Forgot your password?
typodupeerror
Security Programming

Code Spaces Hosting Shutting Down After Attacker Deletes All Data 387

Posted by Unknown Lamer
from the hackers-without-manners dept.
An anonymous reader writes Code Spaces [a code hosting service] has been under DDOS attacks since the beginning of the week, but a few hours ago, the attacker managed to delete all their hosted customer data and most of the backups. They have announced that they are shutting down business. From the announcement: An unauthorized person who at this point who is still unknown (All we can say is that we have no reason to think its anyone who is or was employed with Code Spaces) had gained access to our Amazon EC2 control panel and had left a number of messages for us to contact them using a Hotmail address. Reaching out to the address started a chain of events that revolved around the person trying to extort a large fee in order to resolve the DDOS.

At this point we took action to take control back of our panel by changing passwords, however the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel.
This discussion has been archived. No new comments can be posted.

Code Spaces Hosting Shutting Down After Attacker Deletes All Data

Comments Filter:
  • The cloud (Score:5, Insightful)

    by Anonymous Coward on Wednesday June 18, 2014 @11:31AM (#47263163)

    Good thing people hosted their stuff on the cloud...

  • by QilessQi (2044624) on Wednesday June 18, 2014 @11:34AM (#47263199)

    ...doesn't seem to work so well.

  • by Lab Rat Jason (2495638) on Wednesday June 18, 2014 @11:35AM (#47263207)
    for air gapped backups.
  • by Russ1642 (1087959) on Wednesday June 18, 2014 @11:39AM (#47263241)

    If your backups are sitting right next to your active files they aren't backups. They're just copies sitting there.

  • Re:The cloud (Score:5, Insightful)

    by i kan reed (749298) on Wednesday June 18, 2014 @11:39AM (#47263243) Homepage Journal

    But that would have cost the company a little more money.

  • by gstoddart (321705) on Wednesday June 18, 2014 @11:40AM (#47263269) Homepage

    No, because it was all in Amazon. Who needs tape when you have the cloud, right?

    So the stuff they had backed up from Amazon to Amazon, was still controlled by the same logins (or the ones the hacker had created).

    So when he/she/they started deleting stuff, the backups also got deleted.

    Sounds like a brilliant strategy, and an epic demonstration of what can go wrong with the cloud.

    If you host your own stuff, you do your own backups. If you backup your cloud data to the cloud using the same stuff as the rest of it ... well, your backups are hardly secure, are they.

    So unless Amazon has offsite tape backups (which I highly doubt) ... they're pretty much screwed.

    I think this is about the same as backing up your hard drive to itself so you have a spare copy.

  • by Anonymous Coward on Wednesday June 18, 2014 @11:41AM (#47263281)

    The guys behind Code Spaces should be issued a citation for Operating While Pwned. If you know admin access is compromised, shut it down out-of-band.

  • by Thanshin (1188877) on Wednesday June 18, 2014 @11:45AM (#47263321)

    I must be a cynic but my first reaction is to think:

    1 - Create cloud based system.
    2 - Sell subscriptions for hundreds of $.
    3 - Announce hacker attack!
    4 - Profit.

  • by Anonymous Coward on Wednesday June 18, 2014 @11:45AM (#47263329)

    Well, sounds like they first attempted to fix it themselves using ther mad 1337 skills. Amazon cloud is run by adults, and they must have a large staff of top notch security experts. This might sound like monday morning quarterbacking, but if they really feared this threat, they should have called amazon so that not only could they put their instance on ice, they might have gotten some help in hunting down the creep.

  • by Edrick (590522) on Wednesday June 18, 2014 @11:46AM (#47263337)

    If you're a hosted site with important data and your site is compromised, the first & best move is to cut the cord immediately. Contact Amazon (or whomever is hosting the data) and get all access shut down instantly and immediately, thereby ending the attacker's ability to do anything further. This will cause an outage, but at least everything is safe.

    Working with Amazon, they can create a new account, give it a strong password, and begin cleaning up the mess with the new account (which the hacker will be unaware of). Now they can, at their own leisure, change passwords, administer accounts, delete crap created by the hacker, etc...Trying to outpace a professional hacker at their own game is a gamble that isn't worth it---especially if no offsite backups exist!!!

