September 18, 2012 - 1 Comment
Last Monday, the world’s largest domain registrar in the world, GoDaddy, was stopped in its tracks. Although GoDaddy later claimed accountability for the six-hour service outage, citing “a series of internal network events that corrupted route data tables,” a self-proclaimed member of the hacktivist group Anonymous also took responsibility on Twitter.
The Twitter user @AnonymousOwn3r explained the motive behind his “attack:” “I’m taking godaddy down because, well, I’d like to test how the cybersecurity is safe and for more reasons that I can not talk now (sic).”
This claim coupled with GoDaddy’s delayed explanation of the internal error, caused confusion and speculation over whether this was a hack. The incident resembled a DDoS attack, as all GoDaddy-hosted websites were down. But a typical DDoS attack wouldn’t have compromised non-hosted DNS (Domain Name System) servers.
Even though signs point to in-house technical difficulties in this instance, this lack of clarity affect the reputation of the DNS provider, and the outage, regardless of the source, impacted the productivity of thousands of enterprises that rely on uninterrupted service.
This attack is yet another reminder that we have entered a new phase in protecting our networks. Hacks today are often much more subtle in the past, and it is increasingly difficult for security teams to know quickly that when a disruption occurs whether it’s due to internal network issues or an intrusion.
It also points to the need for security teams to ensure multiple layers of protection are in place at each node in the network, as well as have in place a methodology for studying intrusions. This protection and information will help security teams eliminate certain causes for outages immediately and enable them to focus attention on likely causes, whether network- or intrusion-related.
GoDaddy did not suffer a breach, but the scare is a strong reminder that security teams must continuously review and uplevel their security architectures, processes for identifying sources of network disruptions and have in place strategies to communicate with customers, partners, investors and other key stakeholders.
We’re eager to hear your tips and best practice suggestions.
The Author:
Darin Andersen is the Vice President & General Manager for Norman North America and has more than 20 years of experience in software and security sales management.
Security Exposed Bloggers
Norman Blog Archive
If it wasn’t an external intrusion, I believe Godaddy should have been able to foresee this issue as a possibilty and built safeguards and a clear strategic action plan ahead of time. The internet is not THAT new.
Surely, somewhere in the short history of the Internet, something similar had to have happened to some other organization, albeit on a likey much smaller scale. This certainly should have been known ahead of time, at least as a possibility.
I’m finding it hard to completely accept the company line. I think it’s just as likely that they were hacked and they beleive that perception would cause more damage to their reputation. Because if it’s a natural tech failure, it’s something they can “learn” from and take steps to make sure it never happens again.
But sophisticated hacks are getting more challenging to defend. Hackers are evolving. Much spookier challenge to customers and investors.