The story hasn’t fully been written about the GoDaddy outage that took down hundreds of thousands of websites — mostly in the personal and small business category — on Sept. 10.
The Anonymous hacker collective — or a member of it — claimed credit for the event. Many sources, including NBC, reported that a Tweet from Anonymous Own3r claimed credit.
However, today GoDaddy said that the problem was internal:
The service outage was not caused by external influences. It was not a “hack” and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.
Over at Huffington Post, Dan Johnson, the founder of People Against the NDAA (the National Defense Authorization Act) tied what he then assumed was a hack or DDoS attack to the positions GoDaddy has taken on the Stop Online Piracy Act (SOPA).
While questions have arisen since he wrote the piece on whether hackers actually were involved, the point still resonates: Corporations that offend the wrong people or group are more vulnerable than ever in the cyber age. It’s not that they should shy away from publicly taking a stand, of course; it’s that they should be aware that those objecting don’t necessarily play by the rules.
Terrorists often opportunistically claim credit for incidents with which they are not involved, so Anonymous Own3r may have been grandstanding. Other sites have noted that Anonymous itself isn’t taking credit. Likewise, if I were running GoDaddy, I’d like to explain such a meltdown as a unique event that is unlikely to be repeated and can be guarded against with a set technology fix.
That’s not great, but better than being victimized by a malevolent force that would seek alternate avenues to disrupt services once the particular vector used in one attack is closed. Put more simply, it is unclear which side is telling the truth. If I had to guess, I would say that GoDaddy likely is being straight. In any case, the outage is a big deal. If it were a cascading failure, GoDaddy has to revamp its processes to ensure that nothing like it happens again. If it really was a DDoS attack, GoDaddy must revamp its processes appropriately.