Code Spaces Hosting Shutting Down After Attacker Deletes All Data

An anonymous reader writes Code Spaces [a code hosting service] has been under DDOS attacks since the beginning of the week, but a few hours ago, the attacker managed to delete all their hosted customer data and most of the backups. They have announced that they are shutting down business. From the announcement: An unauthorized person who at this point who is still unknown (All we can say is that we have no reason to think its anyone who is or was employed with Code Spaces) had gained access to our Amazon EC2 control panel and had left a number of messages for us to contact them using a Hotmail address. Reaching out to the address started a chain of events that revolved around the person trying to extort a large fee in order to resolve the DDOS.

At this point we took action to take control back of our panel by changing passwords, however the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel.

The cloud

Good thing people hosted their stuff on the cloud...

Re:The cloud

[SQLGuru]

Single account to rule them all......the best approach is the separation of concerns (user management, server management, backup / restore, etc.) so that it is a lot harder to compromise everything.

Re:The cloud

[i+kan+reed]

But that would have cost the company a little more money.

Re:The cloud

[Dishevel]

The real problem was that they still had access to their stuff and never bothered to look at the number of accounts on the system before changing the password.

The concept was good but the people in charge were in way over their heads and it became suddenly clear to them that they had no business securing other peoples data. Good for them. At least they know what they suck at.

Re:The cloud

[roc97007]

Good thing people hosted their stuff on the cloud...

No kidding. Their backups also, apparently.

Re:The cloud

[Penguinisto]

Good thing people hosted their stuff on the cloud...

I don't think their problem is necessarily because it was "on the cloud" - the same thing could have happened if someone penetrated a corporate network and got hold of a VM farm. A bigger obstacle to be sure, but if your corporation has partner/vendor access and a not-so-sharp security guy...

One question I have though - instead of changing a password, why couldn't they have called Amazon, had the thing universally locked out for that company, replaced all root-level access with a new account, and sent the new username and p/w by phone back to the company?

Also, why didn't they have an offline (think: off-cloud) backup of the stuff? Sure it costs time/money/skull-sweat to do that, but it's worth the time and trouble in the end. After all, if your family jewels are hanging out there, it always pays to have a DR plan for 'em...

If nothing else, they could have set up a separate and distinct AWS account/rigging as a "DR" of sorts, with DB replication and the works feeding it as a warm DR site. That way if some jackass compromises the first, you only need to stop DB replication, turn on the rest of the DR servers, do a quick test, and shift your DNS to the backup site - 15 mintues later, you can delete the objects yourself in the original site if you want (while you set up yet a different site and build a new backup site to replace the one you just put into production.)

We have a sizable AWS setup where I work, and first/foremost we back that shit up (the DB contents) to machinery that we control. We also have a means of re-deploying/rebuilding if necessary; sure it takes time, but it's better to have it and not need it...

Re:The cloud

[rwven]

It has nothing to do with the cloud. It could have been any un-managed hosting.

The fact that they went with un-managed hosting in the first place is what really screwed them. If they had a real support team they could turn to, steps could have been taken to keep this from happening as soon as the DDOS started, and they would have had "offsite" or at least "offline" backups.

This happened because it appears that code spaces had some knee-jerk reactions and didn't think through how they were handling this (like changing the password before making sure there weren't other methods of access already established). They should have straight-up called amazon, explained what was going on, and paid for support for amazon put access to their account and instances on lockdown until the situation was resolved. Shoulda, woulda, coulda though...

Re:The cloud

[NatasRevol]

More likely, actual planning would have to be involved.

Re:The cloud

[ArmoredDragon]

I don't think that was a money thing, rather it was an oversight of risk management. Hindsight is always 20/20.

(Besides, where does this "blame the victim" attitude always come from? It's ridiculous. This is equal to saying that wearing scantily clad clothing means a woman deserves to get raped.)

Re:The cloud

[Dishevel]

More of us are becoming aware all the time. There is a need for people to fill political offices. There is no need for politicians.

Re:The cloud

[Kagato]

AWS has one of the best security systems out there. IF you decide to enable the features. The production AWS configs I've used have mandated multi factor auth (using the number generator on the phone) as well as network source network restrictions. You can also setup a large number of ACLs to restrict things like the ability to create additional accounts.

It's hard for me to feel bad for these guys.

Re:The cloud

[vux984]

I don't think their problem is necessarily because it was "on the cloud"

No. The cloud was a key part of the problem. They had as much access and control over the system as the hacker did with no physical fall back.

A VM farm on an onsite rack or even a colo rack? You knock out the hacker by unplugging it from the router to the internet, and then audit and reset security to your hearts content.

Re:The cloud

[nullchar]

You should always have an offline backup (even if slightly out of date).

In this case, they could have used a separate "cloud" provider just for backups.

Cloud or not, everything under one umbrella was the problem.

Re:The cloud

[Mister_Stoopid]

Having an offline backup isn't 20/20 hindsight, it's the absolute basics of the basics.

This is equal to saying that wearing scantily clad clothing means a woman deserves to get raped.

It's more like saying that a guy who dies in a car accident because he was street racing while drunk, high, and not wearing a seatbelt got what he deserved.

