By Beth McGuire
Several days into the massive “distributed denial of service” (DDoS) cyberattack on Move, Inc.’s websites this week, the company’s Chief Technology Officer John Robison reports that the sites are back up and running, albeit a bit slower than usual for now.
In an exclusive interview with RISMedia Friday, Robison detailed a two-phase plan the company has in place to bring the sites back to full recovery, assure its customers, and input measures to prevent such an attack from happening again.
“We’re mostly through phase one, which is getting the sites back up and running,” Robison said. “They may not be quite as fast, but they are usable and customers can see them and interact with them. It’s our top priority to make sure the sites are accessible and customers have access to them and business is not impacted.”
Robison said phase two will be the “hardening of the site,” or making sure an attack of this magnitude doesn’t happen again. To do that, Move is working with the DDoS mitigation provider Prolexic division of Akamai Technologies, Inc. “around the clock” to increase protection from hackers, an effort he said will extend into next week sometime.
DDoS attacks are sent by people or botnets, which are Internet-connected programs that work on tasks. The DDoS attack on Move drove massive amounts of traffic from external sources, or “fake requests,” as Robison explained, to Move’s data center in Phoenix, Ariz., making realtor.com®, the official real estate site of the National Association of REALTORS®, Top Producer® services, and Move’s other Internet services inaccessible by real users.
Cyberattacks are measured in the volume and speed of the fake requests. Move’s attack clocked in at about 30 gigabytes per second (GB/s), which can be enough to overwhelm large Internet businesses’ networks, but is also typical of several hacks recently reported to other large public sites, such as Evernote and Ancestry.com. Robison noted that it appears the company was targeted randomly, “based on other attacks on other sites out in the public, there seems to be a commonality in how the attacks are done, but not in who is picked.”
Once phase two is completed next week, Move will be protected “at a much higher level,” he said. “We’re going above and beyond the level most sites take in response to the attack,” Robison assured. “We’re super focused on our customers and people coming to the website. We have a core team of network service providers and Prolexic working 24-7 to get up and running. We take this very seriously.”
No consumer data was compromised in the attack, Robison stated. “They didn’t get inside the site and we are not aware of any penetration or data compromise.”
The FBI cybercrimes unit is actively investigating the incident, Robison said, and Move is cooperating with federal law enforcement officials. However, he couldn’t offer further details on the ransom demand sent ahead of the attack on Wednesday, or who it was sent to or whether officials have any leads or expect to make any arrests, citing the ongoing investigation. The company reported earlier Friday that following the receipt of a ransom demand at 8:45 a.m. PST Tuesday, to which as standard practice the company did not respond, the site began getting hacked midday.
For now, Robison is reporting good connectivity to the sites as of Friday afternoon, however, he “will be able to sleep easier next week…there’s a lot happening behind the scenes,” he said.
Move, Inc.’s CEO Steve Berkowitz wrote an open letter to the real estate industry about the cyberattack. Click here to read the letter.
Stay with RISMedia for continuing updates on this story.