Why do denial of service attacks reduce future visits

1
Why do denial of service attacks reduce future
visits?
Switching costs vs. changing preferences

• Avi Goldfarb
• University of Toronto
• June 2, 2005

2
Denial of Service (DoS) Attacks

• On February 7, 2000, a hacker named mafiaboy
  shut down the Yahoo website for 3 hours in the
  first of a wave of DoS attacks.
  
• February 8, 2000 Amazon, Buy.com,
  CNN.com, EBay
  
• February 9, 2000 ETrade, ZDNet
• Since then, dozens of other cases.

3
Effect of DoS Attacks

• DoS attacks had a lasting impact as well as a
  short-run impact
  
• I show that these attacks had an impact on user
  behavior to all websites except ETrade.
  
• I examine the cause of the lasting impact
• Do users like the attacked website less?
• Or do users become locked-in to competing
  websites?
  
• The results help understand the impact of a
  website shutdown on user behavior.
  
• How costly are DoS attacks in the long run?
• Why?

4
Structure of the Talk

• DoS Attacks
• Data
• The overall effect
• -identification and magnitude
• 4. Switching costs vs. changing preferences
• -identification and results
• 5. Caveats
• 6. Managerial implications and conclusions

5
Denial of Service (DoS) Attacks

• Defined as an attack to suspend the availability
  of a service.
  
• Typically, attackers make websites inaccessible
  by overloading servers with requests for
  information (called Distributed DoS).
  
• Has happened frequently since February 2000,
  most notably Microsoft (MSN, Expedia, Carpoint)
  in January 2001.
  
• Now sometimes used for blackmail (e.g. Gambling
  websites during the Superbowl)

6
Immediate Impact
7
Data

• The raw data set (from Plurimus Corp.) consists
  of every website visited by 2651 households from
  December 27, 1999 to March 31, 2000.
  
• A total of 3,228,595 observations
• An average of 1217 per household
• Exact timing of attacks in CNET
• Data for Yahoo is especially rich, so I will
  emphasize the Yahoo results.

8
General Method

• The data provide a natural experiment for testing
  the effects of exogenous website shutdowns.
  
• There is a Treatment Group that was online during
  the attack and a Control Group that was not.
  
• The impact is the difference between these
  groups.
  
• The treatment group is defined by the probability
  of visiting the attacked website during the
  attack.
  
• Regressions test whether the treatment group
  behaved differently after the attack than the
  control group.
  
• Difference-in-Difference identification

9
The Effect on Yahoos Share
10
Magnitude of the Overall Effect
11
Yahoo-Overall CoefficientsProbit
12

• WHY DO TEMPORARY WEBSITE SHUTDOWNS REDUCE FUTURE
  VISITS?
  
• Switching costs vs. changing preferences

13
Online Switching Costs

• Considerable disagreement about existence of
  switching costs online
  
• Economics tradition says noShapiro Varian
  (1999), Gandal (2001), Porter (2001) say
  nonethe competition is just a click away
  
• Marketing tradition says yescustomers show state
  dependence in most categories. Johnson, Bellman,
  Lohse (2003) label this cognitive switching
  costs in the online context

14
Identification of switching costs as different
from overall opinion

• This method identifies (short-run) switching
  costs that accrue to the website visited instead
  of the attacked website during the attack.
  
• Switching costs will accrue only to the website
  visited as an alternative to the attacked
  website.
  
• i.e. suppose a user tries to visit Yahoo and
  cannot due to the DoS attack. Instead, the user
  visits MSN.
  
• If the reduction in Yahoo visits is due to
  switching costs, only MSN will benefit. Other
  portals such as Altavista will not.
  
• If the reduction is due to a decreased perception
  of Yahoos quality, then MSN and Altavista will
  benefit proportionally to the users previous
  preferences

15
The Effect on Yahoos Share
16
Magnitudes of Switching Costs and Changing
Preferences
17
Yahoo-Switching Cost CoefficientsProbit
18
Caveats

• I evaluate short-run switching costs to the
  website visited instead of the attacked website.
  
  
• This is a distinct concept from long-run
  switching costs and loyalty that accrue over a
  long time and involve deep relationships.
  
• There may also be a reduction in switching costs
  at the attacked website. I do not measure
  these.
  
• Household-level not individual-level data (should
  bias effects toward zero).
  
• I do not actually observe a perception of reduced
  quality. I only observe that the utility measure
  of the website is lower relative to all other
  websites in the category.
• Each DoS attack lasted less than 4 hours.
• I cannot understand the impact of a long-term
  shutdown

19
Segmentation (overall effect)Yahoo
20
Segmentation (switching costs)Yahoo
21
Conclusions

• DoS Attacks Matter. They cost Yahoo millions of
  visits
  
• (Estimated total cost 338,854)
• Both an immediate and a lasting effect
• Lasting effect has two causes
• Changing preferences
• Switching costs
• Sources not clear learning, state dependence,
  etc.