This past week, CallCentric customers experienced registration timeouts among other problems due to an external DDoS attack, which blindsided the VoIP provider’s SIP Protocol. Calling the attack “sophisticated, aggressive, and complex”, CallCentric has since launched a thorough investigation into the matter. To combat the issue immediately after it’s occurrence, CallCentric created new code in real-time to further strengthen its network, adding updates throughout the day as they satisfied internal requirements. In the midst of the attacks, CallCentric released updates via twitter to keep customers updated:
The attacks against CallCentric were modified later into them experiencing two different types of DDoS attacks. The VoIP provider proactively launched two new servers (sip.callcentric.com and srv.callcentric.com) to assist in reducing the load and allowing service to operate for some clients. Due to this new information being publicly released however, the new servers were also affected. As such, a work-around was developed and the information provided had to be changed yet again.
As noted prior, CallCentric endured several attacks, with the second occurring on October 6, 2012. CallCentric acknowledged the nature of the breaches to be for the purposes of causing “severe disruption”. Fortunately, all customer data remained encrypted and safe, neither destroyed nor lost. This speaks volumes to their service, as even the biggest of companies (such as Yahoo) have been victim to such attacks in the past. The main concern for consumers and businesses alike, is that data remains uncompromised, as this can cause a long-term issue rather than a short-term interruption.
CallCentric are still at work, cleaning up the debris, tying up loose ends, and figuring out how to fortify their defenses so something like this does not happen again. In a statement, the residential VoIP provider called the experience “humbling”, noting they would turn the negative event into something positive. CallCentric assured their clients they will “learn and grow from this experience and will use this as an impetus to further enhance [their] service, support response, and the overall security of [their] network.” It is unclear whether the new servers will replace the old while a complete fix is in the works, or whether they are simply a stop-gap measure. For now, CallCentric is still exhibiting a great deal of transparency and helping their customers through what could have been much more devastating, but was handled quite well considering.