Forgot your password?
typodupeerror
Security Programming

Code Spaces Hosting Shutting Down After Attacker Deletes All Data 387

Posted by Unknown Lamer
from the hackers-without-manners dept.
An anonymous reader writes Code Spaces [a code hosting service] has been under DDOS attacks since the beginning of the week, but a few hours ago, the attacker managed to delete all their hosted customer data and most of the backups. They have announced that they are shutting down business. From the announcement: An unauthorized person who at this point who is still unknown (All we can say is that we have no reason to think its anyone who is or was employed with Code Spaces) had gained access to our Amazon EC2 control panel and had left a number of messages for us to contact them using a Hotmail address. Reaching out to the address started a chain of events that revolved around the person trying to extort a large fee in order to resolve the DDOS.

At this point we took action to take control back of our panel by changing passwords, however the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel.
This discussion has been archived. No new comments can be posted.

Code Spaces Hosting Shutting Down After Attacker Deletes All Data

Comments Filter:
  • by Penguinisto (415985) on Wednesday June 18, 2014 @12:01PM (#47263497) Journal

    Who do you "call" with most cloud vendors? After all, sounds like whoever was doing the DDOS to extort Code Spaces could have also "called" Amazon to do any number of things, as whoever it was had the passwords, other accounts, etc..

    I've actually worked with them once - sure someone could impersonate them, but you could just as easily call up, explain the situation, and then prove you're the rightful owner of the account (using info that most script kiddies aren't going to think of gathering in the first place, let alone spoof the original contact phone #.)

    To their credit, Amazon is actually fairly intelligent and responsive, even to small accounts.

    BTW - if you use/handle it right, each instance comes pre-made with a specific SSH auth keyset for root, and you're the only one with the private key (even Amazon doesn't have it) - store/use that as your proof by logging into an instance with one (it's something the script kiddie definitely won't have).

  • Re:The cloud (Score:5, Informative)

    by Kagato (116051) on Wednesday June 18, 2014 @12:12PM (#47263595)

    AWS has one of the best security systems out there. IF you decide to enable the features. The production AWS configs I've used have mandated multi factor auth (using the number generator on the phone) as well as network source network restrictions. You can also setup a large number of ACLs to restrict things like the ability to create additional accounts.

    It's hard for me to feel bad for these guys.

  • Re:The cloud (Score:5, Informative)

    by Anonymous Coward on Wednesday June 18, 2014 @12:20PM (#47263683)
    With Amazon's service you can contact them and have all access blocked until there is time to sort things out, and authenticate the real admin with billing information or the root SSH key you're given, etc.

If I have not seen so far it is because I stood in giant's footsteps.

Working...