I'm not talking about solving who is behind it, or even preventing further effective attacks.
I'm talking about realizing back on the 23rd that they were being DDoS attacked, analyzing whether someone was doing it in order to gain an advantage in play (which they were), and then subsequently putting measures in place to minimize the damage when this does occur again. Merge did none of these things.
For example, simply declaring all hands "all-in" when there's a mass-disconnect (rather than folding the guy who can't act) greatly reduces the effectiveness of this cheat. It's not perfect (the cheaters can do it in spots where they want a cheap draw or showdown), but it kills the main point of this exploit.
Merge did not do this. They let the same thing happen all over again two weeks later. And what about all the cash players who were hurt as a side effect of all this?
It was the players who figured out that one guy was using this to cheat. Merge should have figured this out on their own on the 23rd.
And how about their handling of the situation on the 23rd? A guy down to the final 14 was awarded a LOL $60 tournament ticket, when he lost out on thousands in equity. They later fixed it for him after he bitched about it on 2+2, but how could they possibly have entrusted the situation to their third world support monkeys for such a major issue? It would be like a nuclear attack on the US occurring, and President Obama assigning one of the White House janitors to figure out the country's plan for recovery.
And how about the fact that the software was so poorly designed that the DDoS attack caused players to switch accounts? How does that even happen?
I'm not saying that this is an easy situation to solve or stop, but Merge hasn't done themselves any favors with their handling of this matter.