Social Engineering Causes “Incursion at GoDaddy”

7

According to a report published earlier today on Krebs on Security, a popular and well-sourced cybersecurity blog, there was an “incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters.” This social engineering targeted the Liquid.com domain name owned and used by a cryptocurrency company called Liquid. Other cryptocurrency platforms may have also been targeted, according to Krebs.

Prior to reading this report, I read a blog article published by Liquid CEO Mike Kayamori on the Liquid corporate blog discussing a “security incident” involving the company’s domain name. In the blog article, Kayamori reported the following involving GoDaddy:

“On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

I had reached out to a representative from GoDaddy after reading the article yesterday, but I have not heard back. This is understandable given the fact that my email was sent late on a Friday evening. A company representative did provide a comment in the Krebs on Security article.

While this issue appears to have been limited to a number of cryptocurrency platforms, one has to wonder if other domain names could be at risk. Could the people behind this social engineering have targeted high value domain names and either transferred them to a different registrar or moved them to a different account for a period of time and then transferred them out at a later date. Alternatively, could nameservers or forwarding have been changed without the registrant knowing?

I use – and strongly recommend that others use 2 factor authentication on their domain registrar accounts. GoDaddy uses various forms of 2 factor authentication, including Yubikeys. GoDaddy also offers a service called DTVS that requires the registrant to confirm outbound transfers and account changes over the telephone with their GoDaddy account representative. I would be interested in knowing if these added security measures could still be bypassed.

Put simply, it would be very good to get some reassurance from GoDaddy that client accounts and domain names remain secure.

7 COMMENTS

  1. My Godaddy account was recently labeled as “compromised” as well and I was locked out of my account. This was well after Nov 13th.

  2. Last week out of the blue, I received a text message from Godaddy, giving me my 2-step verification code I “requested”. I received a second request 5 minutes later. Someone had entered my username and password correctly, triggering that 2-step security measure. I quickly changed login credentials, and saw that ip addresses from “Accra, Greater Accra Region, Ghana” and “Thrissur, Kerala, India” had entered in my password and attempted to access my account. Had I not had 2-step security, I’m sure my domains would have been taken. How they got my login info, I have no idea?

  3. Last week I have some problems with GoDaddy and I even ask a question at Namepros if is only me or more accounts are affected, happily everything looks good now.

  4. Thomas Edison was friends with Henry Ford, since Edison did not believe there would ever be a system of asphalt highways. The only way Edison could visit Ford was by railroad. Then they would ride in Ford’s car to a lake to go camping and shooting. Edison didn’t consider Ford a technological competitor because Edison was convinced cars were not a long distance option.

    Edison’s facility was Menlo Park, New Jersey. Edison chose not to provide New Jersey with lights and transportation so his best engineers would be stuck in Jersey. Nik Tesla lived and worked at Edison’s Menlo Park, NJ facility. All of Tesla’s electrical inventions at Edison’s lab were claimed and Patented by Edison.
    Thomas Edison’s 19 year old wife died at home in Menlo Park of morphine addiction while Edison was in the other room inventing the phonograph record and writing patent applications.

    Edison spent most of his time sending Patent Agents to Washington by train, to file patents in Edison’s name. Inventions he never intended to distribute or license, but to prevent DC (Direct Current) from ever being massed produced in US neighborhoods.

    Westinghouse was deploying electrical grids and transformers based on AC (Alternating Current) which forced Edison to create General Electric, but GE’s investors (Carnegie & JP Morgan) soon fired Edison since Edison had nowhere the ambition to compete with Westinghouse.

    By the 1990’s Westinghouse had to buy CBS to pay all of it’s pollution and factory employee health lawsuits resulting from 70 years of building out the US electrical grid. Then CBS banked everything on Charlie Sheen (Two And A Half Men).

  5. Today the security system must be 20 times higher, security has been greatly neglected.
    It’s just a question how many of Godaddy’s 20 million Customer Accounts have multiple access profiles to one or more different accounts that the registrar doesn’t know about?

    Currently you can generate emails, user names, passwords, etc. freely on many websites, technological innovations for the good retouch them for the bad, it is like this today and every day for the worse

  6. Assume “security” is VR and be vigilant.
    Sounds more like an issue with Liquid than Godaddy.
    Maybe ACTIVE sites could be auto flagged for a higher level of verification.
    Maybe high value domains could be auto flagged in the same manner.

    Enjoy the holidays all,
    Cheers

Leave a Reply