When online infrastructure company Dyn got hit by three DDoS (distributed denial of service) attacks Friday, it shut down major sites using Dyn, including Twitter, SoundCloud, Spotify and The New York Times.
The attack also disrupted the ad industry.
Even if a publisher wasn’t affected, the attack impacted many of the tech partners delivering and measuring the ad impressions, and buyers saw wonky reporting and improper delivery of ad creative.
“I’ve been in ad tech for 15 years. I’ve never seen an event of this magnitude, ever,” said Andrew Casale, CEO of Index Exchange. Index uses Dyn, and “so does about half of ad tech,” he estimated.
To thwart off the DDoS attack, Index undertook a few countermeasures. It lengthened time to live (TTL), which governs how often the browser checks for new information. The adjustment made Index less reliant on the nonfunctioning DNS.
After a second attack, Index switched its DNS provider from Dyn to Akamai. Because header bidders will time out if they don’t receive a response, Casale said they didn’t cause any additional problems for publishers.
Index estimated total traffic decreased about 10% the day of the attack, and revenue slightly less than that, largely because publishers upstream were down on account of Dyn. During the attack, affected publishers’ traffic went down 30% to 40%.
Another ad tech CTO, who declined to be named because of client sensitivities, estimated a 55% dip in openRTB bid opportunities on the East Coast due to affected publishers during the heaviest two hours of the attack.
Even when a publisher’s site worked, the “enormously complicated and interconnected web” of ad servers, viewability vendors, DSPs and SSPs provided more ways for campaigns to deliver at a degraded rate, according to that CTO. But if publishers not using Dyn saw a downtick, it wasn’t outside normal traffic fluctuations.
The publisher Intermarkets, for example, received notifications from its partners about the attack, but didn’t notice any outages. The day’s revenue fell within a normal range. But sales and programmatic strategy VP Erik Requidan said “significant revenue” was at stake, and affected publishers may have to readjust forecasts due to missed revenue or campaign goals.
The CTO is still unwinding the full impact of the attack, as the redundancies in its server infrastructure didn’t include DNS. The CTO is having talks this week about how to “work better with partners across the board and redundant paths of approaches.”
But although revenue dipped during the outages, advertisers still had money to spend. Index saw upticks later in the day as advertisers tried to spend budgets once service restored, thanks to ad server and programmatic rules that regulate campaign pacing. The ad tech CTO saw buyers increase spend late Friday too, though the executive’s team attributed that to new holiday campaigns coming online.
So how will things change in the aftermath?
The DDoS attack came from numerous unsecured internet-of-things devices like DVRs and webcams. Once infected, those devices aren’t designed to be reprogrammed, as their software is deeply embedded in the product.
Will the industry see more DDoS attacks from rogue IoT devices?
Casale and the ad tech CTO were cautiously optimistic that devices won’t cause more problems. Casale pointed out that law-enforcement authorities were trying to find the culprits, while the CTO noted the expense of such an attack for ISPs and networks means that everyone is incentivized to invest in protection.
But the high visibility of the attack brought attention to the importance of strong network infrastructure and the ability to mitigate such an attack.
Many ad tech requests for information also have information requests from CIOs about security issues, including DDoS attacks. Each public attack makes CMOs, and not just CIOs, consider security when evaluating tech.
Dyn, when asked to comment, pointed to this blog post.
