GoDaddy Outage: Anonymous Attack or Maintenance Goof?
Despite claims from a self-proclaimed member of the hacker collective Anonymous, an outage of the domain name registrar GoDaddy could have been the result of maintenance oversights. Such a mishap "could happen to anyone and is normally more often the negative end result of cost cutting and overtaxing human resources than it is the skill of the engineers," said Frank Artes of NSS Labs.
09/11/12 11:48 AM PT
Web hosting company and self-proclaimed world's largest domain registrar GoDaddy suffered a major outage on Monday, taking down what's believed to have been millions of websites.
A hacker with the handle of AnonymousOwn3r claimed responsibility in a Twitter feed.
GoDaddy tweeted during the outage that it was aware of the "trouble" it was having and that it was working on the issue.
At one point, it moved its domain name service (DNS) to Verisign, one of its competitors, Wired reported.
Some of its DNS servers were reportedly up again at 4 pm ET, and GoDaddy tweeted that it was still working on ongoing issues.
Could Be Avoided
If that's what happened, it represents a major security oversight.
"It all comes down to how they are building and maintaining route tables, but realistically an enterprise-class network should be fortified against such issues," Frank Artes, a research director at NSS Labs, told TechNewsWorld.
"Any time a network suffers a cascading failure that doesn't have a stop-gap, it is indicative of misconfiguration and [inadequate] administration practices," Artes said. Further, "change control should have caught any new configuration whether it be new hardware installs, new routes established, or even the changing of ... protocol configurations."
On the other hand, such a mishap "could happen to anyone and is normally more often the negative end result of cost cutting and overtaxing human resources than it is the skill of the engineers," Artes stated.
"Viruses eating the silicon chips is not possible, but other than that, most anything that can be done with data, including data corruption, is possible," Randy Abrams, also a research director at NSS Labs, told TechNewsWorld.
DDoS Attacks, Anyone?
GoDaddy took pains to point out that its system outage wasn't caused by a hack or a distributed denial of service (DDoS) attack.
However, corruption of routing tables "is more the means of a denial of service attack," NSS Labs' Artes pointed out. It's not likely to be the work of hackers because "by the very nature of the corruption, you would stand the great risk, and very high probability, of severing your own command-and-control channels used to harvest information ... from internal servers."
Further, it may be relatively easy to orchestrate a DDoS attack against small businesses, "but attacking GoDaddy isn't quite as simple," Pierluigi Stella, CTO, Network Box USA, told TechNewsWorld.
"The amount of bandwidth and the number of servers [GoDaddy] runs is so vast that it literally requires millions of computers to orchestrate such a focused and targeted attack," Stella continued. "That would mean a very large botnet, certainly not something simply anyone can organize."
Who You Gonna Believe?
The scale of the attack required is one of the issues that casts doubts on AnonymousOwn3r's claim.
Another is the fact that Anonymous has remained cool to news of the attack. Another of the hacker collective's Twitter accounts, often used to post news of its attacks, AnonymousIRC, has carried nothing about the GoDaddy outage.
Both Network Box's Stella and NSS Labs' Artes cited Anonymous' claims about stealing Apple device IDs from FBI special agent Christopher Stangl's laptop, which have been proven untrue, as a reason for doubting AnonymousOwn3r's announcement.
"Between GoDaddy's sexist advertising campaigns and former support for SOPA legislation, a significant portion of the global population would take great delight in claiming to cause them problems," NSS Labs' Abrams said.