Re:The cloud

With Amazon's service you can contact them and have all access blocked until there is time to sort things out, and authenticate the real admin with billing information or the root SSH key you're given, etc.

Re:The cloud

[LWATCDR]

Isn't the real problem the criminals that made the attack?

Re:The cloud

[pla]

Besides, where does this "blame the victim" attitude always come from? It's ridiculous.

Bad people exist. Plan accordingly, or don't come crying when you get hacked.

Otherwise, I agree with you, this looks more like an oversight of risk management: When wandering around the park at 2am in a mini-dress... don't.

Re:The cloud

[Dishevel]

Sure it is a real problem. The issue is that if you are going to wait for their to be no criminal behavior out there nothing can ever get done.

So you have to take some responsibility for the security of your users data in spite of the fact that there are criminals out there.

Re:The cloud

[Dishevel]

Like I said. These guy were in way over their heads. You just can not be responsible for the hard work of a bunch of people and do what these guys did.

Re:The cloud

[Jhon]

"Much like the US president can only run for two terms, wouldn't it be grand if there was something similar for the politicians lower down the tree! Politicians _should_ be people who've been out in the real World."

Unintended consequences -- you don't have people in office long enough to be RESPONSIBLE for anything. All "bombs" get pushed off until the next election cycle when Councilman A is termed out and becomes State Senator A, or Assemblyman A.

Look to California for everything you need to fear.

Re:The cloud

[Munchr]

Exactly this. They state in the article that they had off-site backups. What use are off-site backups if the "on-site" control panel has direct online access to them? "In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted."

Re:The cloud

[Albanach]

Good thing people hosted their stuff on the cloud...

Hosting stuff on the cloud wasn't the problem. It's really no different from hosting anywhere else. The problem was a lack of off-site backups.

Something as simple as s3cmd and cron would have protected them. Or if really necessary they could have backed up servers to an independent s3 account.

This is a simple case of someone keeping all their eggs in a single basket, breaking the fundamental rule of backups needing to be independent of their source.

Re:The cloud

[Noah+Haders]

100% wrong. Maybe the company should have been better prepared, but the fact is they were attacked by a criminal who first hijacked and then destroyed possibly an enormous amount of value in people's data. He, she or they committed a horrible crime and should go to jail for a long time.

Re:The cloud

[TheCarp]

I see this come up a lot and honestly..... I mean.... is it really wrong to suggest that a person should think about self-protection?

Do you lock the door to your house? Your car? I do. I generally wont even leave my phone in the locked car unless I expect I will not be out of view of the car for more than a minute, I even look around first when making such a decision. Why? Because people I know, including myself, have had shit stolen from their cars!

And you know what.... I, the victim, was stupid for thinking it was going to be ok to leave my GPS on the cradle in the car overnight. The person who stole it is still an asshole, still deserves to be punished, but you know what....that doesn't make me smart for exposing myself to his actions.

Should a woman be able to wear what she wants? Should she be able to walk down the street at night alone? Yes. Absolutely. However, when my wife clips a knife on her belt before going for walks at night, when she tells me what streets she avoids at night because she knows its where alot of the rapes are reported.... it makes me think I married a smart girl.

But hey maybe I am odd, I don't say "don''t wear that" I say "don't forget your knife"

Because its true, she shouldn't ever have to use it, and I hope she never does.... but if it ever happens, I hope she spills entrails on the sidewalk.

Re:The cloud

[spire3661]

NO, their own stupidity, lack of training and foresight made sure they didnt have a viable backup.

Re:The cloud

[Jawnn]

Backups, accessible via the same system that made them, are not backups. A backup is a thing that lives elsewhere and is not affected by anything that might happen on the primary system. All they had were "copies".

Re:The cloud

[Oligonicella]

And the company and it's owners should have their asses sued off for failing to take normal precautions for the data they promised to protect. I have sympathy and pity for the owners of the data (although I have always thought "the cloud" was a stupid idea), but none for the company. Unconnected archiving is a universally recognized good practice. Why in hell don't the new guys understand this?

Re:The cloud

[pla]

100% wrong. Maybe the company should have been better prepared, but the fact is they were attacked by a criminal who first hijacked and then destroyed possibly an enormous amount of value in people's data. He, she or they committed a horrible crime and should go to jail for a long time.

You'll notice that at no point did I excuse the criminal. I agree with you completely that we as a society should dedicate the resources to hunting him down and punishing him.

That doesn't change the fact that Code Spaces sold a project hosting solution, using all the "safety" and "redundancy" and ease of access of "the cloud" as direct marketing points, and as a result bear direct liability for negligence in failing to secure their systems. Why did they opt to close up shop? Not because they got hacked and lost their current customers' data, but because they know with 100% certainty that in the next few weeks, they will get sued into oblivion.

Yes, of course we still go after the bad guys... But sorry, the morons leaving the front door open don't just get a pass. If someone gets food poisoning from McDonald's, they don't get to pass the buck to the electric company for their refrigerators going off for a few hours, nor do they get to blame the "real" culprit, e coli. They should have known better, and so should Code Spaces.

Re:The cloud

[smooth+wombat]

(Besides, where does this "blame the victim" attitude always come from? It's ridiculous.

