Network Solutions has DDoS Problems: Second Dose of Cyber Attack Problems in Past Month

By Peter Bernstein July 17, 2013

In 1711, English Poet and author Alexander Pope published, An Essay on Criticism, Part II. Three of Pope’s sayings have become almost universal truths over time:

  • “To err is human; to forgive, divine”
  • “A little learning is a dangerous thing”
  • “Fools rush in where angels fear to tread”

If you will indulge me before I get to the news and commentary in the headline, what follows is an example of all of the above. Let me start with a big mea culpa and explain.

This morning, I took on a breaking news story that domain name registrar Network Solutions was under cyber attack. In researching what was happening, I used resource material about the company being under attack and having configuration problems in regards to an event back in June which got wide coverage. 

As a lesson in why not to multi-task (which I was doing at the time), I inadvertently overlooked the date on the resources and thought it concerned the current attack. Compounding this, the marketing person in me liked the headlines used previously so I paraphrased them for SEO purposes. To my subsequent chagrin, that original headline was not an accurate description of the current problems, and the article has been pulled so that I can correct the record. 

The facts are that Network Solutions is dealing with a significant Distributed Denial of Service (DDoS) that started over 24 hours ago and there has been corruption of customer DNS records. I pride myself on the fact that over the past three decades in the industry, that I get it right. This time I did not and hence the request for forgiveness.

As a point of clarification, the June instance got visibility because it involved Network Solutions customers having their DNS name servers replaced with the name servers at ztomy.com. Cisco tracked this activity and its blog on the subject received industry attention. And it should have, since the estimates at the time were that nearly 5000 domains may have been affected.

To quote another old saying, “That was then and this is now.” The breaking news over the last 24 hours is that Network Solutions, which manages almost 7 million domain names, is under attack again. This time it is a Distributed Denial of Service (DDoS) attack.   

While this is big news because of the place the company has in the industry. It is also important because of the way in which the crisis is being handled. And, while the security experts are busy once again watching what is going on as Network Solutions tries to ward off the attack and repair the damage, this angel is going to tread on two aspects of the story that are just if not more interesting.

  1. This is the second time in the past month Network Solutions has been a target.
  2. Network Solutions is no stranger to cyber attack and its crisis management skills could use some honing in terms of alerting customers and keeping them informed.

 Inviting target

For those seeking an expert view on this, Cisco’s security folks are once again tracking and blogging about what is transpiringIn fact, the latest update by Craig Williams provides speculation as to what is happening and raises the possibility that the current attack is related to the previous one. It also provides some insights as to how Network Solutions has been interacting with its customers and the public on keeping them and us informed.

The fact that Network Solutions makes for such an inviting target that its customers have been inconvenienced twice so recently is not a surprise. Like banks being frequently robbed because that is where the money is, those with malicious intent no doubt get great delight from being able to cause so much damage. What is going to be important coming out of this second event is what everyone else can learn about the nature of the attack and how fast it can be mitigated. This will include what can be done proactively as well as reactively.  

The increased frequency – and, given how long this is persisting, the sophistication of the assault -- should also be a warning to us all, especially those who are stewards of large enterprises with global brand responsibilities. As if we all were not aware of the need for 24/7/365 vigilance, the need to stay current as to best practices is now seemingly a matter of minutes and not days, and having visibility has never been more critical. As the current incident shows, lightning can strike in the same place more than once and if you are a “high value” target it will and the means of attack are likely to be based on the latest bad guy best practices. 

This is not to fault Network Solutions in terms of it technological preparedness.  This will become a topic of industry discussion and speculation in the next few days. It is merely to point out what those on the front lines know about how fast the need to stay current is accelerating.

Managing the crises

Where Network Solutions can be faulted is in how it has managed this so far. The Cisco blog chronicles that Network Solutions initially posted on Facebook that, in response to customer complaints, it was aware that there were problems and it was working on a fix. There was the obligatory language that, in essence, bad stuff happens and the company was committed to restoring impacted sites and referred people to their blog for updates. 

This raised the question about Network Solutions’ readiness since it appears Network Solutions is acknowledging it became aware of the problem because of customer complaints and not from something it discovered itself. The Twitter feed from much earlier in the crisis confirms this.

As the Cisco item notes, the Facebook thread has been replaced with one a more generic one.  

Cisco says this is so that “customers affected by the DDoS can more easily find relevant information.” The problem has been that getting on the Network Solutions site itself has been a challenge. Indeed, the tweeters made a great point. When something as vital as your website has been compromised, the vendor should feel an obligation to provide not just rapid notification to those impacted but should be using every channel available to keep customers informed about remediation steps.

In fact, one would have thought that Network Solutions would understand the need for rapid response in terms of managing its customer relationships and getting out in front of the story. Back in August 2009, Network Solutions notified customers that its "secure" servers were breached which led to the exposure of names, addresses, and credit card numbers of 573,928 people who made purchases on websites hosted by the company.  And, in August 2010, it discovered that one of its widgets offered to its domain registration and hosting customers was capable of distributing malware by sites displaying it.  While the company made the obligatory apologies in those instances, it seems not to have learned much from the experience.

I invite you to go to the Network Solutions home page right now at www.networksolutions.com . Below is a snippet of the top part of that page. Not only is there nothing about the problems on the top half, but a picture of the bottom half would show the same. In short, finding relevant information is a problem and it should not be.

Whether Network Solutions can mitigate the risks of not providing fast access to information about this attack and improve its crisis management skills remains to be seen. Indeed, how it handles all of the questions arising from this event, including its proximity to the previous one, is going to be put under the microscope.   Like me, the company can always strive to do better.

In the meantime, while the blogosphere can be harsh, from a customer perspective one can only root for Network Solutions resolving its technical problems ASAP. This type of attack strikes to the heart of the Internet. DNS name servers being corrupted in any way is a bad thing and, as the current case in point proves, DDoS attacks can be incredibly disruptive.   

As for me, in this case, a little learning about not multi-tasking on breaking news was instructive and not dangerous. I apologize for having put out inaccurate information that may have cause anyone to draw improper conclusions about Network Solutions, and I hope Alexander Pope’s first saying is one that resonates.   




Edited by Rich Steeves
SHARE THIS ARTICLE
Related Articles

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More

Putting the Flow into Workflow, Paessler and Briefery Help Businesses Operate Better

By: Cynthia S. Artin    9/14/2018

The digital transformation of business is generating a lot of value, through more automation, more intelligence, and ultimately more efficiency.

Read More

From Mainframe to Open Frameworks, Linux Foundation Fuels Up with Rocket Software

By: Special Guest    9/6/2018

Last week, at the Open Source Summit, hosted by The Linux Foundation, the Open Mainframe Project gave birth to Zowe, introduced a new open source soft…

Read More

Unified Office Takes a Trip to the Dentist Office

By: Cynthia S. Artin    9/6/2018

Not many of us love going to see the dentist, and one company working across unified voice, productivity and even IoT systems is out to make the exper…

Read More

AIOps Outfit Moogsoft Launches Observe

By: Paula Bernier    8/30/2018

Moogsoft Observe advances the capabilities of AIOps to help IT teams better manage their services and applications in the face of a massive proliferat…

Read More