Anyone dependent on domain name registrar and hosting company Register.com, for either hosting their Web site or e-mail, learned first hand the pain of a distributed denial-of-service attack.I'm not sure what time the attacks began, but I noticed I lost access to my e-mails that depend on Register.com starting Wednesday afternoon.
In fact, e-mail access didn't seem to normalize until Saturday.
I couldn't access my Web site, nor POP e-mail, nor Web mail.
Here's the e-mail Register.com sent to customers, Friday at about 5:00 PM:
Earlier today we communicated to you we were experiencing intermittent service disruptions as a result of a distributed denial of service (DDoS) attack - an intentionally malicious flooding of our systems from various points across the internet.
We want to update you on where things stand.
Services have been restored for most of our customers including hosting and email. However for some of our customers, services are not fully restored. We know this is unacceptable.
We are using all available means to restore services to every one of our customers and halt this criminal attack on our business and our customers' business. We are working round the clock to make that happen.
We are committed to updating you in as timely manner as possible, please check your inbox or our website for additional updates.
Thank you for your patience.
Larry Kutscher Chief Executive Officer Register.com
Problem is: I didn't receive any earlier notice on the availability issues. I had (barely) intermittent access to e-mail, and failed to be able to access Register.com on my several attempts.
As most of you are probably aware, a distributed denial-of-service attack is an attack where typically a few thousand (could be a few hundred, or even tens of thousands) systems are comprised with "bots." Those bots are instructed to swamp servers with so much bogus traffic that legitimate traffic can't get through.
Mid-afternoon on Saturday, Register.com provided the following update, stating that all of their web services were operational:
Please note we are not discounting the possibility of an escalated DDoS attack. We are taking every possible precaution to protect our infrastructure and our customers. In response we have:
- Deployed counter-measures to mitigate the attack and added capacity across the company's network - Setup special channels with major ISPs to re-enable customers' services - Isolated the profile of the attack through forensic data analysis - Engaged the FBI and The Department of Homeland Security
Bullets three and four seem like reasonable response to an attack to me. However, there's little excuse for a hosting company and e-mail provider to deploy D-DOS countermeasures after a D-DOS attack. These countermeasures would have already been on-the-ready. Ditto for special channels being setup with other ISPs for traffic failover.
Why would Register.com have been targeted for an attack? They're not saying. However, Brian Krebs at the Washington Post is on to one possible idea, and that's Register.com is/was the target of extortion. It's common for cyber-criminals to target gambling Web sites, for instance, with extortion attacks, though I'm not familiar with it being common among ISPs. Let's hope this isn't the beginning of a trend.
Let's also hope, if this is the case of extortion, that Register.com didn't pay up.
I wrote a cover story on Extortion Attacks a few years ago. It was an interesting story. Still is. And, unfortunately, online extortion is still a problem.
I'm not going to leave what business I currently give to Register.com because of this attack. That would be punishing one of the victims in this mess.
But I am disappointed that the company wasn't better prepared. And I will leave if there is a next time for exactly that reason.