Rhetorical & #TechComm Analysis of Adobe, Avast, Avira, & AVG “hacking” responses

What happened?

Avira and AVG: http://www.pcworld.com/article/2053380/network-solutions-investigating-dns-hijack.html
Avast: http://grahamcluley.com/2013/10/vigilance-avast-anti-virus-website-pwned/
Adobe: http://rt.com/usa/adobe-hacked-krebs-hold-742/

What happened in summary?

  • In the past week, several companies’ websites were “hacked”* including the security companies AVG and Avira, and the same attempt made on Avast. The hack made on Adobe was not the same as the previous three but because it occurred during this same time and was a result of hacking, I have included it in this post. Whatsapp was also hacked but I have not included them in this post.

*Note: I use the terms “hack” and “hacking” as a generic term that most non-security-industry people would conceptually use to describe what happened (also see PCWorld’s use of “websites hacked” as generic term).

Why am I writing about this?

  • These four companies share a commonality in that they are all “high-tech software” companies, and all of them are within the security software industry (Adobe is within the “security” industry as well [1] http://www.adobe.com/security.html] [2] http://www.adobe.com/security/pdfs/95008935_lc_es_security_po_ue.pdf).
  • Technical Communicators are employed within companies such as these.
  • Incidents like these affect users very personally and the communications needed to explain what happened are technical.
  • The public-facing “Crisis Response” not only shows a company’s organizational ethos but also is an example of the relationship between Public Relations (PR) writing and Technical Communication.

What my analysis emphasizes

This post merely attempts to highlight the obvious rhetorical devices employed by each company in how they communicate the same content to their users. This is not meant to be an in-depth analysis. My primary interest is the usability of the responses to help users understand what happened. My opinion is that issues such as these (which are occurring much more frequently) are the purview of not only PR writers but also Technical Communicators. I will try to point out where and how Technical Communicators could contribute to technology crisis responses such as these.

Avira’s blog post: “Major DNS hijacking affecting major websites, including avira.com (Update)”


Avira website response

Avira website response

Avira chose to use a text-only blog-style post to communicate that their website was hacked.

  1. The title of the post emphasizes the event “Major DNS hijacking” while deflecting (or using a Tu quoque argument) by calling out that others were affected too—
  2. The acknowledgement of Avira’s liability comes as a subordinate clause after the comma “including avira.com”.
  3.  Avira attempts to be quite clear that the “websites of Avira have not been hacked”, as indicated by underlining that point.
    Technical Communication – Most users will have a difficult time understanding the meaning of “DNS hijacking” without any context and would probably associate “the websites of Avira” with the “Internet Service Provider” (ISP) that they use. While this does a good job of shifting blame away from Avira and onto their ISP, it does not alleviate a user’s anxiety about how they are affected through Avira.
  4. It takes four lines until Avira addresses their users to explain how they could be potentially affected by this issue.
    Technical Communication – To a customer and user, this would be the most important information – most important because the primary reason they came to this post was to see how they would be affected by this hack. A Technical Communicator would have placed this content at the beginning of the post, to immediately communicate the technical details of the issue and address a user’s immediate concern. Additionally, this content could be presented better using basic formatting such as indentation and more sections with better title headers.

Last, there is a “related” post linked at the bottom of this post to the “Adobe hacked” story.

Where Avira held back on their post, they are sure to give in-depth information regarding Adobe’s short-comings. Avast does a similar thing on their blog post but against Microsoft (see the Avast section below).

AVG’s blog post: “Website issue, Tuesday 8 October”


AVG made an initial post on Tuesday, 8 October which I will call “Posted 1 day ago” and then edited the original post which I will call “Posted 2 days ago”.

“Posted 1 day ago”

AVG hack response 1

AVG hack response 1

  1. AVG chose to give this post a generically-descriptive title instead of an issue-specific one. This is clearly meant to divert the issue from hacking to a more innocuous “website issue”.
    Technical Communication – For searchability, the post should use a title that provides better context for the issue and uses keywords that users would likely use on search engines.
  2. Similar to Avira’s response, AVG explains the hack as an “online properties deface[ment]” and provides the technical explanation about the “domain name system (DNS) registrar being comprised.”
    Technical Communication – Once again, average AVG users are unlikely to know what that means and how that may affect them. AVG is using a complex-sounding technical term without providing adequate context to overwhelm the user into thinking the situation is too complex for them to understand. A Technical Communicator would communicate this information in language that the user-base would understand, to provide them with the necessary information to make informed decisions for how to act.
  3. Similar to Avira’s response, AVG deflects blame to others. They mention their customers in sentence four of four (4/4) but don’t provide any means for the customer to inquire about more information.