    Lastly, they should be forwarding all of the email/attacker info to Amazon, Microsoft (Hotmail), and to the authorities. Whether they can be caught or not is up in the air, but odds are almost certain that this attacker has hit other sites and would eventually have different cases correlated to each other.

    Safety & security of data is #1, fixing damage caused is #2, and accountability is #3. Securing the site against future attacks is part of #3---there's no reason to put the site up (or leave it up) and risk further attacks, thereby risking data loss or a security breach.

  • by Jeff Flanagan (2981883) on Wednesday June 18, 2014 @11:57AM (#47263453)
    >Sounds like a brilliant strategy, and an epic demonstration of what can go wrong with the cloud.

    No, it's just an example of what can happen to incompetent people. There's no reason to believe that these people would not have also failed to have offline backup with local servers. There was nothing to prevent them from keeping backups locally or on another cloud.

    Blaming cloud computing for this is completely idiotic, and about what I expect on the dumbed down Slashdot these days.
  • Re:The cloud (Score:4, Insightful)

    by rwven (663186) on Wednesday June 18, 2014 @11:59AM (#47263473)

    It has nothing to do with the cloud. It could have been any un-managed hosting.

    The fact that they went with un-managed hosting in the first place is what really screwed them. If they had a real support team they could turn to, steps could have been taken to keep this from happening as soon as the DDOS started, and they would have had "offsite" or at least "offline" backups.

    This happened because it appears that code spaces had some knee-jerk reactions and didn't think through how they were handling this (like changing the password before making sure there weren't other methods of access already established). They should have straight-up called amazon, explained what was going on, and paid for support for amazon put access to their account and instances on lockdown until the situation was resolved. Shoulda, woulda, coulda though...

  • Re:The cloud (Score:5, Insightful)

    by NatasRevol (731260) on Wednesday June 18, 2014 @12:07PM (#47263531) Journal

    More likely, actual planning would have to be involved.

  • by DoofusOfDeath (636671) on Wednesday June 18, 2014 @12:09PM (#47263569)

    If your backups are sitting right next to your active files they aren't backups. They're just copies sitting there.

    I think that's an oversimplification. They're still backups. They're just not backups against some failure modes that people would have expected.

  • Re:The cloud (Score:2, Insightful)

    by Dishevel (1105119) on Wednesday June 18, 2014 @12:10PM (#47263579)
    More of us are becoming aware all the time. There is a need for people to fill political offices. There is no need for politicians.
  • Re:The cloud (Score:5, Insightful)

    by vux984 (928602) on Wednesday June 18, 2014 @12:15PM (#47263625)

    I don't think their problem is necessarily because it was "on the cloud"

    No. The cloud was a key part of the problem. They had as much access and control over the system as the hacker did with no physical fall back.

    A VM farm on an onsite rack or even a colo rack? You knock out the hacker by unplugging it from the router to the internet, and then audit and reset security to your hearts content.

  • Re:The cloud (Score:5, Insightful)

    by Mister_Stoopid (1222674) on Wednesday June 18, 2014 @12:17PM (#47263659)

    Having an offline backup isn't 20/20 hindsight, it's the absolute basics of the basics.

    This is equal to saying that wearing scantily clad clothing means a woman deserves to get raped.

    It's more like saying that a guy who dies in a car accident because he was street racing while drunk, high, and not wearing a seatbelt got what he deserved.

  • Re:The cloud (Score:2, Insightful)

    by pla (258480) on Wednesday June 18, 2014 @12:28PM (#47263747) Journal
    Besides, where does this "blame the victim" attitude always come from? It's ridiculous.

    Bad people exist. Plan accordingly, or don't come crying when you get hacked.

    Otherwise, I agree with you, this looks more like an oversight of risk management: When wandering around the park at 2am in a mini-dress... don't.
  • by Nemyst (1383049) on Wednesday June 18, 2014 @12:31PM (#47263779) Homepage
    If the attacker has access to the financial details used by the company to pay for the hosting, which is generally how you can authenticate people safely, you have much bigger problems.
  • Re:The cloud (Score:5, Insightful)

    by Jhon (241832) on Wednesday June 18, 2014 @01:07PM (#47264097) Homepage Journal

    "Much like the US president can only run for two terms, wouldn't it be grand if there was something similar for the politicians lower down the tree! Politicians _should_ be people who've been out in the real World."

