Published September 11, 2012
An outage to popular Internet registrar GoDaddy.com that took thousands of websites offline for several hours Monday was the result of internal network events, not a malicious hacker, the company said on Tuesday.
But is the company's account of the network failure correct?
Following such an event, companies turn to a branch of computer science to determine what exactly happened. Ira Victor, a security expert with Data Clone Labs in Nevada trained in digital forensic incident response (DFIR), said we may never know for sure.
“It could be a network failure, it could be that it was one of these anonymous groups … or it could be something else altogether," Victor told FoxNews.com.
"The nature of many of these attacks is that they go low and slow and are very hard to detect."
In a carefully worded statement released Tuesday morning, interim CEO Scott Wagner said the incident -- which lasted from shortly after 10 a.m. PDT to 4 p.m. PDT -- was due to a corruption of network router tables.
“We have determined the service outage was due to a series of internal network events that corrupted router data tables,” Wagner said in a company statement. “Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.”
“We take our business and our customers' businesses very seriously. We apologize to our customers for these events and thank them for their patience,” Wagner added.
Victor said the precise wording in the statement left a surprising amount of wiggle room; it wasn't the language a computer forensics expert would use. For example, Wagner said the "outage was not caused by external influences."
“I have never heard of a response where you’re supposed to determine the 'external influences,'” Victor told FoxNews.com. “Those words don’t have any meaning in the [digital forensics] field that I know of.”
The "external influence" Wagner referred to is likely the anonymous Twitter user “Anonymous Own3r,” who claimed credit for the Monday attack, explaining in broken English filled with typos his justification for the attack.
"I'm taking godaddy down bacause well i'd like to test how the cyber security is safe and for more reasons that i can not talk now."
GoDaddy's version of the events makes more sense, Anup Ghosh, chief scientist with security company Invincea, told FoxNews.com. Despite the resemblance to a so-called DDoS attack, the incident was never clearly a cyberattack save for the Twitter claims.
Victor said another GoDaddy's wording left open room for another scenario: Someone inside the company, a rogue actor working for goDaddy, who somehow corrupted the router data tables.
“That wouldn't be an external incident, that wouldn't be a hacker, and that wouldn't be a distributed denial of service attack," he noted.
"The public may never know what really happened," Victor said.
GoDaddy's first responses to the incident on Monday offered no explanations.
“We're aware of the trouble people are having with our site. We're working on it,” GoDaddy explained in a simple Tweet Monday afternoon. Within two hours, the company claimed to be making progress.
The event was the second major incident in the past two weeks that anonymous hackers have claimed credit for -- claims that have been refuted by authorities or involved parties.
Last week unnamed hackers published a list of 1 million Apple iPad device IDs, claiming to have stolen the file from an FBI computer. Yesterday Paul DeHart, CEO of Blue Toad publishing company, revealed that software technicians within his company had confirmed the real source of the data: Blue Toad’s computers.