US Secret Service Pulls Plug On Forms Site

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.,

The US Secret Service has shut down and then reinstated online forms site JotForm, without the need for a law such as SOPA

Two days after the US Secret Service shut down online forms site JotForm for unspecified reasons, the company is back online. However, JotForm still doesn’t know why law enforcement deiced to shut down its site in the first place.

The Secret Service shut down JotForm on 15 February by ordering domain name registrar GoDaddy to remove JotForm’s Domain Name Server entries from its servers, according to a blog post by Aytekin Tank, co-founder of Interlogy Internet Technologies, the creator of the JotForm service.

The site JotForm.com may have been online, but the move effectively made it disappear from the Internet as customers were no longer able to reach the site.

No advance warning

DNS translates the IP address of the web server into domain names, so removing the entries meant no one knew how to find JotForm anymore. The only way people were able to get to JotForms was if they knew the IP address.

“We are fully cooperating with them, but it is not possible to say when the domain would be unblocked,” Tank wrote.

JotForm executives said they received no advance warning that the Secret Service started an investigation or that GoDaddy planned to modify the DNS settings, Tank, co-founder of JotForm, wrote on the company blog. When he tried to find out, no one answered his questions.

GoDaddy didn’t know anything about the investigation and just complied with the DNS request, a representative told Tank. The Secret Service agent in charge promised to call Tank, but never did, according to the blog post.

“The agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week,” Tank wrote on The Hacker News.

GoDaddy was instructed on 16 February to reinstate JotForm in its DNS listings. GoDaddy didn’t get any more information, and Tank claims to still have no idea what happened beyond the fact that there was an ongoing legal investigation. A spokesman told eWEEK that the company could not comment on the incident due to privacy concerns.

“We will probably never find out the reason for the suspension,” Tank wrote in an update. “It has been a very difficult two days for both our users and for us. So, I hope this is the end.”

A Secret Service spokesperson told eWEEK “We are aware of this matter,” and that the agency was internally investigating the incident to “make sure all our policies and procedures were follows.” He could not comment on any other questions.

Since DNS propagation usually takes a few hours, often days, JotForm had some time to contact users through email and Twitter before their forms became inaccessible. The company’s alternative domain, jotform.net, had not been suspended, which allowed users to switch to the new domain in time.

Phishing connection?

JotForm is an online service that lets people create forms on the web and use it to collect information. There are similar services such as WuFoo, and Google Docs allow users to create forms.

While it’s unclear what prompted the investigation, Tank suspects a user may have been trying to use the platform to create a phishing scheme. The company relies on Bayesian phishing filters to identify malicious forms and suspended 65,000 accounts last year, according to Tank. With more than two million user-generated forms, it is not possible for the company to manually review each one.

“I was ready to shut down any form they request and provide any information we have about the user,” Tank claimed, but the agent in charge told him she needed time to review the case.

Under the Digital Millennium Copyright Act, service providers are not liable for content their users post. Companies like YouTube and Facebook are protected under DMCA, but it’s not clear why JotForm was not.

It’s also not clear why the entire domain had to be shut down, instead of just asking JotForm to take action on the offending content.

“SOPA [Stop Online Piracy Act] may not have passed, but what happened shows that it is already being practised,” Tank wrote.

SOPA controversy

The controversial anti-online piracy bill, Stop Online Piracy Act, which was the subject of widespread Internet protests last month before being shelved, had provisions which would have made domain name seizures much easier. The frightening thing about the JotForm incident is that the ease in which a government agency could shut down a site without SOPA.

Law enforcement authorities have turned to seizing domain names as part of their fight against criminal activity. The Immigration and Customs Enforcement (ICE) has started Operation in Our Sites, which seizes domain names of websites suspected of violating copyrights. ICE agents seized 307 domains for unauthorised live sports streaming and selling fake professional sports merchandise just days before the Super Bowl this month.

The FBI shut down file-sharing service Megaupload for hosting illegal and pirated content in January.

“I believe this can happen to anybody who allows users to create content on the web,” Tank wrote.

Many users chided Tank for using GoDaddy as his registrar. GoDaddy originally was steadfast in its support of SOPA before a boycott forced the company to back down, and its general counsel Christine Jones told Congress last year that GoDaddy would shut down domain names and websites as soon as told to do so, whether it’s by court order or a request from federal or state prosecutors.

GoDaddy has been involved in several takedowns against 600 different websites for selling counterfeit Chanel products.

Following this incident, JotForm has moved its domain s to NameCheap and Hover, said Tank.