Code Spaces, a code-hosting and software collaboration platform, has been put out of business by an attacker who deleted the company’s data and backups.

Officials wrote a lengthy explanation and apology on the company’s website, promising to spend its current resources helping customers recover whatever data may be left.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility,” read the note. “As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”

The beginning of the end was a DDoS attack initiated yesterday that was accompanied by an intrusion into Code Spaces’ Amazon EC2 control panel. Extortion demands were left for Code Spaces officials, along with a Hotmail address they were supposed to use to contact the attackers.

“Upon realization that somebody had access to our control panel, we started to investigate how access had been gained and what access that person had to the data in our systems,” Code Spaces said. “It became clear that so far no machine access had been achieved due to the intruder not having our private keys.”

Code Spaces said it changed its EC2 passwords, but quickly discovered the attacker had created backup logins, and once recovery attempts were noticed, the attacker began deleting artifacts from the panel.

“We finally managed to get our panel access back, but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances,” Code Spaces said. “In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”

“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”

Amazon Web Services customers are responsible for credential management. Amazon, however, has built-in support for two-factor authentication that can be used with AWS accounts and accounts managed by the AWS Identity and Access Management tool. AWS IAM enables control over user access, including individual credentials, role separation and least privilege.

Within 12 hours, Code Spaces went from a viable business to devastation. The company reported that all of its svn repositories—backups and snapshots—were deleted. All EBS volumes containing database files were also deleted. A few old svn nodes and one git node were left untouched, the company said.

A cache of Code Spaces services includes promises of full redundancy and that code is duplicated and distributed among data centers on three continents.

“Backing up data is one thing, but it is meaningless without a recovery plan, not only that a recovery plan – and one that is well-practiced and proven to work time and time again,” Code Spaces said. “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”

Categories: Cloud Security, Hacks

Comments (9)

  1. Steve
    2

    You should never have a backup strategy, its a recovery strategy you need. All the backups in the world are worthless if you can’t recover.

    Reply
  2. Dippy-do
    3

    Why can’t ‘delete’ have its own authentication password?
    Ex. Login as admin, delete backup, prompt for delete password.

    If deleting required a password even as admin, a web server could then require two-factor authentication and send out an sms alert.

    Just a thought…

    Reply
  3. iambigd
    4

    I don’t understand why someone would do this. Put honest hard working people on the street looking for a job just because they can. I feel sorry for this person that has to live with himself knowing the hardship he/she has caused these people.

    Reply
  4. FUDprevails
    5

    Because the person or persons who did it had no fear of retribution, knew other AWS clients would realize that they could be next and pay the ransom, etc.

    Reply
  5. David
    6

    This picture is a terrible representation of a hacker. Gotta love the stock photos of hoodie wearing young men, doing some obscure and fictional thing to a computer.

    Reply
  6. Matthew
    7

    This is exactly the reason why I do not trust cloud services.. So easy to lose it all.. Physical Back ups will always remain. My supplier Insurgo Media Services highlighted the dangers of cloud and it shows to have been correct.. Lucky escape

    Reply
  7. lucio fonseca
    8

    Matthew, “cloud” is just “stuff on a server” if you have something running on a server inside your building, marketoids now say that you have a local cloud or something like that. it’s just a term idiots (marketeers) use.
    it’s always dangerous to have a service on-line without real offline/offsite backups and a restore strategy. period.

    Reply
  8. lucio fonseca
    9

    David, it’s just the usual nonsense images “journalists” use. if they did a little research, they would find out no self-respecting hacker does this kind of stuff. this is stuff criminals and 12yo script-kiddies do.

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>