You obviously missed the comments I made to the same effect back in April and had folks respond that yes, the victim is partially to blame no matter what.

Here, read the torturous and twisted excuses people make trying to justify why the victim is to blame, whether a hacking event such as this or having your house broken into.

Re: The cloud

[Aighearach]

At some point, you have to ascribe *some* responsibility on the [victim], no?

No.

Re:The cloud

[Aighearach]

Bad people exist. It doesn't matter if you cry, it does matter if you seek Justice or not.

Changing your life to accommodate them is ill advised.

Re:The cloud

[pnutjam]

Don't hold back with the reference or contact number.

Re:The cloud

[synapse7]

When you say this had nothing to do with the "cloud" do you mean gases in the atmosphere? If not, what hell is the difference between the "cloud" and amazon hosted services? Also, if Amazon is unable to offer a "real support team" who the hell can?

Re:The cloud

[the_B0fh]

Unconnected archiving is a universally recognized good practice. Why in hell don't the new guys understand this?

Every generation, someone gets to learn this lesson all over again.

Re:The cloud

[Aighearach]

I see this come up a lot and honestly..... I mean.... is it really wrong to suggest that a person should think about self-protection?

No, it is wrong to claim that they're expected to. See the difference? No?

Why bloviate for dozens of words if you're going to fall on your face in the first sentence?

You can't even tell the difference between prerogatives and coercion, so you have no moral or ethical foundation to build anything on. You have no points, because they're suspended in space and everybody else is on planet Earth.

And yes, it is really "very" wrong to attempt to exercise other people's prerogatives. It is a less extreme example of the same sort of horribles you consider! So no, you shouldn't be telling people to live in fear, or that it is somehow required for them to put reacting to crime, or giving up their freedom by reacting to it in the way you would desire them to. It is their prerogative, and theirs only, if they will continue to live their own life with their head held high, or cower in fear over protecting a pile of stuff, or something in between.

Re:The cloud

[Xaedalus]

When wandering around the park at 2am in a mini-dress... don't.

Your analogy works to a point. The predators who are lurking around said metaphorical park at 2 AM waiting for said irresponsible hot chicks in mini-dresses will quickly realize that their prey has gone to somewhere safer, like a nightclub or bar where it is both appropriate and safe for metaphorical hot chicks in mini-dresses to be safely irresponsible (e.g. having fun). Then they will evolve their tactics to take advantage, like roofies or excessive plying of alcohol or flat-out assault. Your analogy ultimately fails because while there is something to be said for taking personal responsibility, the fact is that predators -adapt-, or they die. And since they don't want to die, they will adapt, they will continue to hunt, and they will infiltrate the "safe" places. It is ultimately not someone's fault that they are a victim if they honestly thought they were both safe and in a place/situation/enacting a policy that is supposed to be safe (and verified by independent experts to be safe).

Re:The cloud

[DutchUncle]

well, yes, they do, if anyone thinks it was reasonable for them to have taken precautions. "I assumed you actually LOCKED those locks on the door when you went out . . ."

Re:The cloud

[Ksevio]

That's a very strange definition of backup. Sounds more like you're talking about an offline backup. Typically backup systems are connected to the system that made them so they can be restored easily.

Re:The cloud

yes but then you need an IT department who would know this stuff... wasn't the idea to go to cloud/outsurce so you could fire the IT and save GAZILLIOINS of dollars

Re:The cloud

[Aighearach]

(Besides, where does this "blame the victim" attitude always come from? It's ridiculous. This is equal to saying that wearing scantily clad clothing means a woman deserves to get raped.)

After the neckbeard reaches at least 6 inches, it grows into the nervous system and implants these ideas directly. This is an attempt to force the host into breeding behavior, so that the infection can spread.

Re:The cloud

Do you lock the doors and windows to your house and car?

Because, if you do, you're letting the bad people control your life! Oh nos

Re: The cloud

[seebs]

Of course she's responsible for how she looks and dresses, it's just that neither of those can ever be, in any way, a justification for rape. They're totally irrelevant. She's also responsible for what she has for breakfast, and that's every bit as relevant to your decision as to whether or not you want to be a rapist. Which, given that you're playing apologetics for it, presumably you do.

Re: The cloud

[seebs]

Good job shifting the goalposts, but that's pretty much totally unrelated. See, the lions are generally not considered to be moral actors. Humans usually are.

Re:The cloud

[idontgno]

"Just world" hypothesis. The mental model that says "that guy got victimized because he brought it on himself, whereas I'm perfectly safe because I don't."

Cowards blame the victim so that they can reassure themselves (falsely) that it just can't happen to them.

Re:The cloud

[rwa2]

I'll just leave this here:
http://www.despair.com/mistake...

Re:The cloud

[seebs]

The blame-the-victim thing comes from the just world fallacy. People don't want to think that bad things happen to innocent people, so they declare the people non-innocent.

You can reproduce this beautifully in lab conditions. Play people a recording of someone being tortured and they will start disliking the person and thinking badly of them.

Re:The cloud

[chthon]

Your insurance agent would like a word with you.

Re: The cloud

[SecurityGuy]

Which, given that you're playing apologetics for it, presumably you do.