“Posted 2 days ago”

AVG hack response 2

AVG hack response 2

  1. The edited response is very similar to the original except that the generic deflection is immediately replaced with a direct reference to their ISP the same as Avira did – “compromised through provider Network Solutions”.
  2. The explanation for the result of the hack is a “delay in service” and further qualified by the term “temporary”.
  3. AVG is also clear to point out that their “site was not hacked”.
  4. An addition to the reference to their customers is made with “and installed software should not be affected”.
    Technical Communication – Users may have questions concerning installation or how this process could be affected and what the symptoms could be—this is a good place to allay the fears AND communicate technically accurate (as in “technologically accurate”) information by offering information about installations. How is a user to know if their installation issue is or is not being “affected” by this issue?

Avast’s blog post: “Attempted hack against AVAST”


Avast crisis response web page

Avast crisis response web page

It is important to note that Avast’s website was not compromised the same way as Avira and AVG’s were. However, they experienced the same hacking attempt and it is useful to see the PR/Technical response and how an “attempted” hack differs from a successful one.

  1. Not hesitant to write “hack” (see above about searchability) because they can begin with the qualifier “attempted”.
  2. Once again, deflection is used but in this case it is to distance Avast from the “hijacked” companies’ websites.
  3. Since this hack did not affect them, Avast provides the context for the issue that the other two do not. They use the quote from the CEO as a rhetorical device (ethos—appeal authority) to demonstrate how involved the company is with this issue.
  4. Avast’s first address to a user comes in the last paragraph of the post.
    Technical Communication – A concerned Avast user would probably read this post looking for (a) relief that their security software is not comprised (addressed in last sentence of first paragraph) and (b) how this could potentially affect them.

Last, Avast Tweeted about the hacks to WhatsApp and Adobe but did not inform their customers about the attempted hack against their website.

Avast tweets about hacking except their own

Avast tweets about hacking except their own

Summary of the three responses

Reoccurring themes among these three is that each post begins by deflection or softening of the issue, sharing blame (or highlighting the shortcomings of others while tempering their own), and users are only addressed at the end but not provided with the context to understand what occurred or how it might (or might have) affected them and what they can do right now to take action.

Adobe’s post: “Customer security alert”


(see below for screenshot)

I was immensely impressed with Adobe’s response to the hack. From a Technical Communication perspective, the content and communication addresses all of the points a user would need and expect from a situation such as this. Since the user is the focus of the communication, it is also good PR writing as well—as opposed to the previous posts that communicated information about themselves first and information for users second, good technical writing serves the user AND the company at the same time. I will venture to say that Technical Communicators (in conjunction with many others to be sure, such as Customer Support) were intimately responsible for this web page and its content.

Here is a brief breakdown of the content and structure of the response:

  1. “What happened?” – Adobe begins with a brief (three sentences) and poignant paragraph that summarizes (in simple terms) what happened.
  2. “Read the FAQ” – This is an anchor link to #read_faq. It is appropriate to link to this content and not provide it at this point in the response because FAQ information is contextual and less important than information that provides direct, actionable content.
  3. “What do I need to do?” – This is written directly for users and formatted so users can easily scan each point (bullets and bold) and address the immediate concerns related to this issue. Additional support content is provided as hyperlinks to help users complete the primary task.
  4. “Chat with Adobe Support” – Adobe provides further resources to assist users with this issue, formatted nicely and placed visibly below the self-help content.
  5. “Frequently Asked Questions” – The FAQs were linked to from the top and address the further contextual information about the issue, background information, and other questions that users would potentially ask relative to a situation as severe as this. Technical Communicators are trained to analyze situations and make decisions about what content to provide and how best to present it. [to see all the FAQ responses compiled, open the following document link: Adobe hack response Frequently Asked Questions]
Adobe crisis response

Adobe crisis response

Or am I wrong and each response is perfect? How much should Technical Communicators be involved in “crisis communication”?



Filed under Data Breach Analysis, Rhetoric, Technical Writing

3 responses to “Rhetorical & #TechComm Analysis of Adobe, Avast, Avira, & AVG “hacking” responses

  1. The structure of Adobe’s response would be fitting for any response in such a situation–give the users a simple breakdown that addresses their concerns and give them a simple “what’s next” or “what now” statement.

    Nice analysis.

  2. Pingback: Rhetorical & #TechComm Analysis of Kickstarter “hacking” response | ferswriteshoe

  3. Pingback: Rhetorical & #TechComm Analysis of AT&T “CPNI” Opt-Out Email | ferswriteshoe

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s