Internet firm goes out of business after DDoS extortion attack

In the last few weeks there have been numerous stories of online criminals launching attacks against businesses with the aim of extorting money from their victims.

For instance, some 650,000 Domino’s Pizza customers in France and Belgium were put at risk after hackers made off with a customer database, and demanded the restaurant paid up a hefty ransom or face having the stolen data made public.

It has also been revealed that mobile phone giant Nokia had, a few years back, found itself in the uncomfortable position of handing over millions of dollars to blackmailing hackers who had stolen encryption codes for the Symbian operating system, and were threatning to post them online.

Unfortunately, a police sting designed to catch Nokia’s blackmailers is said to have failed after officers lost track of both the criminals and the cash.

More recently, RSS aggregator Feedly admitted it had been hit by a distributed denial-of-service (DDoS) attack which took its service offline, and announced that it was refusing to pay the ransom demanded by the blackmailing hackers. At the same time it was being reported that Evernote and music service Deezer were also suffering from DDoS attacks against their systems.

Of course, all of these companies have recovered and will – hopefully – be able to parry any future attacks more successfully without disruption or inconvenience to their users.

The same, sadly, can not be said of the latest DDoS extortion victim: Code Spaces.

Code Spaces, a company which provided a similar service to GitHub and describes itself as offering “Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management” has closed down for ever, after saying it fell victim to DDoS blackmailers this week.

Here is part of the message you will find on the Code Spaces website right now:

Code Spaces webpage

On Tuesday the 17th of June 2014 we received a well orchestrated DDOS against our servers, this happens quite often and we normally overcome them in a way that is transparent to the Code Spaces community. On this occasion however the DDOS was just the start.

An unauthorised person who at this point who is still unknown (All we can say is that we have no reason to think its anyone who is or was employed with Code Spaces) had gained access to our Amazon EC2 control panel and had left a number of messages for us to contact them using a hotmail address

Reaching out to the address started a chain of events that revolved arount the person trying to extort a large fee in order to resolve the DDOS.

Upon realisation that somebody had access to our control panel we started to investigate how access had been gained and what access that person had to the data in our systems, it became clear that so far no machine access had been achieved due to the intruder not having our Private Keys.

At this point we took action to take control back of our panel by changing passwords, however the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel. We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances.

In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.

Although Code Spaces had made bold claims about its resilience and disaster recovery plans, this was clearly one problem that they were unable to recover from.

All of this, of course, is pretty bad news for Code Spaces’ customers.

Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of on going credibility.

As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.

All that we can say at this point is how sorry we are to both our customers and to the people who make a living at Code Spaces for the chain of events that lead us here.

Code SpacesIt’s certainly bad news for Code Spaces to go out of business, and one hopes that the authorities have been involved so they can investigate who might have been behind this malicious hack that forced the company to go kaput.

But it should also not be forgotten that there are plenty of Code Spaces’ customers who have also been inconvenienced, and might now find themselves in troubled waters because of the disappearance of this service and their code.

Code Spaces customers who wish to recover data they stored with the company are advised to email support@codespaces.com with their account URL. Code Spaces makes no promises, but it says that if it can recover any of your data it will.

The adage that the “cloud is just a different word for somebody else’s computer” has never seemed more apt.

There are lots of benefits, of course, to using internet-based services but for goodness sake if you are trusting them with your sensitive or important data make sure that you ask the right questions, get the right assurances and – if necessary – have your own disaster recovery plan in place should things go pear-shaped.

Author Graham Cluley, We Live Security

8 Responses to “Internet firm goes out of business after DDoS extortion attack”

  1. Blank Reg says:

    Pretty dumb behaviour from the extortionist. If you are a parasite the last thing you should do is kill the host.

    • anon says:

      But they can jump from host to host. The next company will see a control panel message that references this incident. Do you think that will motivate a small company to pay up? I do. While you should have plans for these types of attacks, it’s no secret that most organization never plan for this – my own organization keeps ignoring my warning on this subject. The other issue here is just how little an organization monitors its own environment.