I don't think it's that, it's that in some people's minds, the pendulum has swung too far. I read that some beauty contestant is getting lambasted for saying women should learn self defense. Claims are being made that that promotes "rape culture". It doesn't, it's just the commonsense realization that while in the ideal world there wouldn't be bad people, in the actual world, there are. It's fine to work towards the ideal world, but we also need to live in the real one.

To put another spin on it, there's a trail around here that used to be a great place to run. It's become a great place to get a beating and your phone/ipod/wallet stolen. I could go run there with my expensive earbuds and $600 phone, secure in the knowledge that I have every moral right to do so unmolested, but I don't. I run with my cheaper earbuds and an iPod shuffle in places muggings don't happen.

Re:The cloud

[sjames]

A locally hosted farm offers better options to recover. For example, once you realize you are hacked, you can take it off the network while checking it out and re-securing it. That would also disconnect it from the backup system so the backups are safe. When it's in the cloud, you can't really do that.

The locally hosted backup you spoke of is a decent next best solution, but may depend on the rate that data changes. Bandwidth into and out of the cloud generally costs while data over a lan cable doesn't.

Re:The cloud

[roc97007]

That's a very strange definition of backup. Sounds more like you're talking about an offline backup. Typically backup systems are connected to the system that made them so they can be restored easily.

An effective backup system must have both online and offline backups. Having all of your backups online violates the "integrity" part of basic security (confidentiality, integrity, availability) as you can't guarantee integrity if all data sets are subject to attack from a single source.

Even when "backing up" your PC at home to another disk drive, you aren't safe until you disconnect the drive. And that's only a little bit safe. Safer is to put it in a different room. Even safer, a different house. (This is what I do.) Safest of all, a different geological area.

Re:The cloud

[kesuki]

i believe the information is here https://aws.amazon.com/premiumsupport/ and yes i realize it's just a 'plan comparison' page, and that only 2 of the 4 tiers include a phone plan

Re:The cloud

[mpe]

AWS has one of the best security systems out there. IF you decide to enable the features. The production AWS configs I've used have mandated multi factor auth (using the number generator on the phone) as well as network source network restrictions. You can also setup a large number of ACLs to restrict things like the ability to create additional accounts.

It's more a case of "if you understand how to actually use that feature". Such complex systems are unlikely to be an enable/disable case.
Similarly MS Windows, since NT, has a highly sophisticated "security model". Which many people, including those writing programs which could make effective use of it, don't really have much of a clue about.

Re:The cloud

[mpe]

Much like the US president can only run for two terms, wouldn't it be grand if there was something similar for the politicians lower down the tree! Politicians _should_ be people who've been out in the real World. They should _not_ be people who go to university with the desire to be politicians.

It might make more sense to have a "term limit" more along the lines of "Maximum of X years total in any elected office".
A rule to the effect of "You can't be a candidate for position Y if you currently hold position Z" would also work against "career politicans".

Re: The cloud

[Kaenneth]

And Prison inmate are considered paragons of morality?

Talk about moving the goalposts...

Re:The cloud

[Swistak]

How?

Re:The cloud

[xaxa]

Safest of all, a different geological area.

A different geological area? Does the type of rock under the building really impact backup safety? Safer still might be a different geographical area.

Maybe he's reminding us it would be unwise to put it elsewhere on the same floodplain, same faultline or under the same volcano?

Re:The cloud

[brainnolo]

But since the topic at hand has nothing to do with rape, let's get stop with unfitting analogies. A company that is offering HOSTING must take have a solid backup plan and security policies in place. Otherwise, even if the criminal who attacked them is solely responsible for the act, the attacked company is 100% responsible in front of their clients, just as it should be.

In the business world being totally incompetent to offer the service you want to offer is not justified. It has nothing to do with rape, burglary or anything else, really.

Re:The cloud

[St.Creed]

They were a business taking other people's data, and those people entrusted them with its safekeeping.

If my bank accepts my valuables and stores them, they're legally and morally responsible for taking reasonable precautions. Piranha moats are probably out, but vaults with timed locks are not. If the bank doesn't put locks on the doors and leaves the vault open then yes the thief is responsible for the theft, but the bank is responsible for the theft *succeeding*.

Same here. While the attackers is as asshole and responsible for extortion and destruction of property, it's the companies unsafe practices that allowed this to succeed and be more than a minor disruption of service. And having full control over *all* data AND their backups from one single, internet-accessible control panel is not just unsafe, but idiotic. It sounds like this company was started by some kids that liked to "play business" or a bunch of finance managers with a nephew that "did something with computers". But not by serious sysadmins.

Re:The cloud

[Cacadril]

I think much of this discussion misses the point. The company did have offline backups. However, they had an insufficient threat model. Their threat model probably included such disasters like disk crashes, software errors wiping the data, regular hacker break ins, and a row of other similar mundane threats.

If you want to compare with scantly clad girls in the park at 2 AM, I think this is more similar to the girl who wore long robes and arranged for a friend to go along, but was shot to death by a mugger. Of course she should have carried a helmet and a bullet-proof jacket.

The point is that this enterprise met an aggressor way out of the ordinary. It's a low probability, high consequence event.

