Pierluigi Paganini
June 20, 2014
Code Spaces, a code-hosting and software collaboration platform, has been brought down by a serious cyber attack which has caused its out of business, the attackers have deleted the data and backups of the company in a cyber raid. The Code Spaces firm has published an official statement to explain the incident to its users, this is a sad story because the attackers succeeded to destroy company business, the message inform the users that it will spend its current resources helping customers recover whatever data may be left.
“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility,” “As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”
“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.” states the statement.
As explained in the statement the cyber criminals initially started with DDoS attack, at the same time they gained the access into Code Spaces’ Amazon EC2 control panel, leaving the extortion demands to the Code Spaces company. They left a series of messages requesting to be contacted to a Hotmail address
“An unauthorised person who at this point who is still unknown (All we can say is that we have no reason to think its anyone who is or was employed with Code Spaces) had gained access to our Amazon EC2 control panel and had left a number of messages for us to contact them using a hotmail address“
Code Spaces firm has immediately started the investigation but as explained by the company it became clear that so far no machine access had been achieved due to the attacker not having their private keys, as containment measure it has changed the EC2 passwords. The story is not ended, the company quickly discovered that the attacker had created backup logins, so once the criminals noticed the password change they began deleting artifacts from the panel.
“We finally managed to get our panel access back, but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances,” “In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”Code Spaces said.
“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”
As remarked by Amazon, customers have the responsibility to preserve their credentials for Amazon Web Services, the company offers all the necessary solutions to protect them, including two-factor authentication. The AWS IAM enables control over user credentials, access role separation and least privilege.
The criminals have taken 12 hours to delete all the svn repositories, backups and snapshots, leaving untouched just a few old svn nodes and one git node.
“We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances.” said the statement.
It is a drama for the company that has permanently suspended its activities, it probably will face serious legal problems for the damages caused to its users considering also that it has always declared to implement a a full redundancy for the code through its duplication among data centers on three continents.
“Backing up data is one thing, but it is meaningless without a recovery plan, not only that a recovery plan – and one that is well-practiced and proven to work time and time again,” “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”Code Spaces said.
I consider this attack a case study on the potential effect on business of the cyber criminals, to mitigate the cyber threat it is crucial to put in place all the proper mitigation actions.
