Attacks/Breaches
6/20/2014
01:40 PM
Connect Directly
RSS
E-Mail
50%
50%

Code Hosting Service Shuts Down After Cyber Attack

Code Spaces shuttered its doors after a hacker accessed the company's Amazon EC2 control panel and erased business data and other information.

A code hosting company has shut down following a cyber attack that erased much of its data, backups, machine configurations, and offsite backups.

The company states in a message on its homepage:

Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of ongoing credibility.

Visitors to the Code Spaces website are greeted with a lengthy outline of what happened. On Tuesday, the company explains, Code Spaces was hit by a distributed denial-of-service attack against its servers. Such attacks weren't uncommon. Unfortunately, this time it was just the beginning.

The unknown attacker was able to gain access to Code Spaces' Amazon EC2 control panel, and left a number of messages for the company to contact them using a Hotmail address. Doing so yielded an extortion demand. When the company realized the attacker had access to the EC2 control panel, further investigation revealed the person also had access to the data in the company's systems, although no machine access occurred, because the intruder did not have the private keys.

The company statement continues:

At this point we took action to take control back of our panel by changing passwords, however the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel. We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI's, some EBS instances and several machine instances.

Patrick Thomas, security consultant for Neohapsis, calls the situation a "nightmare scenario" for cloud services companies:

This is a wakeup call to other organizations that have critical assets on cloud services. Two-factor authentication and detailed event monitoring and alerting are essential components of any cloud strategy.

Offsite backups have been considered a necessary operating procedure for any sensitive data, but in the age of cloud infrastructure many organizations think that they can simply pass the buck on backups, getting their geographic distribution and redundancy for free as part of going to the cloud. However, anything that's vulnerable to the same threats isn't fulfilling the original intent of offsite backups. Perhaps it makes more sense to start talking in terms of diversified backups, to emphasize the broad types of threats that a backup strategy must mitigate.

Jim Reavis, chief executive officer of the Cloud Security Alliance, stresses that DDoS attacks and other malicious activity have caused business outages and shutdowns before among companies using traditional IT, and that cloud computing itself was hardly a factor in exacerbating Code Spaces' demise. He told me in an email:

Cloud users of IaaS [infrastructure-as-a-service] like Code Spaces have significant responsibilities in implementing security best practices to protect their system availability and proprietary information, as we have outlined in our security guidance and controls framework. At a high level, tenancy with a robust cloud computing infrastructure should provide greater pipes to withstand DDoS attacks than a small business could afford.

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Moderator
7/3/2014 | 2:37:23 PM
Good advice here....
Good advice hewre from Nethapsis Patrick Thomas against threat of attack in the cloud. 
ebyjeeby
50%
50%
ebyjeeby,
User Rank: Apprentice
6/23/2014 | 2:48:03 PM
more security
Sounds like dual-control may be needed - a second person logging on to approve changes - at least for adding another admin and deleting important items
Andre Leonard
50%
50%
Andre Leonard,
User Rank: Strategist
6/23/2014 | 10:18:30 AM
Redundant back-up.
" Perhaps it makes more sense to start talking in terms of diversified backups, to emphasize the broad types of threats that a backup strategy must mitigate."

Sad it's come to this. Cloud only back-up do present certian limitations.
Robert McDougal
100%
0%
Robert McDougal,
User Rank: Ninja
6/22/2014 | 9:47:15 AM
Re: AWS the Right Platform?
I think the truth lies somewhere between your hypothesis and the published story.  

I would say the most logical explanation is that they simply do not have the ability or desire to fight the attack.
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/21/2014 | 3:03:10 AM
Re: AWS the Right Platform?
@TalKlein

While you're right, it's more than just that for me.  Certainly mirrors/offsites are not also available for deletion the the AWS EC2 control panel?  That is more what astounds me than anything - I just find it hard to swallow that a cyber attack erased mirrored backups and offsite backups.  I'd want to read more about the incident before being too suspicious, but again, with many a tried/true source code repository platform out there, this scenario reads strangely; either AWS is the wrong platform for a code sharing infrastructure, or something else is going on.  I guess what I'm getting at is, if a mistake was made, own up to it - we've all been there and learned from it - and if not, then perhaps some fresh eyes need to look at AWS and how the services are set up.  Let's not let our customers (as IT) shoot themselves in the foot on something so basic as how data is backed up and mirrored.   
TalKlein
50%
50%
TalKlein,
User Rank: Author
6/21/2014 | 2:03:48 AM
Re: AWS the Right Platform?
You're making the age old case for delegated admin which looks great on paper, but we all know that in reality any company for whom security isn't a core competency will have an administrator who dips their feet in two ponds. In general we must design for failure, which means:

1. Assume administrators are human and therefore gullible

2. Develop a proper mechanism for valuating data

3. Build security models around behavioral risk modeling rather than linear detection

Until we solve for these tenants, life in the mobius strip remains the status quo.
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/20/2014 | 7:20:05 PM
AWS the Right Platform?
I wonder at a source code hosting service being framed upon AWS. When it comes to cloud platforms and the type of infrastructure that should be deployed there, I wouldn't have pegged AWS as right for this, though Bitnami has a Gitorious AWS package which seems to be gaining ground. When I think of GitHub, Gitorious, Launchpad, GNU Savannah, GForge and SourceForge - the last thing I imagine is this scenario where the body of decades of valuable free and open source software (FOSS) programming goes down the drain. I love the cloud as much as the next person, but I also believe there are certain properties that need to be hosted more securely, and also propagated across multiple, "untouchable" mirrors. Simply astounding, and almost suspect, that something like this would even be possible with the source code hosting platforms we currently have out there that have stood the test of time (for the most part).
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.