That said, they should have done a few things that cost little to do (unlike carrying helmets and bulletproof jackets in the metaphorical case), and this is an opportunity for the rest of us to learn from their bad luck and to think over and discuss what exactly those few things should have been.

It would also be interesting to find out if they could have handled the attempted recovery differently. Should they have disconnected the entire site from the internet, and done the recovery purely on-site?

Re:The cloud

[St.Creed]

Or they blame the victim because the victim made some seriously stupid decisions. Such as in this case.

Re:The cloud

[TheCarp]

> What will you do when she gets assaulted in a place or situation she didn't expect to, from a person she never expected it of?

I will be mad. I really don't know how to answer that better. What would I do if she expected it and was overpowered? What would I do if she expected it, but they had a gun? What if what if? The end result is the same either way. Thing is, nobody gets to choose whether or not they will be assaulted, only whether they watch out or what they do when it happens.

> Blaming the victim in that instance is like adding insult to injury--and that's what generally happens.

Who said blame? I never said blame. Can a person not recognize that they could have done better without blame coming into it? Its not a matter of blame, its a matter of recognizing that some things carry more risk than others.

I mean fuck, I used to (and plan to again once I get a few minor technical/financial issues sorted) ride motorcycles. 80% of riding a motocycle is looking out for risks. Should I have to worry about car doors flying open or assholes swerving into my lane without looking? No I really shouldn't, but you know what....thats not much consolation when you are laid up in a hospital bed or casket.

So you know what, when on a motorcycle, I pay extra attention to things car drivers gleefully ignore with abandon because being right is less important than being alive.

Re:The cloud

[spire3661]

I have spent considerable time and expense co-locating and properly backing up my personal photographs and other data. I also still burn them to optical disc just to have a copy that isnt on a hard drive. I spent hours discussing on Slashdot what the best practices are. As a HOME user, I am co-located, with offline backups on disparate media. I couldnt imagine running a business without AT LEAST that level of backup.

Go ahead excuse morons, but I wont.

Re:The cloud

[Jane+Q.+Public]

Single account to rule them all......the best approach is the separation of concerns (user management, server management, backup / restore, etc.) so that it is a lot harder to compromise everything.

Yes, and no.

The BEST approach is to back up your stuff in more than one place. Then if everything disappears... voila! You just put it back once your server is straightened out.

I am currently working on some web projects. We take regular snapshots of our code AND data, and keep backups not just online, but also offline in 2 different countries. And all sensitive data is well-encrypted.

And you know what? Not only is not not hard to do, it hardly takes any time.

Re:The cloud

[roc97007]

Yes. I was specifically thinking of earthquakes. If you live in an area prone to earthquakes, try to have a set of backups in an area not prone to earthquakes. (Even if it's prone to some other, unrelated type of disaster.)

Re:The cloud

[zeugma-amp]

But hey maybe I am odd, I don't say "don''t wear that" I say "don't forget your knife"

Because its true, she shouldn't ever have to use it, and I hope she never does.... but if it ever happens, I hope she spills entrails on the sidewalk.

100% agreement. Well said.

Re:The cloud

[TheCarp]

> There is a continuum of possible impact reasonable self-protection can provide, from cases where shit happens
> and it wasn't preventable, to cases where an action of the victim directly causes the problem.

Yes. And if you listen to anyone who has familiarity with non-domestic assaults, muggings, rapes, etc, its commonly pointed out that criminals have profiles that THEY use to identify victims. Just the act of paying attention to your surroundings, where you are, who is around you, whats going on, just that is often enough to get them to decide you are not a good target.

Its like dealing with a predator animal, if you act like easy prey, they are more likely to treat you like easy prey.

Re:The cloud

[TheCarp]

No I didn't, that is a common spelling. Don't blame me because your vocabulary is incomplete.

Re:The cloud

[i+kan+reed]

To an owner planning is identical to cost.

Re: The cloud

[Penguinisto]

See, the lions are generally not considered to be moral actors.

Neither is a rapist. Your point?

Re: The cloud

[seebs]

I think it's very much that, in this particular case. The anon didn't say that women should be in some way responsible for choices like "walking alone in dangerous neighborhoods at night", but for how they look or dress. That's... actually not at all justifiable. I am okay with suggesting that people ought to lock their houses, learn self defense, and so on, because in practice they ought to. I'm less okay with saying that if they fail to do so, that makes it their fault if they get mugged, raped, or otherwise attacked.

Re:The cloud

[david_thornley]

The company is a victim, because the people running it did stupid things. The company's customers are victims, because they trusted a company to do what it said it would. There's a difference here.

Re:The cloud

[david_thornley]

Do women who dress provocatively get raped more? I'd like to see some evidence for that.

Re:The cloud

[david_thornley]

I've also read that a rape victim may accept some responsibility as a way of coping. If it's completely not her responsibility, then she had no way to prevent it, and it could happen again at any time. If it's partly her responsibility, then she can feel safer by doing things differently. People like having some control of their lives, and particularly some ability to avoid future traumatic experiences.

Re:The cloud

[david_thornley]

My definition: a backup is a copy of something that won't get destroyed by the same thing that destroys the original. In this case, the originals and backups could be destroyed from the same place. I'm not impressed.

