• by Kate Kaye , August 6, 2004

Editor's Note: The story, as originally reported, suggested that online publishers and other industry insiders are reluctant to discuss a denial of service attack that shut down DoubleClick's DART ad servers more than a week ago. During the editing process, the reference to publishers' reluctance was mistakenly changed to state that DoubleClick was reluctant to discuss the attack. MediaDailyNews regrets the error.

When malicious forces struck DoubleClick's servers on July 27, the ad-serving and technology firm flew into action, and had apparently resolved the situation mere hours after the system was hit. Even publishers say the denial of service attack that shut down the DART ad servers was a mere inconvenience. So why are online publishers so reluctant to talk about it? Good question.

"That's the sorry truth about the whole thing," concludes one representative of a Web site network who wishes to remain anonymous. The general consensus within his company--and he believes throughout the broader Internet industry--is that "nobody wants to call attention to themselves" for fear of hacker repercussion. He adds that only a handful of the few hundred advertiser campaigns running throughout the site network were interrupted as a result of DoubleClick's disruption.

DoubleClick blamed its inability to serve Web ads on a Denial of Service attack from outside sources that essentially overloaded the system with false ad impression requests. According to Web performance measurement company Keynote Systems, significant slowdowns during the attack were evident on sites including washingtonpost.com and NYTimes.com, and on CNet Network sites. The measurement firm reported a threefold slowdown in response time for Web pages beginning at around 7:00 a.m. EST and ending at 1:30 p.m. EST. A Keynote representative told MediaDailyNews that most publishers said their site content loading time was not slackened as a result of the ad disruption, but there is potential for site content to slow under such circumstances.

According to a DoubleClick spokesperson, many of the sites that use the DART system removed the coded ad tags that enable ads to be served on their sites by DoubleClick. The system was not fully operational for a period of four hours--and at this point, things started getting back up to speed, said the spokesperson, who also noted that the firm had "notified proper authorities," yet neglected to name any particular institutions.

"It's natural that hackers are going to attack the most important domains on the Web," says Dave Morgan, CEO of behavioral targeting firm Tacoda Systems, and founder of a Web ad-serving outfit from the online ad industry's early days, Real Media, Inc. (now 24/7 Real Media). According to Morgan, Tacoda Systems has a "press release relationship" with DoubleClick.

The publishers he spoke with after the incident did not seem too concerned about it, notes Morgan, who says the DoubleClick attack is "not a big issue." In fact, he can't quite understand why publishers and other companies were reluctant to comment for this story. Among those firms that were unable or unwilling to comment were Dow Jones' Wall Street Journal Online, The New York Times Company's NYTimes.com, and aQuantive, owner of DoubleClick rival Atlas DMT.

"People who dealt with it know what life on the Internet is like," explains Morgan, who suggests that there's little else ad-serving firms can do beyond what they already are to protect against similar setbacks. Rich Person, CEO of Web ad optimization technology provider and ad-serving company Poindexter Systems, might disagree. "If you have a proprietary network and the whole thing goes down, you're in trouble," argues Person. He alludes to advertiser campaigns planned around major events or product launches when "it could be disastrous" if ads weren't run according to schedule. Person contends that Poindexter's ad-serving system--which works in conjunction with multiple content distribution networks--is less vulnerable to denial of service attacks because if one network is attacked, ads can be shifted to networks that aren't affected. Poindexter currently serves between 30 and 40 billion ad impressions per month, around half the number served by DoubleClick. "I don't think there are many things that can be done architecturally to an ad-serving system that could make a difference" in protecting it against attacks, opines Tacoda's Morgan. In the end, he takes the glass-half-full approach, referring to print advertisers who would never even notice a drop-off in ad performance because newspapers and magazines are much more difficult to track than Web media. "I like the fact that we're really hard on ourselves. It's such an amazing strength [of the Internet] that we can actually have that conversation."