I have received *several* emails since news of the GoDaddy attack yesterday from vendors trying to use fear to sell products or services. One of the biggest tools that they have used is claiming that a ‘hacker’ hacked GoDaddy and took the site down. The story that I have seen in each of these stories was that an ‘evil hacker’ broke into GoDaddy’s servers and ‘did bad things’. Immediately following is typically some product or service that the vendor has that can protect potential victims from the same fate. Every one of these email warnings that I have seen to date has been snake oil, nothing more. It’s important to understand what most likely happened and learn a lesson from that.
What we know so far is:
- Yesterday, at approximately 2:30PM EST, the GoDaddy network (apparently including DNS, web hosting and email hosting) was subjected to a DDoS (distributed denial of service) style attack that took the affected services offline.
- Per GoDaddy, no sensitive information was disclosed, meaning that there likely *was not* a breach but simply an attack against the network.
- The network began returning to life at approximately 6:45PM EST.
What we can guess:
- The attack was likely made possible through the use of thousands of virus infected workstations participating in one or several botnets.
- The ‘hactivist’ group Anonymous has claimed responsibility for the attack but, to my knowledge, this has not been confirmed.
- Additional details are available on several news sites like ZD Net, C|Net, The Register and others.
GoDaddy has posted a notice that they will be providing additional details on the outage within 24 hours (likely, after an extensive internal post-mortem) that should clear the air. I don’t suspect anything earth shattering (likely, something like ‘we got hit with a DDoS and were able to recover, we apologize for the inconvenience’) but will post again if that’s not the case. I just wanted to make sure that we had done all that we could to keep you in the loop on what was going on so that you didn’t fall for any of the inevitable spear-phishing attacks that will no doubt result from this.
Nathan J. Underwood Cyber Tech Cafe, LLC