Re:The cloud

[dnavid]

When you say this had nothing to do with the "cloud" do you mean gases in the atmosphere? If not, what hell is the difference between the "cloud" and amazon hosted services? Also, if Amazon is unable to offer a "real support team" who the hell can?

I think he means the problem wasn't that the systems were hosted in a cloud environment, so you can't blame the cloud. The problem was that Cloud Spaces deployed their systems without a dedicated systems management and security team, and without using a service provider that could have provided one. If the systems were hosted in AWS but with integrated systems management and security protocols in place, this problem may not have had catastrophic consequences. Conversely, if Code Spaces was a bunch of servers in some racks in an office building instead of hosted in the cloud, the problem could have still been about as severe without those management protections.

However, I will say that physicality does have some intrinsic protections that virtual hosting in the cloud lacks, although even those tend to be last resort elements. For example, if the stuff was a bunch of real servers in a real location that was dedicated to Code Spaces and not shared with anyone else, they could have just pulled the plug on networking or even power, an option that is straight forward for conventional dedicated systems and often difficult or impossible to simulate with shared hosted or cloud-based systems (particularly on the hypervisor or cloud control side). One of the things I tend to strongly recommend to people contemplating deploying public or private clouds is to work out well ahead of time an incident response plan that includes as its last resort how they would kill all access to the system for a period of time to allow them to gain control of a fast-moving situation. Kill as in stop all servers, shutdown everything running, and even suspend all access to the hypervisor or cloud control systems. Kill everything, and kill everyone's access to change anything. Basically, the cloud equivalent of pulling the power on the entire building. If you can't do that, you had better have one stellar incident response team.

Re:The cloud

[Kjella]

I don't think that was a money thing, rather it was an oversight of risk management. (...) Besides, where does this "blame the victim" attitude always come from?

Because it's pretty hard to criticize/discuss/improve someone's risk management without at the same time assigning part of the blame to them. I mean if I was entirely without fault that means I did nothing wrong which means I don't have to change my ways, yet here you are arguing I should take greater precautions which means I did do something stupid which means it's partly my own fault right? It's pretty hard to say that you could and should avoid danger, yet it doesn't matter if you sought and exposed yourself to danger instead.

If we forget all about rapists and imagine I was struck by lightning, you'd probably say it was a freak accident. If you heard I went to the highest vantage point nearby with my kite during a thunderstorm, you'd probably call me pretty damn stupid and say I did a great job of bringing lightning down on myself. Are you really not going to ridicule me if I fall for a 419 scam with a Nigerian prince? That one involves being exploited by another person too, are you sure you won't put any responsibility on my shoulders?

I know I'd blame myself if I left my laptop visible in the car and it got broken into, not because it broken into as such - that happens - but because I made it so much more likely it was my car getting broken into. It doesn't mean I deserved it, it's still 100% the thief's fault for stealing it but somehow my inner statistician is screaming something about conditional probability. And I don't choose the risk factors, the thief decides that a visible laptop makes it interesting. The rapists decide if mini skirts is a risk factor, not the potential victims.

No, it's not just but it's about not becoming the victim in an unjust world. And even if the perpetrator is caught and punished so justice is served it doesn't restore my health or life or trauma that another person is now in prison. I don't want any shit like that to happen to me nor anyone I care about, so I don't think I can help sending out mixed messages saying both "it's not your fault" yet "try harder not to become a victim". If you got a means that doesn't rub anyone the wrong way, I'd love to hear it.

Re:The cloud

[Darinbob]

But they had backups! In the cloud!

Re:The cloud

[Darinbob]

Some of it is too much trust in the marketing. Amazon cloud services _sound_ like a great idea, same as any marketing that is trying to sell you something. More skepticism helps, as that can lead to adding in risk management as part of the plan.

This should also happen at Amazon and other cloud services thingies; make sure there's a good risk management plan, allow the customers to call up (even with video so you can see their faces) and have an account locked down, have off-site backups that can't be erased automatically, and so forth.

Re:The cloud

[Darinbob]

I think the offsite backups where not their own offsite backups, but managed by Amazon. Which is really not what I would consider an offsite backup.

"where's your data"
"in the cloud"
"where do you keep your backups"
"um, in the cloud..."

Re:The cloud

[HiThere]

In this case I think it's people going:
Now let's see...if I was setting up that kind of a service, how could I avoid that problem.

Mind you. your comment about hindsight was dead accurate, but I don't think it's exactly "blame the victim", more "How could I avoid being the next victim?".

Re:The cloud

[Darinbob]

But people should realize that criminals exist, and further that there may be non-criminal related distasters. If you're going to build a business make sure it is not based upon a single point of failure, you need to make sure that not even a member of your own staff can destroy the business.

Sure, you don't blame the victim for committing the crime, but that doesn't mean that victim shouldn't have locked the door.

(the minidress doesn't matter one bit, it's the walking around in the park at 2am that's the problem, rapists aren't encouraged by the style of dress but the opportunity and desire for dominance; rapes are not restricted to hot chicks in sexy clothes)

Re:The cloud

[Darinbob]

Sure you can sue the victim. Bank gets robbed and it turns out they forgot to turn on the security alarm at the end of the day, then hell yes they can legitimately be sued. If I put my money in a bank they absolutely have an obligation to make a good faith effort to protect that money rather than a half assed attempt.

