Share
Last week, when the Internet’s eighth largest domain registrar was slammed by a Denial-of-Service (DoS) attack, customers of Register.com were left without service and, in some cases, answers. The DoS attack ultimately led to a 48-hour outage, and many customers quit the service citing a lack of communication from the company as a reason.
Register.com outage still sparking debate and ridicule. (IMG: Register.com)
"Services have been restored for most of our customers including hosting and email," Register.com chief executive Larry Kutscher said in an e-mail on Friday. "However, for some of our customers, services are not fully restored. We know this is unacceptable."
The problem with that e-mail was that many customers never received it, as they used the same DNS services for mail that were under attack at the time. In addition, Register.com itself was knocked offline, so e-mails sent to the customer account profiles were unavailable.
Other than that e-mail, the only update came from Register.com's account on Twitter. Interestingly enough, Register.com's customers on Twitter were the ones who broke the outage story.
Early reports of the outage had Register.com blaming Conficker or, according to one Register.com customer who spoke to SANS ISC: "We are being told by Register.com that the April 1 issues are affecting them." This was likely not the case, as Conficker amounted to a bunch of nothing on April 01 -- but that's a different story.
What the communication to SANS ISC highlights is a lack of internal information. The odds are a customer support agent reported there were issues related to April 01. The agent did this because call center management tells agents to do so. Adding to the issue is the lack of secondary communication from Registar.com. Its Web site was offline thanks to the attack, so there was no company blog to update, nor were there any formal updates to customers using other services.
However, it is clear that after the issue and sometime during, Register.com's PR was working Google in search for blogs to comment on after it had written about the issue. One such blog, Digital Soapbox, which is ran by Rafal Los, had a comment from 'Nick D' who responded to a customer complaint left in the comment section of a Rafal Los rant focusing on the outage.
The customer complained that his congregation’s site was down most of the day on Friday, and that he was reminded about placing all of one’s eggs in one basket. Nick D responded to his remarks, leaving no comment for Los, with:
"We are very sorry that this has impacted you and your congregation. Unfortunately when we get attacked by some idiots who have no regard for those they impact, it hurts both us and our customers."
While it was a nice touch to offer help in the comments of a blog post centered on the outage, it only shows that PR was working overtime to contain fires. Instead of worrying about what the blogosphere was saying at the time, most customers would rather have seen more energy spent on direct communication.
"Now, I'm the first to say that a massive Domain Name behemoth like Register.com should be well-prepared to hold up against even a large-scale DDoS so I think it's only fair to ask those folks to be forthright and honest with the customers about what happened, how it happened, and what they are doing to build more resiliency into their infrastructure,” Los said in his blog.
During the outage, complaints appeared all over the Internet, most hailing from customers who use Register.com’s services for business, and thus were losing money thanks to the down time. While not amounting to the millions or thousands an hour most claimed, there were probably some very legitimate losses as a result of the DoS attack.
Several days after service had been restored, the complaints evened out, but questions remained; leading some to wonder why Register.com is remaining silent on the issue. Does it think it will go away if it doesn't talk about it?
"My personal feelings here, as a customer of theirs affected by this outage, is that something should have been done to make sure I was at least getting minimal service during this massive outage. While you can't control things like a DDoS we know after years of research that there are technologies that can aide in holding back the flood-waters of a DDoS and at least let some transactions function," Los added.
According to Register.com, it did deploy, "counter-measures to mitigate the attack and added capacity across the company’s network." It set up channels with major ISPs to re-enable customer services; it also isolated the profile of the attack through forensic data analysis, and even contacted the FBI and DHS.
The issue with the information provided is that it looks as if countermeasures were added after the fact. If this is indeed the case, then why? It wouldn’t make sense for a registrar who holds over two million domains not to defend the network from the onslaught that can come from a DoS attack.
What about the scope, length, and exact nature of the attack? Why is there no information on this aspect of the issue? What is Register.com doing to make its service resistant, or at least better protected, from this type of attack in the future?
The Tech Herald dutifully asked those questions. However, at the time this article was published, there has been no response to our direct e-mails.
The bottom line is that you cannot blame Register.com for the attack, or the lost services. There were things that should have been done differently, but it is still the victim.
Want regular updates from The Tech Herald? Follow us on Twitter.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story