It looks like they made a typo when entering the dns information for their domain msn.com.tw. Instead of typing dns.cp.msft.net, they entered dns.cpmsft.net. I discovered this while doing some anti-spam research related to dns. I registered the name cpmsft.net, which was previously unused. Now I control one fifth of the visitors and emails to sites at msn.com.tw.

I won't do anything bad with the information I gather, but I am redirecting people here so that the problem will be noticed and fixed. I registered the domain as a proof of concept and out of curiosity.

Don't count on Microsoft for security! Try linux, it's secure, easy and free!

Click here for tw.msn.com

Press coverage:
CNET ZDNet

$ dig msn.com.tw @d.twnic.net.tw.

;; QUESTION SECTION:
;msn.com.tw.                    IN      A

;; AUTHORITY SECTION:
msn.com.tw.             86400   IN      NS      dns1.cp.msft.net.
msn.com.tw.             86400   IN      NS      dns1.dc.msft.net.
msn.com.tw.             86400   IN      NS      dns1.tk.msft.net.
msn.com.tw.             86400   IN      NS      dns3.uk.msft.net.
msn.com.tw.             86400   IN      NS      dns.cpmsft.net.

Date: Wed, 05 Sep 2007 15:46:44 -0700
From: Julian 
To: Microsoft
Subject: DAY 0: msn.com.tw dns hijacked

This page has all the details - fix your dns NOW, your users are at risk..

http://www.julianhaight.com/msnhack.shtml

Please let me know if you need any more details or help resolving the issue.

-=Julian=-

From: Microsoft Security Response Center 
To: Julian
Date: Wed, 5 Sep 2007 16:29:03 -0700
Subject: RE: DAY 0: msn.com.tw dns hijacked

Hello Julian,

Thank you for the message.  I have sent this information to the appropriate group for action.

Regards,
Nate

From: "Microsoft Online Customer Service" 
Subject: RE: SRX1043638136ID - msn.com.tw dns hijack;Microsoft Online Customer Service
Date: Fri, 7 Sep 2007 04:47:56 -0000

Hello,

Thank you for your message to Microsoft Privacy.

I apologize for the delay in our response to your issue. Due to an
increase in requests, our response time is longer than usual. I
appreciate your patience in this regard.

I understand that you would like to inform us about the hijack of MSN
Domain service. I appreciate you for the time taken to inform us.

Unfortunately, I am unable to assist you with your support request as it
does not relate to Privacy.

Support contact for MSN and Windows Live products and services can be
found at:
http://support.msn.com/  for MSN products
http://support.live.com/  for Windows Live products

Please resubmit your inquiry at this Web site and a support agent will
contact you promptly with assistance.

If you are having difficulty with your Windows Live Hotmail login or
password,
Please visit: http://support.live.com/
You will see a list of available services, select 
"Windows Live ID"
you can review the steps online in the Windows Live Support Frequently
Asked Questions (listed on the right-hand side), or:
o Under "What type of problem do you have" select =
"I forgot my Password"
o Complete the form and click submit to have an agent assist you with
your inquiry
If you are still unable to gain access to your account at the login,
please submit a support request:
Visit: http://support.msn.com/ 
Under "Standard Services" click on "Microsoft Passport Network"
Fill out the form and submit your request.
A Microsoft Passport Network support representative will contact you
shortly.

Sincerely,

Naveen
Microsoft Privacy