GoDaddy Outage: Anonymous Attack or Maintenance Goof?

Web hosting company and self-proclaimed world’s largest domain registrar GoDaddy suffered a major outage on Monday, taking down what’s believed to have been millions of websites.

A hacker with the handle of AnonymousOwn3r claimed responsibility in a Twitter feed.

The hacker is apparently not connected with Anonymous, one of whose Twitter feeds,@YourAnonNews, urged readers to look to AnonymousOwn3r as the culprit.

GoDaddy tweetedduring the outage that it was aware of the “trouble” it was having and that it was working on the issue.

At one point, it moved its domain name service (DNS) to Verisign, one of its competitors, Wired reported.

Some of its DNS servers were reportedly up again at 4 pm ET, and GoDaddy tweeted that it was still working on ongoing issues.

On Tuesday, GoDaddy announced that its investigation into the outage had been completed, and that it was caused by a series of internal network events that corrupted its router data tables.

Could Be Avoided

If that’s what happened, it represents a major security oversight.

“It all comes down to how they are building and maintaining route tables, but realistically an enterprise-class network should be fortified against such issues,” Frank Artes, a research director atNSS Labs, told TechNewsWorld.

“Any time a network suffers a cascading failure that doesn’t have a stop-gap, it is indicative of misconfiguration and [inadequate] administration practices,” Artes said. Further, “change control should have caught any new configuration whether it be new hardware installs, new routes established, or even the changing of … protocol configurations.”

On the other hand, such a mishap “could happen to anyone and is normally more often the negative end result of cost cutting and overtaxing human resources than it is the skill of the engineers,” Artes stated.

“Viruses eating the silicon chips is not possible, but other than that, most anything that can be done with data, including data corruption, is possible,” Randy Abrams, also a research director at NSS Labs, told TechNewsWorld.

DDoS Attacks, Anyone?

GoDaddy took pains to point out that its system outage wasn’t caused by a hack or a distributed denial of service (DDoS) attack.

However, corruption of routing tables “is more the means of a denial of service attack,” NSS Labs’ Artes pointed out. It’s not likely to be the work of hackers because “by the very nature of the corruption, you would stand the great risk, and very high probability, of severing your own command-and-control channels used to harvest information … from internal servers.”

Further, it may be relatively easy to orchestrate a DDoS attack against small businesses, “but attacking GoDaddy isn’t quite as simple,” Pierluigi Stella, CTO, Network Box USA, told TechNewsWorld.

“The amount of bandwidth and the number of servers [GoDaddy] runs is so vast that it literally requires millions of computers to orchestrate such a focused and targeted attack,” Stella continued. “That would mean a very large botnet, certainly not something simply anyone can organize.”

Who You Gonna Believe?

The scale of the attack required is one of the issues that casts doubts on AnonymousOwn3r’s claim.

Another is the fact that Anonymous has remained cool to news of the attack. Another of the hacker collective’s Twitter accounts, often used to post news of its attacks, AnonymousIRC, has carried nothing about the GoDaddy outage.

Both Network Box’s Stella and NSS Labs’ Artes cited Anonymous’ claims about stealing Apple device IDs from FBI special agent Christopher Stangl’s laptop, which have been proven untrue, as a reason for doubting AnonymousOwn3r’s announcement.

“Between GoDaddy’s sexist advertising campaigns and former support for SOPA legislation, a significant portion of the global population would take great delight in claiming to cause them problems,” NSS Labs’ Abrams said.

1 Comment

  • Yup. This from a group that accused me of simultaneously changing the DNS on 30 domains in my account and another 50 in another, of which I lost all 30 and they all 50 clients when those 80 address lost the connection to our servers (Oct 30th, 2010). The change time stamps on their end were all within 1 second of each other. There was no way on the planet that it could have been done by a human(s) as it was insisted it was and that it was all my fault. My accounts have been wiped and mysteriously reappeared with all the registration info changed, leaving me with hours of changing it back. ICANN was not happy about that. So . . . basically this "excuse" of theirs has no validity with me. It’s just another GD "F" Up that they will try to pass off on anyone but themselves.

    From my history with GD, it was internal, another "maintenance goof". With many more to look forward to. Stayed tuned.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Cybersecurity

Technewsworld Channels