Re:The cloud

[Darinbob]

Wait, that's the same combination I have on my luggage!

Re:The cloud

[Darinbob]

Blaming a victim often implies that there's only one victim. In this case the customers of the web site are also the victims, they're a victim of poor security practices of the first victim. So the rape analogies are just way off base here.

Re:The cloud

[stoborrobots]

Besides, where does this "blame the victim" attitude always come from? It's ridiculous.

Different analogy: if you walk across a known-to-be-landmined field, who is to blame? The person who put the landmines there 30 years ago, the person who left the gate unlocked last night, or you?

Re:The cloud

[vux984]

All that presupposes you do this and the hacker never gets in.

But

a) once the hacker is in they can do all that, they can change the billing info, they can change the ACLs to lock you out too, etc.

b) Its clearly more more sophisticated to both prevent a hacker getting in and knocking them out once they are, making the cloud riskier than more traditional methods of hosting.

Re:The cloud

[vux984]

Thus, it wasn't the clouds fault....it was Code Spaces fault for not having the proper infrastructure.

Nobody is "blaming the cloud". The cloud is just inherently riskier.

You need to setup more sophisticated infrastructure up front to keep someone out, because you can't fall back to "pull the plug on them".

Re: The cloud

[I'm+New+Around+Here]

Not if they don't have to.

Re: The cloud

[kwbauer]

Not asking for it but intentionally putting herself into a dangerous situation.

Please answer this. If you have a teenage daughter, do you teach her about being careful about putting herself into dangerous situations or do you simply tell her to do whatever she wants because if something bad happens, the perpetrator will be punished after its over.

Re: The cloud

[kwbauer]

Again, we are saying that the rapist should go free or his sentence be lessened because the victim's provocative dress should be considered a mitigating circumstance.

We are saying that bad people exist and people should act accordingly. Dressing provocatively and walking alone in certain areas at certain times may lead to undesirable things happening, so we should council women to be consider not doing it for their own safety. An ounce of prevention and all that.

Re: The cloud

[kwbauer]

Correction: NOT saying that the rapist should go free...

Re:The cloud

[kwbauer]

Please don't tell me you work for a security firm or Brinks or anything.

Have you ever wondered why they call them "armored trucks" and don't simply deliver all that cash in a family sedan or keep the vaults locked at night in a bank? Their insurance companies require them (have placed them under an obligation) to do all they reasonably can to prevent theft (a crime in most jurisdictions).

I would also argue that all parents have two moral obligations in this area as well. First, they are morally obligated to not put their minor children in situations where they reasonably believe a crime might be perpetrated against them. Example: Don't hire the serial, self-confessed child rapist as a baby-sitter. Second, they are morally obligated to teach their children not to harm others (harming others is frequently a crime).

Re:The cloud

[kwbauer]

Only an uncivilized society would charge a victim with a crime for defending themselves.

Re: The cloud

[lucm]

There is a room with a serial killer inside. I show him to you through the glass, I tell you that if you went inside he will probably kill you. You decide to walk inside and are killed but are in no way responsible for your own death. Interesting.

This is pretty much the Ingrid Betancourt story, with the exception that she survived and is now called a heroine.

Re:The cloud

[kwbauer]

Or we try to learn from mistakes the victim made so that maybe we can all (including the victim) not make the same ones in the future. Granted, that might not be all who appear to be "blaming" the victim but I'll assume that it is a significant percentage.

We also have to remember that there were two victims: the hosting company and the customers of the hosting company. If the hosting company made representations that they had proper security and backup procedures in place and didn't, then yes their customers can blame them for any losses suffered by the customers.

Re:The cloud

[kwbauer]

Well, only if she was the victim of the very first mugger ever or that this was the very first mugging ever to have happened in said town. If said town was full of muggers in said park during the hours of midnight to sunrise, then possibly the precautions you mention might have been reasonable.

To offer a hosting company analogy to the mugging analogy... If this was the first time that a cloud provider had ever been attacked then maybe the hosting company had taken all reasonable precautions. If, however, other similar attacks had previously been committed against other cloud providers and information about such attacks and ways to reduce exposure to them had been widely available early enough for the hosting company to have known this hypothetical information and to act on it and still ignored them, then maybe the company is partially to blame (in the eyes of the hosting companies customers).

Re:The cloud

[rtb61]

As a hosting company security is their responsibility, they got penetrated, their fault. When you claim to provide security and you fail it is your fault. They are not victim, they are professional who failed to provide the service they claimed to provide, secure hosting.

