CrystalTech hit By Cyber Monday DDoS

Cyber Monday was a busy day for cybervandals as well as online retailers. A distributed denial of service attack (DDoS) Monday morning caused more than four hours of downtime for customers of CrystalTech, a business hosting provider in Phoenix, Ariz. that hosts 91,000 web sites.

The DDoS featured more than 5,000 machines attacking CrystalTech's DNS servers, flooding the company's network. "This was not just a simple DDOS," Bob Cichon, the President and Chief Operating Officer of CrystalTech, said in a posting on the customer forum. We get those all the time and no one sees it, since our team and equipment handle it very well. This was a very well planned and professional DNS DDOS." The impact of the attack can be clearly seen in our performance chart for CrystalTech:


U.S. retail industry groups have dubbed the Monday after Thanksgiving “Cyber Monday” in a bid to promote online shopping. The effort appears to have paid dividends, as content distribution provider Akamai reported that traffic on its North American network was up 19 percent from the Thanksgiving Monday in 2005.

CrystalTech didn’t say whether the attack targeted a particular customer or the hosting company itself. Industries conducting large volumes of transactions are frequent targets for a cottage industry of digital extortionists using distributed denial of service (DDoS) attacks. These attacks typically are preceded by a request for payment from parties who claim the ability to “prevent” an imminent attack. If no payment is made, a DDoS attack follows. Attacks are often timed to peak traffic periods when uptime is critical.

The attack on CrystalTech, along with a software-related outage at MediaTemple on Tuesday, demonstrated how web hosts are seeking to keep customers better informed during downtime in hopes of defusing customer frustration during extended outages. Cichon posted regular updates on CrystalTech customer support forums throughout the day Monday, while a half dozen CrystalTech staffers contributed to the discussion with specific responses to customer inquiries. During Tuesday’s outage at MediaTemple’s GridServer, the company provided detailed updates on its web site.

Netcraft offers a web site performance monitoring service that provides detailed uptime charts, along with e-mail alerts when an outage occurs.