Isn't that something you could investigate and prove? Look up 1000 randomly-generated domains from different IPs, check later if any of them are registered, done.
I suspect they would only register names that look somewhat "good". There are plenty of automated ways to valuate domain names -- then just pick the unregistered ones that exceed some value.
You could run a list of available domain names from a domain name suggestion service as lookups using an automated system. You'd want a botnet to avoid getting your IP blocked.
Wasn't the problem that the registrars could retain the domain names without having to pay for a few days? I thought that ICANN had addressed it but am pretty hazy on that point.
Make a LOIC-like program that queries, say, 100 domains per minute. Brute-force up to 20 char dns names. Let godaddy purchase a few million before they find out what's going on.
One could lower the queries per minute to make it not look so brute-force-y.