR: (1) ANY LOSS OF USE, LOSS OF DATA, INTERRUPTION OF BUSINESS, OR (2) ANY INDIRECT, SPECIAL,
INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES OF ANY KIND (INCLUDING, LOST PROFITS) REGARDLESS OF THE FORM OF
ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF ISPrime HAS BEEN
ADVISED OF THE POSSIBILITY OF THESE DAMAGES. ISPrime'S LIABILITY WILL NOT EXCEED THE AMOUNT CUSTOMER PAID TO ISPrime
DURING THE 3-MONTH PERIOD BEFORE THE ACTION AROSE. CUSTOMER ACKNOWLEDGES THAT THESE LIMITATIONS ARE AN
ESSENTIAL ELEMENT OF THIS AGREEMENT AND ABSENT SUCH LIMITATIONS ISPrime WOULD NOT ENTER INTO THIS AGREEMENT.
6. MISCELLANEOUS
This Agreement will be gov erned solely by the laws of the State of New York, excluding its principles of conf licts of laws. Any action under or
relating to this Agreement will be brought solely in the state and f ederal courts located in Johnson County , New York and each party submits to
the personal jurisdiction of these Courts. Each party 's perf ormance under this Agreement will in all respects conf orm to all applicable laws, rules
and regulations of the United States gov erning the export of technical inf ormation. Customer may not assign this Agreement without the prior,
written permission of ISPrime. Any purported assignment will be v oid and without any ef f ect. This Agreement may not be modif ied or amended
except in writing, signed by both parties. Any purported oral modif ication or amendment of this Agreement will not be ef f ectiv e. Neither party may
waiv e any right under this Agreement, except expressly and in writing. Any other purported waiv er of any right will not be ef f ectiv e. This
Agreement is the entire agreement between the parties with respect to this subject matter, and supersedes all prior and contemporaneous
discussions, negotiations, communications and agreements with respect to this subject matter.