Yesterday was a terrible day, late afternoon in Europe Time, I noted that my blog Security Affairs, was down. I received several messages from my readers but when I tried to investigate on the reasons I discovered, with a great surprise, that the entire GoDaddy Platform was down.
The popular web host supports more than 52 million domain names and according to a recent profile on Datacenterknowledge.com, has more than 23 petabytes of data in its Scottsdale, Ariz.-based storage centers.
First though of course was directed to a cyber attacks, to the famous group Anonymous that in the past condemned Go Daddy's Position on Stop Online Piracy Act (SOPA).
Of course the source utilized to retrieve information on the events was Twitter, the platform was used by the company to inform clients on the incident and on the on-going investigations.
The situation appeared immediately critical, the hours flowed but the problem was persisting, milions of web sites hosted by Go Daddy were down.
Meanwhile I was following the events I noted that the a group of hackers named "Anonymous Own3r" claimed credit for the outage via its Twitter account.
The company's Twitter account posted this update:
"Update: Still working on it, but we're making progress. Some service has already been restored. Stick with us."
Go Daddy Support site also published the following message
"We are aware of an issue affecting several services, including email, our website and some customer websites. We understand your frustration. We want you to know that our team is investigating the source of the issue and is working to resolve it as quickly as possible."
The Go Daddy site itself was accessible around 1:00am today for Security Affairs meanwhile the mail services was up later.
The situation appeared confused also on the Anonymous side. Several messages were published by groups linked to the collective and not all have expressed appreciation for the attack.
I read the following tweets from Anonymous
BREAKING NEWS: Anonymous Security Council has voted off @AnonymousOwn3r, who has been expelled. Turned out he couldn't spell "cheese".
A tweet from the @AnonOpsLegion account: "#TangoDown -- http://www.godaddy.com/ | by@AnonymousOwn3r" was the initial public promotion of the outage, leading some to believe that the Anonymous online activist collective was behind the disruption.
Immediatelly the reply of AnonymousOwn3r account that clarified sending various messages that the attack was an isolated initiative
"it's not Anonymous coletive the attack is coming just from me."
Regarding the hack the AnonymousOwn3r declared:
"yes! it's not so complex. [bring down DNS servers]"
"when i do some DDOS attack i like to let it down by many days , the attack for unlimited time, it can last one hour or one month."
"I'm taking godaddy down bacause well i'd like to test how the cyber security is safe and for more reasons that i can not talk now."
How the hacker attacked GoDaddy?
The HackerNews web site reported an interview with Own3r hacker who said:
"I am using thousand of Hacked server as bots to perform the attack. Sending dos attack commands using IRC to all of them together. I just upload IRC connect on each server to control my every slave by commands"
The famous web site also published the link to the script used to perform the attack available on PasteBin, "Its really easy to use, hack randomly hundreds of Servers online and upload your Script. Now just via IRC you can control your slaves to perform a huge DDOS attack."
Events like this, mainly concerned with the extent of the disruption caused, and what scares me most is the superficiality with which security experts assess the threat of DDoS attacks.
Anonymous is wrongly often considered unable to make with its attacks serious injuries ... to my way of seeing things, millions of websites down at the same time represent a serious problem, what do you think about?
UPDATE September 11th, 2012 - Go Daddy denies hacker attack
GoDaddy company has announced on Tuesday morning that the incident was not caused by an external attack as claimed by an Anonymous hacker but by an internal network error that caused the fault.
GoDaddy Interim CEO Scott Wagner wrote in an e-mail.
"It was not a 'hack' and it was not a denial of service attack (DDoS),"
"We have determined the service outage was due to a series of internal network events that corrupted router data tables."
Customer data was never at risk of being exposed during the outage, which prevented people from accessing many or all of the websites that rely on GoDaddy.