Hacker-Powered Security for Startups » Get the Free E-Book from HackerOne!
Welcome Guest | Sign In
salesforce commerce cloud

GoDaddy Outage: Anonymous Attack or Maintenance Goof?

By Richard Adhikari
Sep 11, 2012 11:48 AM PT

Web hosting company and self-proclaimed world's largest domain registrar GoDaddy suffered a major outage on Monday, taking down what's believed to have been millions of websites.

GoDaddy Outage: Anonymous Attack or Maintenance Goof?

A hacker with the handle of AnonymousOwn3r claimed responsibility in a Twitter feed.

The hacker is apparently not connected with Anonymous, one of whose Twitter feeds, @YourAnonNews, urged readers to look to AnonymousOwn3r as the culprit.

GoDaddy tweeted during the outage that it was aware of the "trouble" it was having and that it was working on the issue.

At one point, it moved its domain name service (DNS) to Verisign, one of its competitors, Wired reported.

Some of its DNS servers were reportedly up again at 4 pm ET, and GoDaddy tweeted that it was still working on ongoing issues.

On Tuesday, GoDaddy announced that its investigation into the outage had been completed, and that it was caused by a series of internal network events that corrupted its router data tables.

Could Be Avoided

If that's what happened, it represents a major security oversight.

"It all comes down to how they are building and maintaining route tables, but realistically an enterprise-class network should be fortified against such issues," Frank Artes, a research director at NSS Labs, told TechNewsWorld.

"Any time a network suffers a cascading failure that doesn't have a stop-gap, it is indicative of misconfiguration and [inadequate] administration practices," Artes said. Further, "change control should have caught any new configuration whether it be new hardware installs, new routes established, or even the changing of ... protocol configurations."

On the other hand, such a mishap "could happen to anyone and is normally more often the negative end result of cost cutting and overtaxing human resources than it is the skill of the engineers," Artes stated.

"Viruses eating the silicon chips is not possible, but other than that, most anything that can be done with data, including data corruption, is possible," Randy Abrams, also a research director at NSS Labs, told TechNewsWorld.

DDoS Attacks, Anyone?

GoDaddy took pains to point out that its system outage wasn't caused by a hack or a distributed denial of service (DDoS) attack.

However, corruption of routing tables "is more the means of a denial of service attack," NSS Labs' Artes pointed out. It's not likely to be the work of hackers because "by the very nature of the corruption, you would stand the great risk, and very high probability, of severing your own command-and-control channels used to harvest information ... from internal servers."

Further, it may be relatively easy to orchestrate a DDoS attack against small businesses, "but attacking GoDaddy isn't quite as simple," Pierluigi Stella, CTO, Network Box USA, told TechNewsWorld.

"The amount of bandwidth and the number of servers [GoDaddy] runs is so vast that it literally requires millions of computers to orchestrate such a focused and targeted attack," Stella continued. "That would mean a very large botnet, certainly not something simply anyone can organize."

Who You Gonna Believe?

The scale of the attack required is one of the issues that casts doubts on AnonymousOwn3r's claim.

Another is the fact that Anonymous has remained cool to news of the attack. Another of the hacker collective's Twitter accounts, often used to post news of its attacks, AnonymousIRC, has carried nothing about the GoDaddy outage.

Both Network Box's Stella and NSS Labs' Artes cited Anonymous' claims about stealing Apple device IDs from FBI special agent Christopher Stangl's laptop, which have been proven untrue, as a reason for doubting AnonymousOwn3r's announcement.

"Between GoDaddy's sexist advertising campaigns and former support for SOPA legislation, a significant portion of the global population would take great delight in claiming to cause them problems," NSS Labs' Abrams said.

Facebook Twitter LinkedIn Google+ RSS
salesforce commerce cloud
How do you feel about Black Friday/Cyber Monday this year?
I'm excited to find great deals and plan to do some serious shopping on BFCM.
I'll watch for BFCM sales, but I intend to drastically curb my spending this year.
BFCM has become a season -- I no longer feel driven to look for bargains on those specific days.
I plan to have most of my holiday shopping done *before* BFCM.
I detest the holiday sales hype and will avoid shopping on BFCM.
salesforce commerce cloud
salesforce commerce cloud