One of the issues is that DDOS attacks often attack intermediary infrastructure for which the main company, SE, doesn't have direct control. There's no magic wand for solving the problem and swapping providers is not feasible in the short-term duration of the attack. If secondary providers are terrible consistently then they might swap them out at a later date, but it's not going to resolve the attack right this second. It really becomes a question of negligence. Did SE have warning that they were particularly vulnerable to a DDOS and if they were, did they do something. We have no indication as of yet that they were negligent, so I'm trying not to jump to conclusions.