Hacker puts 'full redundancy' code-hosting firm out of business

CodeSpaces.com shut down after a hacker gained access to its Amazon EC2 account and deleted most data, including backups

A code-hosting and project management services provider was forced to shut down operations indefinitely after a hacker broke into its cloud infrastructure and deleted customer data, including most of the company's backups.

The customers of CodeSpaces.com, run by a company based in Wayne, New Jersey, called AbleBots, were informed Wednesday that their data might have been permanently lost following the compromise of the company's account on Amazon's Elastic Compute Cloud (EC2).

The devastating security breach happened over a span of 12 hours and initially started with a distributed denial-of-service attack followed by an attempt to extort money from the company.

The attacker also gained access to Cloud Spaces' control panel on EC2 and deleted the company's digital assets from Amazon's infrastructure when the company tried to regain control of its account.

"We finally managed to get our panel access back but not before he had removed all EBS [Amazon Elastic Block Store] snapshots, S3 [Amazon Simple Storage Service] buckets, all AMI's [Amazon Machine Images], some EBS instances and several machine instances," Cloud Spaces said in an announcement on its website. "In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted."

According to a cached version of the Cloud Spaces site, the company said that "more than 200 companies a week" used the service.

It's not clear how the attacker managed to gain access to the company's backups, especially since Cloud Spaces boasted before the attack that its hosting services had full redundancy, high availability and performed real-time backups to multiple off-site locations. The company had also claimed to have "a full recovery plan that has been proven to work and is, in fact, practiced."

Despite those assurances, it seems that a single security incident was enough to put the company out of business.

"Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of on going credibility," the company said following the security incident. "As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us."

While technical details of the actual attack are lacking, the incident overall is an unfortunate example of the challenges companies face when it comes to securing their cloud-based environments and assets.

"When you don't control the infrastructure, your options to regain trust in the environment are limited," said Tim Erlin, director of security and risk, at Tripwire. "A business that relies on cloud-based infrastructure and tools can't avoid the same kinds of threat modeling and controls required for any organization."

Some businesses act on the misconception that when they put data into the cloud they somehow transfer responsibility and liability to the cloud provider and this is simply not true, said Amichai Shulman, CTO of Imperva.

"The cloud is a tool," Shulman said. "The responsibility is with the owner of the data. Businesses have the responsibility to define what is the correct data security and monitoring policy for them."

The challenge with doing that in the cloud is the lack of visibility into who is accessing the applications, according to Schulman. Fortunately, there are an increasing number of security products that address this problem, for example, by forcing log-ins to cloud accounts through a proxy server that can detect unauthorized locations or unusual activity patterns and enforce restrictions.

"Cloud services such as EC2 rely heavily on access keys for authentication," said Craig Young, security researcher at Tripwire. "One of the big challenges faced by users of these services is how to manage this authentication material securely. We have seen thousands of EC2 accounts abused after storing EC2 keys in public code repositories or inadvertent sharing. When a business relies on a third-party infrastructure it is crucial to solidify backup and disaster recovery plans even more so than with on-premise systems."

Security incidents like the one involving Code Spaces are avoidable if companies take effective steps to apply strict automated controls to privileged access and to whitelist applications, said Calum MacLeod, vice president of EMEA at Lieberman Software.

Code Spaces should have been using certificate-based authentication in combination with normal user IDs and passwords, MacLeod said. "Additionally credentials for such a critical application should have been on a schedule of being changed every few hours, combined with continuous discovery of the systems and applications to check if there were any changes to account settings, such as happened here with the creation of new privileged accounts that would allow sustainment of the attacker. In fact, this reads like a cyberattack 101 scenario, where ultimately the victim was breached because of their failure to properly manage privileged credentials."

Join the PC World newsletter!

Error: Please check your email address.

Tags amazonCloud SpacesTripwiresecuritydata breachAccess control and authenticationAbleBotsdata protectionLieberman SoftwareintrusionImperva

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?