    • Coyote says:

      Two names of many:
      CIH
      Kriz

      I know of another (off hand) but the name does not come to mind. I knew the author of Kriz (we weren’t friends by any means). The other one I cannot recall I also knew the author (we were friendly but he was nice and he was good at assembly and that was our commonality). There’s many more although admittedly those I refer to are older. Still… their payloads were very ugly indeed. Make no mistake: it isn’t always what you think. Their goal might not only be money. Just like malware writers aren’t always attempting to have the most number of infections ITW (in the wild) the same applies for reasons of DoS and DDoS attacks. Besides that, just like scammers and spammers alike they don’t really care as long as even 0.0001% (and smaller) of their targets give in. That’s all there is to it.

  2. Bill Kreps says:

    This is exactly why I think keeping information in “the cloud” is a bad – no, dangerous – idea. But, if for some reason I had to, you can bet I would have a local daily backup sitting in a fire rated safe.

  3. Mr. Fimp says:

    From the very first time I heard about “the cloud”, I thought, “Seriously? You mean people would actually RELY on such a thing?” I should have known that the Lemming Factor would kick in, and people would dutifully fall into lock step behind this new pied piper.

    I have a backup in “the cloud”, but it’s one of several, and most of them I keep here. Evidently, CodeSpaces was not similarly cautious. I’m sorry for their customers, but I can’t muster much sympathy for CodeSpaces. Any company whose customers’ data is stored in so irresponsible and vulnerable a manner deserves to go out of business.

  4. Coyote says:

    “Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management”
    That is (obviously more so now but that is irrelevant to my point) a farce. Secure and the cloud don’t mix. As for the customers, well, I hate to state such things but anyone relying on someone else to take care of _their own_ data, is asking for _serious_ trouble. Especially ironic as git is free and open source (you know, something about where it originated). All it would take is for the customers to instead of purchase a “host” (dangerous with source code, anyway … very risky and that is including the owners stealing the source code. Yes, this _has_ happened to people before) to invest in their own server. Okay, sure they would still be vulnerable to DoS and DDoS attacks but they’d be less likely target because why? Not a huge customer base. Furthermore, if they did backup properly, i.e., don’t keep the backup volume mounted after backup is done (so there is no backup available to destroy!) as well as have some .. here we go again… redundancy, they’d have much fewer problems (if any). As for the cloud: don’t even get me started on how companies (and this is actually what I indirectly wrote, thinking about it) think they should substitute server with cloud and then whine when they then have less control including _physical_ control (physical control is quite… how to put it.. a lot safer and for so many reasons!). The very idea of the cloud is stupid anyway. Okay it is actually accessible from ‘anywhere’. So is Yahoo, so is… THAT is the idea of the Internet in the first place where its predecessor was a network OF networks to withstand a nuclear attack! And here’s a thought: just like they can access their stupid cloud from a remote location, did they forget that they could do the same thing with their _own_ server? I’m no fan of DoS/DDoS attacks and I remember the days before DDoS attacks (and even DoS attacks could be potent, e.g., smurf and its family.. or even SYN floods…the former was after all using bcasts to launch an attack and in some ways could be considered distributed). It is nothing else but a tool for extortion (nowadays more than before it seems… I mean SYN floods and other DoS attacks were necessary parts of other exploits in full) or simply (besides what I already wrote: used in conjunction of another attack) censorship. But if it were not for complete ignorance and lack of planning (specifically the former) I would just turn a blind eye as in “they were asking for it” or similar … The worst part is customers – and yes this pun is very much intended, as always – buying in to it and now being at loss (again pun intended). The sad thing is security is not something you are taught but something you learn through experience and keeping yourself in the loop.

  5. Coyote says:

    Oh, and as an addendum:
    There’s more irony in affordable svn and git hosting. I sort of already remarked on this but: why on earth would anyone spend money for that? Just like RCS and CVS, svn and git are free and open. There’s no need to spend money then! So to put it in a more blunt way: it is NOT affordable because charging for something that is FREE is simply NOT affordable and is flat out shameful.

  6. Adam Lavery says:

    Doesn’t this also reflect badly on Amazon? Surely Amazon has the means to recover the maliciously deleted services this company was using?

Leave a Reply

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
21 Jun 2014
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.