dani3315

Hacker Ruins Code Spaces Development Platform

An attacker deletes almost all customer project data after a botched blackmail attempt

On by Max Smolaks 1

Code hosting and collaborative development service Code Spaces is ceasing operations after an unidentified attacker erased almost all of its customer data, together with backups.

The incident started with a Distributed Denial of Service (DDoS) attack on Tuesday, which diverted the attention from the fact that the hacker gained access to Code Spaces’ Amazon EC2 control panel. Once in charge, they blackmailed the company, demanding “a large fee”.

When the administrators attempted to wrestle the control back, the attacker started deleting customer data at random, until almost nothing was left.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility,” states the post on the Code Spaces homepage.

“As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”

Pain and suffering

Code Spaces is operated by AbleBots from New Jersey, US. On Tuesday, as it was suffering from a DDoS attack, the company received a number of messages from the hacker who had logged into its cloud control panel.

scyther5The messages asked for a ransom, the amount of which Code Spaces did not specify, and included an email address for future contact.

Rather than pay up, the administrators decided to investigate the issue and attempt to secure the cloud infrastructure. Unfortunately, the attacker had already created a number of backup logins and when the team tried to recover the accounts, started erasing parts of the system.

“We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances,” said the statement.

“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”

It’s not clear just how the hacker managed to obtain log-in credentials, but Code Spaces is convinced that its Private Keys were not compromised. The company added that it has no reason to think that the attack was carried out by any current or former employee.

In the coming weeks, AbleBots will focus on supporting the affected customers in exporting any remaining data they have left on the system.

“All that we can say at this point is how sorry we are to both our customers and to the people who make a living at Code Spaces for the chain of events that lead us here,” concludes the statement.

Code Spaces previously claimed that it operates a well-practiced and proven data recovery plan that involves data centres on three continents.

How well do you know network security? Try our quiz and find out!

Max Smolaks
Author: Max Smolaks
Reporter
Max Smolaks Max Smolaks Max Smolaks

White Papers

Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




One reply to Hacker Ruins Code Spaces Development Platform

  • On June 23, 2014 at 9:24 am by brian M

    When will people realize never never never put anything of real value (financial or personal) solely in the cloud. Businesses who do are being totally and utterly irresponsible to their shareholders.

    Same also applies to building your IP around Software as a service, read Microsoft, Adobe etc. If the company only offers a software as a service then go to one of their competitors who offer a version that is not based on remote servers or the internet.

    At least Microsoft still allows you to buy real software still albeit at a price, so some kudos to them there!

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>