I also suspect they've managed to botch the technical aspect of it as well.
Presumably the plan was to put their caching name servers in front of the real no-ip servers, and gather the mappings for the malware suspect sites and then blackhole them after getting what they want. The problem was that Microsoft's side appears to have melted down, thus taking everything down. They won't be getting logs, behavior analysis or anything, because its all a pile of wreckage in a crater. Meanwhile, all the "bad guys(TM)" have now had hours head start to delete their C&C node registrations while microsoft's servers are down. And now they've ticked off the no-ip folks, so I wouldn't expect them to be in a cooperative mood to try and help.
Bone headed all round. There's no other way to put it.