GoDaddy Outage: Anonymous Attack Or IT Failure?

If hacktivists weren't behind the six-hour outage, as GoDaddy's CEO contends, they may still have taken advantage of the situation.

Mathew J. Schwartz, Contributor

September 12, 2012

3 Min Read
Dark Reading logo in a gray background | Dark Reading

What's worse for a website hosting company: getting taken down by hackers, or failing to properly configure your network, sparking downtime and lost revenue for customers?

The CEO of website hosting service Go Daddy has said that the company's six-hour outage Monday had nothing to do with a hacktivist, despite a hacker having claimed credit for launching a distributed denial-of-service attack (DDoS) that scuttled the Go Daddy network.

"The service outage was not caused by external influences. It was not a 'hack' and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables," said Go Daddy CEO Scott Wagner, in a statement. "At no time was any customer data at risk or were any of our systems compromised."

Wagner apologized to Go Daddy's customers for providing less than "99.999% uptime in our DNS infrastructure," and said the company was working to prevent a recurrence. "Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again."

[ Your employees are a critical element in securing your systems. Learn Why Security Policies Fail, How To Make Them Work. ]

In the wake of the outage, the CEO of one Go Daddy customer, RunningShoes.com, told United Press International that the downtime had been "devastating" for his company, resulting in up to $50,000 in lost sales. He said he was weighing moving his company's 10 retail websites to another hosting provider.

"As this GoDaddy outage reveals, misconfigured network devices and improper changes can be just as dangerous to the stability of our networks as the latest attacks," said Sam Erdheim, director of network security strategy for network security management company AlgoSec, in an emailed statement. "Organizations should take a step back to ensure its processes are in order and its devices are securely configured to avoid these situations in the future."

The GoDaddy hacking denial sees the credibility of Anonymous--which rarely takes credit for attacks it doesn't commit--stretched thin, especially after its AntiSec arm claimed that it had stolen one million Apple UDIDs from the laptop of an FBI agent. But that breach was in fact later traced to a Florida-based app publisher called BlueToad, and had nothing to do with the bureau.

In the wake of Wagner's statement, however, the hacktivist collective Anonymous has distanced itself from claims that one of its number had launched a DDoS attack against Go Daddy. In a statement Tuesday, released via Pastebin--and distributed via the AnonOpsLegion Twitter account--the group admitted that it was unclear whether Go Daddy had been taken down by one of its number or not, although it attempted to spin the outage anyway. "Many of us have concluded that Go Daddy was taken down because of its support for SOPA, the 'Stop Online Piracy Act,'" it said, and called on "the ninety nine percent to boycott Go Daddy and remove (sic) there (sic) hosting to another domain name servers (sic)."

But in a Tuesday Twitter post, Anonymous Own3r, the self-described "security leader of Anonymous," claimed to have broken into a Go Daddy website database and obtained source code, which he claimed to have shared via file-sharing networks. In a Pastebin post, Anonymous Own3r said he'd found 53 SQL injection flaws on the Go Daddy website, which he'd been able to use to gain access to the site, apparently following the network outage.

Those claims couldn't be verified, as a link to the stolen data--hosted at the ISA filehost website--returned an error message, saying the uploaded file had been deleted. Anonymous Own3r also released an image--although it could easily have been a doctored screenshot--purporting to show the "About Go Daddy" Web page having been defaced with the words "Hacked by Own3r." Notably, however, the hacker didn't claim that he'd accessed production systems, or attempted to launch a DDoS attack against the Go Daddy network.

About the Author

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights