Hacker puts 'full redundancy' code-hosting firm out of business
CodeSpaces.com shut down after a hacker gained access to its Amazon EC2 account and deleted most data, including backups
IDG News Service - A code-hosting and project management services provider was forced to shut down operations indefinitely after a hacker broke into its cloud infrastructure and deleted customer data, including most of the company's backups.
The customers of CodeSpaces.com, run by a company in Wayne, New Jersey, called AbleBots, were informed Wednesday that their data might have been permanently lost following the compromise of the company's account on Amazon's Elastic Compute Cloud (EC2).
The devastating security breach happened over a span of 12 hours and initially started with a distributed denial-of-service attack followed by an attempt to extort money from the company.
The attacker also gained access to Cloud Spaces' control panel on EC2 and deleted the company's digital assets from Amazon's infrastructure when the company tried to regain control of its account.
"We finally managed to get our panel access back but not before he had removed all EBS [Amazon Elastic Block Store] snapshots, S3 [Amazon Simple Storage Service] buckets, all AMI's [Amazon Machine Images], some EBS instances and several machine instances," Cloud Spaces said in an announcement on its website. "In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted."
According to a cached version of the Cloud Spaces site, the company said that "more than 200 companies a week" used the service.
It's not clear how the attacker managed to gain access to the company's backups, especially since Cloud Spaces boasted before the attack that its hosting services had full redundancy, high availability and performed real-time backups to multiple off-site locations. The company had also claimed to have "a full recovery plan that has been proven to work and is, in fact, practiced."
Despite those assurances, it seems that a single security incident was enough to put the company out of business.
"Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of on going credibility," the company said following the security incident. "As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us."
While technical details of the actual attack are lacking, the incident overall is an example of the challenges companies face when securing their cloud-based environments and assets.
"When you don't control the infrastructure, your options to regain trust in the environment are limited," said Tim Erlin, director of security and risk, at Tripwire. "A business that relies on cloud-based infrastructure and tools can't avoid the same kinds of threat modeling and controls required for any organization."
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- Evaluating File Sync and Share Solutions: 12 Questions to Ask about Security File sync and share can increase productivity, but how do you pick a solution that works for you? Download to learn some important...
- A More Predictable Way to Budget Software Costs Wavetronix enables creative collaboration while cost-effectively accessing all the latest tools with Adobe Creative Cloud for teams. For Wavetronix, collaboration was easy when...
- 13 Reasons to Move to Adobe Creative Cloud One of the big advantages Adobe Creative Cloud for teams offers over Adobe Creative Suite 6 perpetual software is the ability to continually...
- EMC perspective on hybrid cloud Listen to the EMC Perspective on Hybrid Cloud: To Deliver ITaaS, you need Hybrid Cloud. Brian Gracely, Senior Director, Cloud Solutions, delivers EMC's...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cloud Security White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!