Network Solutions has DDoS Problems: Second Dose of Cyber Attack Problems in Past Month

By Peter Bernstein July 17, 2013

In 1711, English Poet and author Alexander Pope published, An Essay on Criticism, Part II. Three of Pope’s sayings have become almost universal truths over time:

  • “To err is human; to forgive, divine”
  • “A little learning is a dangerous thing”
  • “Fools rush in where angels fear to tread”

If you will indulge me before I get to the news and commentary in the headline, what follows is an example of all of the above. Let me start with a big mea culpa and explain.

This morning, I took on a breaking news story that domain name registrar Network Solutions was under cyber attack. In researching what was happening, I used resource material about the company being under attack and having configuration problems in regards to an event back in June which got wide coverage. 

As a lesson in why not to multi-task (which I was doing at the time), I inadvertently overlooked the date on the resources and thought it concerned the current attack. Compounding this, the marketing person in me liked the headlines used previously so I paraphrased them for SEO purposes. To my subsequent chagrin, that original headline was not an accurate description of the current problems, and the article has been pulled so that I can correct the record. 

The facts are that Network Solutions is dealing with a significant Distributed Denial of Service (DDoS) that started over 24 hours ago and there has been corruption of customer DNS records. I pride myself on the fact that over the past three decades in the industry, that I get it right. This time I did not and hence the request for forgiveness.

As a point of clarification, the June instance got visibility because it involved Network Solutions customers having their DNS name servers replaced with the name servers at ztomy.com. Cisco tracked this activity and its blog on the subject received industry attention. And it should have, since the estimates at the time were that nearly 5000 domains may have been affected.

To quote another old saying, “That was then and this is now.” The breaking news over the last 24 hours is that Network Solutions, which manages almost 7 million domain names, is under attack again. This time it is a Distributed Denial of Service (DDoS) attack.   

While this is big news because of the place the company has in the industry. It is also important because of the way in which the crisis is being handled. And, while the security experts are busy once again watching what is going on as Network Solutions tries to ward off the attack and repair the damage, this angel is going to tread on two aspects of the story that are just if not more interesting.

  1. This is the second time in the past month Network Solutions has been a target.
  2. Network Solutions is no stranger to cyber attack and its crisis management skills could use some honing in terms of alerting customers and keeping them informed.

 Inviting target

For those seeking an expert view on this, Cisco’s security folks are once again tracking and blogging about what is transpiringIn fact, the latest update by Craig Williams provides speculation as to what is happening and raises the possibility that the current attack is related to the previous one. It also provides some insights as to how Network Solutions has been interacting with its customers and the public on keeping them and us informed.

The fact that Network Solutions makes for such an inviting target that its customers have been inconvenienced twice so recently is not a surprise. Like banks being frequently robbed because that is where the money is, those with malicious intent no doubt get great delight from being able to cause so much damage. What is going to be important coming out of this second event is what everyone else can learn about the nature of the attack and how fast it can be mitigated. This will include what can be done proactively as well as reactively.  

The increased frequency – and, given how long this is persisting, the sophistication of the assault -- should also be a warning to us all, especially those who are stewards of large enterprises with global brand responsibilities. As if we all were not aware of the need for 24/7/365 vigilance, the need to stay current as to best practices is now seemingly a matter of minutes and not days, and having visibility has never been more critical. As the current incident shows, lightning can strike in the same place more than once and if you are a “high value” target it will and the means of attack are likely to be based on the latest bad guy best practices. 

This is not to fault Network Solutions in terms of it technological preparedness.  This will become a topic of industry discussion and speculation in the next few days. It is merely to point out what those on the front lines know about how fast the need to stay current is accelerating.

Managing the crises

Where Network Solutions can be faulted is in how it has managed this so far. The Cisco blog chronicles that Network Solutions initially posted on Facebook that, in response to customer complaints, it was aware that there were problems and it was working on a fix. There was the obligatory language that, in essence, bad stuff happens and the company was committed to restoring impacted sites and referred people to their blog for updates. 

This raised the question about Network Solutions’ readiness since it appears Network Solutions is acknowledging it became aware of the problem because of customer complaints and not from something it discovered itself. The Twitter feed from much earlier in the crisis confirms this.

As the Cisco item notes, the Facebook thread has been replaced with one a more generic one.  

Cisco says this is so that “customers affected by the DDoS can more easily find relevant information.” The problem has been that getting on the Network Solutions site itself has been a challenge. Indeed, the tweeters made a great point. When something as vital as your website has been compromised, the vendor should feel an obligation to provide not just rapid notification to those impacted but should be using every channel available to keep customers informed about remediation steps.

In fact, one would have thought that Network Solutions would understand the need for rapid response in terms of managing its customer relationships and getting out in front of the story. Back in August 2009, Network Solutions notified customers that its "secure" servers were breached which led to the exposure of names, addresses, and credit card numbers of 573,928 people who made purchases on websites hosted by the company.  And, in August 2010, it discovered that one of its widgets offered to its domain registration and hosting customers was capable of distributing malware by sites displaying it.  While the company made the obligatory apologies in those instances, it seems not to have learned much from the experience.

I invite you to go to the Network Solutions home page right now at www.networksolutions.com . Below is a snippet of the top part of that page. Not only is there nothing about the problems on the top half, but a picture of the bottom half would show the same. In short, finding relevant information is a problem and it should not be.

Whether Network Solutions can mitigate the risks of not providing fast access to information about this attack and improve its crisis management skills remains to be seen. Indeed, how it handles all of the questions arising from this event, including its proximity to the previous one, is going to be put under the microscope.   Like me, the company can always strive to do better.

In the meantime, while the blogosphere can be harsh, from a customer perspective one can only root for Network Solutions resolving its technical problems ASAP. This type of attack strikes to the heart of the Internet. DNS name servers being corrupted in any way is a bad thing and, as the current case in point proves, DDoS attacks can be incredibly disruptive.   

As for me, in this case, a little learning about not multi-tasking on breaking news was instructive and not dangerous. I apologize for having put out inaccurate information that may have cause anyone to draw improper conclusions about Network Solutions, and I hope Alexander Pope’s first saying is one that resonates.   




Edited by Rich Steeves
SHARE THIS ARTICLE
Related Articles

Is 5G a Spectrum-eating Monster that Destroys Competition?

By: Fred Goldstein    6/15/2018

To hear the current FCC talk about it, 5G mobile service is the be-all and end-all of not only mobile communications, but the answer to most of the co…

Read More

FX Group Makes the Red Carpet Shoppable with Blockchain-Based mCart Marketplace-as-a-Service

By: TMCnet News    6/14/2018

mCart by Mavatar announces the launch of the world's first blockchain-based decentralized mCart marketplace by the FX Group.

Read More

Judge Gives AT&T-Time Warner Deal Green Light

By: Paula Bernier    6/12/2018

Federal judge Richard Leon gave the $85 billion deal the green light today - and without any requirements to sell off any parts of the company. He als…

Read More

A New Foundation for Evolving Blockchain As a Fundamental Network Technology

By: Arti Loftus    6/12/2018

There are now thousands of blockchains, and unless you are a cryptophile, you won't recognize most of them.

Read More