If any organization still thinks security is over hyped and thinks the bad guys won’t come after them just go and talk to Code Spaces.
The cloud code hosting service is shutting down because a distributed denial of services (DDoS) attack coupled with an unsuccessful extortion attempt ended up with an attacker deleting most of its code repositories and backups. End of story.
A notice on the service’s website said the DDoS attack started on Tuesday. The company then noticed a number of messages were left by the attacker on their Amazon EC2 control panel, meaning that he or she had access to it.
The identity of the attacker is still unknown, as well as how he or she was able to access the control panel. The service said they have “no reason to think its anyone who is or was employed with Code Spaces.”
The initial internal investigation revealed that no machine access had been achieved by the attacker. Not wanting to pay the large fee requested by the attacker to stop the DDoS attack, they attempted to regain control of the panel by changing passwords.
The intruder was ready for that tactic and had already created a number of backup logins. He retaliated by proceeding to randomly delete artifacts from the panel.
“We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances,” they said in a blog post. “In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted. This took place over a 12-hour period which I have condensed into this very brief explanation, which I will elaborate on more once we have managed our customers’ needs.”
“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of ongoing credibility,” officials said. “As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”
“All that we can say at this point is how sorry we are to both our customers and to the people who make a living at Code Spaces for the chain of events that lead us here,” officials said. “We hope that one day we will be able to and reinstate the service and credibility that Code Spaces once had!”