    Unintended consequences -- you don't have people in office long enough to be RESPONSIBLE for anything. All "bombs" get pushed off until the next election cycle when Councilman A is termed out and becomes State Senator A, or Assemblyman A.

    Look to California for everything you need to fear.

  • Re:The cloud (Score:5, Insightful)

    by Munchr (786041) on Wednesday June 18, 2014 @01:13PM (#47264151)
    Exactly this. They state in the article that they had off-site backups. What use are off-site backups if the "on-site" control panel has direct online access to them? "In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted."
  • Re:The cloud (Score:5, Insightful)

    by Oligonicella (659917) on Wednesday June 18, 2014 @01:48PM (#47264471)

    And the company and it's owners should have their asses sued off for failing to take normal precautions for the data they promised to protect. I have sympathy and pity for the owners of the data (although I have always thought "the cloud" was a stupid idea), but none for the company. Unconnected archiving is a universally recognized good practice. Why in hell don't the new guys understand this?

  • Re:The cloud (Score:3, Insightful)

    by pla (258480) on Wednesday June 18, 2014 @01:48PM (#47264485) Journal
    100% wrong. Maybe the company should have been better prepared, but the fact is they were attacked by a criminal who first hijacked and then destroyed possibly an enormous amount of value in people's data. He, she or they committed a horrible crime and should go to jail for a long time.

    You'll notice that at no point did I excuse the criminal. I agree with you completely that we as a society should dedicate the resources to hunting him down and punishing him.

    That doesn't change the fact that Code Spaces sold a project hosting solution, using all the "safety" and "redundancy" and ease of access of "the cloud" as direct marketing points, and as a result bear direct liability for negligence in failing to secure their systems. Why did they opt to close up shop? Not because they got hacked and lost their current customers' data, but because they know with 100% certainty that in the next few weeks, they will get sued into oblivion.

    Yes, of course we still go after the bad guys... But sorry, the morons leaving the front door open don't just get a pass. If someone gets food poisoning from McDonald's, they don't get to pass the buck to the electric company for their refrigerators going off for a few hours, nor do they get to blame the "real" culprit, e coli. They should have known better, and so should Code Spaces.
  • Re: The cloud (Score:5, Insightful)

    by Aighearach (97333) on Wednesday June 18, 2014 @01:59PM (#47264571) Homepage

    At some point, you have to ascribe *some* responsibility on the [victim], no?

    No.

  • Re: The cloud (Score:4, Insightful)

    by seebs (15766) on Wednesday June 18, 2014 @02:38PM (#47264969) Homepage

    Of course she's responsible for how she looks and dresses, it's just that neither of those can ever be, in any way, a justification for rape. They're totally irrelevant. She's also responsible for what she has for breakfast, and that's every bit as relevant to your decision as to whether or not you want to be a rapist. Which, given that you're playing apologetics for it, presumably you do.

  • Re: The cloud (Score:5, Insightful)

    by seebs (15766) on Wednesday June 18, 2014 @02:39PM (#47264971) Homepage

    Good job shifting the goalposts, but that's pretty much totally unrelated. See, the lions are generally not considered to be moral actors. Humans usually are.

  • Re:The cloud (Score:4, Insightful)

    by chthon (580889) on Wednesday June 18, 2014 @03:04PM (#47265187) Homepage Journal

    Your insurance agent would like a word with you.

  • Re: The cloud (Score:5, Insightful)

    by SecurityGuy (217807) on Wednesday June 18, 2014 @03:07PM (#47265219)

    Which, given that you're playing apologetics for it, presumably you do.

    I don't think it's that, it's that in some people's minds, the pendulum has swung too far. I read that some beauty contestant is getting lambasted for saying women should learn self defense. Claims are being made that that promotes "rape culture". It doesn't, it's just the commonsense realization that while in the ideal world there wouldn't be bad people, in the actual world, there are. It's fine to work towards the ideal world, but we also need to live in the real one.

    To put another spin on it, there's a trail around here that used to be a great place to run. It's become a great place to get a beating and your phone/ipod/wallet stolen. I could go run there with my expensive earbuds and $600 phone, secure in the knowledge that I have every moral right to do so unmolested, but I don't. I run with my cheaper earbuds and an iPod shuffle in places muggings don't happen.

The relative importance of files depends on their cost in terms of the human effort needed to regenerate them. -- T.A. Dolotta

Working...