Code Spaces, formerly a popular cloud-based source code hosting service run by AbleBots from New Jersey was forced to close. Infosecurity reports that after an attacker managed to get access to its Amazon (AMZN) Web Services EC2 control panel and delete most of its customers’ data. According to an explanation on the Code Spaces website, the firm was a victim of DDoS with the apparent attempt to extort “a large fee to resolve the DDOS.”
As the firm attempted to restore control of its machines, the attacker escalated the attack, the site says;
… the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel … We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances. In summary, most of our data, backups, machine configurations, and offsite backups were either partially or completely deleted.
Code Spaces marketed itself as a trusted provider offering “Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management” and a “full recovery plan” with full redundancy, duplication, and distribution of the data across three different geographical data centers if things went wrong. According to the Infosecurity blog despite the marketing hype the Code Spaces sites is folding up its tent and hanging out a closed sign by saying;
Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of on-going credibility.
rb-
Another high-profile Cloud Computing service goes bust. Last year when Nirvanix went belly up I wrote about the need for a cloud exit plan. Calum MacLeod, vice president of EMEA at Lieberman Software told CIO.com that security incidents like this are avoidable if companies take effective steps. He suggested firms should implement:
- Certificate-based authentication along with normal user IDs and passwords,
- Whitelist applications,
- A schedule for changing Credentials every few hours for critical applications,
- Continuous discovery of the systems and applications to check if there were any changes to account settings, like happened to Code Spaces where new privileged accounts were created to allow the attack to continue.
He concludes that the Code Spaces incident reads like a cyberattack 101 scenario, where the failure to properly manage privileged credentials ultimately was the cause of the breach.
Other suggested measure for organizations using AWS would be to enable multi-factor authentication for admin logins. Alternatively, to prevent the wholesale loss of files Amazon Glacier could be used for longer-term data archival, to augment regular offline backups.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.