Tuesday, 11 September 2012

Anonymous Hacker Takes Down Go Daddy

It's for teh lulz. It's for security tests. It's for no real reason, other than the fact that he could. Anonymous is starting to distance itself from the attack, which took down all the Go Daddy sites when it knocked out the DNS server.

The website hosting and domain registration company Go Daddy has experienced outages that knocked out the websites it was hosting when a hacker used a sql Ldap injection to overcome the DNS servers and shut them down. They tried to play down any sense of emergency but many of the people I know were affected by it and were complaining about it on Google Plus. For business owners who rely on SEO and ecommerce, it was devastating.

Why did this happen?

The DNS -- from technical, policy, and just about every other angle you can name, has become a rickety, obsolete train wreck.

  Adding on masses of new TLDs, DNSSEC, and all the rest, is like piling more floors onto a high-rise version of the Munster Mansion built on a foundation that makes the Leaning Tower of Pisa look well-sited by comparision.  It's time to thank DNS for its hard work, and prepare it to join the other residents of punched-card and magnetic tape heaven. Whether the replacement is a distributed IDONS-type system or something else, the writing has long been on the wall.  Now the walls are caving in. - Lauren Weinstein

Lauren has had a plan to replace DNS with IDONS for a while now. He needs a million dollars to get it off the ground, if anyone can help him out. He reckons that DNS itself is the problem and we need a new system. He knows more than I do about this kind of thing and I defer to his wisdom. The point is, if DNS is a vulnerability in and of itself, we need to replace it with something more robust.

The hacker

The decentralised nature of Anonymous means that I could post anonymously, carry out a hack, and blame Anonymous for it. Bear in mind that I'm not a programmer and am a conservative, law-abiding citizen with a moral streak a mile wide. The point is, this barely coherent chap who may or may not be Portuguese/Brazilian, has claimed to be the security leader. @AnonOpsLegion, an account linked to the Anonymous collective, praised him while @YourAnonNews has tweeted: "Please redirect your godaddy hate to @AnonymousOwn3r says is the 'leader' of Anonymous." Is he an agent provocateur trying to make Anonymous look bad?

The consequences

Being seen as unsafe or unstable can affect your popularity as a host. People who want their businesses to succeed won't stay with a host that lets them down. I've ditched hosts for being unreliable and Go Daddy may lose business because people are afraid of being caught up in the crossfire. Mashable's may have made herself unpopular for praising "the epicness of the hack." She's already been called out for it. She seems to have made the effort to find out more from the horse's mouth. Anonymous Own3r hasn't been terribly cooperative, though.

Wired reports:

Following a day-long Domain Name Service server outage, web hosting provider GoDaddy is letting its competitor, VeriSign, host its DNS servers.

That's got to hurt on a professional level, but it's good business practice to put customers ahead of your pride. Neither VeriSign nor Go Daddy are answering questions but it seems that the servers are under attack and that it's not a glitch.  Asian servers appear to have continued working normally.

Whether or not the hacker's motives are self-serving or for a "higher purpose" is unknown, but he's caused a lot of trouble for people who host with Go Daddy and the consequences will continue for weeks to come.

No comments:

Post a Comment