Re:The cloud

[Noah+Haders]

I don't know anything about the security and backup practices other than what I read in the summary. but I'm sure that the industry has "standards of care" which define what reasonable precautions should be taken, and it would be a matter for a lawsuit whether or not the company lived up to the standard of care or if they didn't and should be liable for damages. It would be unsurprising if a startup went broke before they could pay any damages, and if the case turns out to be that the owner fled in the night, then he'll be tracked down and sued personally. it's a non-story.

the interesting part is about the criminal. First he hacks in and tries to extort money. That at least is rational. he wanted an easy buck, he saw an opportunity, so he went to take what he could. but in this case, when the guy couldn't get his money, he went in and destroyed everything. it's like somebody who breaks into a bank and burns all the money. what kind of person does that? its irrational and the sign of a fundamentally unbalanced person.

put it another way, pardon the rush to extremist analogies. It's reasonable to expect a bank to take precautions to keep all the money safe, but is it reasonable to expect them to protect against people walking in and shooting up the place? not to take money, but just to take lives and cause destruction. some may argue that banks are high value and should plan on being secure from any threat. ok, then what about schools? or a playground? or a mcdonalds? when you're dealing with people who are ready to burn things down, you can't prepare for or defend against that. And that is scary.

Re:The cloud

[tigersha]

I agree. Whenever some hacker whackjob here destroys things /. always goes into "blame the victim" and "they should have had better security" and "hackers can do whatever they want because they are attacking 'the system'". No. Screw the hackers. I am fully for the British government's idea of making the punishment proportional to the damage caused which would basically entail life-long imprisonment. Actually I am all for the death penalty for serious hacking and virus cases. Start shooting the bastards.

Re:The cloud

[tigersha]

No they should not go to prison for a long time. They should be shot.

Re:The cloud

[hawkinspeter]

Even worse, they claimed to have offsite backups which they clearly didn't have.

Re:The cloud

[TheCarp]

Even in nice places bad things happen, and college towns, sometimes attract certain kinds of scumbags, despite being, otherwise, pretty good and safe places to live, if you don't mind the occasional loud music or puke on the sidewalk.

Re: The cloud

[godefroi]

How about extortionists? Are they moral actors? I don't see how going from extortion on the internet to rape of a woman isn't shifting the goalposts.

I think Q put it best, when he said, about the internet:

"It's not safe out there. It's wondrous, with treasures to satiate desires both subtle and gross. But it is NOT for the timid."

Re:The cloud

[lsatenstein]

But that would have cost the company a little more money.

Sometimes there just isn't that little more money. And what commercial/financial value does Codespace have/had?

Re:The cloud

[TheCarp]

Am I? No and I don't see why you would even ask that.

Did I once talk about blame or fault? No; and I would appreciate you not trying to put words in my mouth thanks.

The world is what it is and that is not and never will be one of perfect safety. Blame is 100% on the attacker but, blame doesn't fix anything. Blame doesn't prevent attacks. However mindfulness of ones situation can prevent a lot of situations...even ones that would have been someone elses fault.

Should I, as a motorcycle rider, avoid staying too far to the right where a car door could open in front of me? Or is it enough to know I can blame the car driver for not looking before opening his door. Law says he is wrong....so that should totally fix any injuries I might sustain. Right Thats how it works in your myopic little world eh?

Re: The cloud

[cbiltcliffe]

See, the lions are generally not considered to be moral actors. Humans usually are.

You must know a different bunch of humans than I do.......

Re: The cloud

[bitterblackale]

A moral hacker would not have done this. Yes, that person is a total jerk. However, a moral business would have taken security more seriously. Your bank is responsible for your money, and it's a crime to leave the vault open and unattended. Having bad security practices is no different.

Re:The cloud

[mtthwbrnd]

I doubt their T&C stated that they take responsibility for the users data. Most T&C absolve the company from all responsibilities.

Re:The cloud

[cwsumner]

Besides, where does this "blame the victim" attitude always come from? It's ridiculous.

Different analogy: if you walk across a known-to-be-landmined field, who is to blame? The person who put the landmines there 30 years ago, the person who left the gate unlocked last night, or you?

Just like the the answer to a test, back in school, the answer is:

D: All of the Above.

Re:The cloud

[HornWumpus]

The customers are really only victims in a big way, if they didn't keep their own backups. In which case they also did stupid things.

Re:The cloud

[HornWumpus]

Your not a moron.

I've walked in on a Monday and found the tape changer hard at work backing up the CD tower (this was a long time ago). Hadn't got to dev or live yet.

Backups should be the last thing handed to a 'new guy'.

Re:The cloud

[HornWumpus]

One party rule?

Re:The cloud

[HornWumpus]

How about: 'If you want to be a candidate for an office that involves writing laws, you must forever give up your license to practice law.' Get to the heart of the problem. Lawyers writing laws to benefit lawyers.

Re:The cloud

[HornWumpus]

When your former employer get sued and you spend months giving depositions and otherwise wasting your time while not getting paid, you will understand the true cost of working for a chickenshit organization.

You don't have to be personally liable for lawsuits to splash shit on you. Best bet is to work with competent people. Saves your health too.

If you are starting out, you might have to take any job. But once they start assigning you responsibility, you have choices. Exercise them.

Re:The cloud

[tibit]

They did have offsite backups, but the credentials required to wipe those backups were the same as the credentials needed to access the live site.

Re:The cloud

[hawkinspeter]

If the backups were offsite, then how did they get wiped?

Re:The cloud

[tibit]

They were in an offsite Amazon data center - offsite from the instances running the live site. Still, they are not immutable, if you have right credentials you can erase them. So, if the data center hosting their live instances was wiped out by a tornado, the data would survive in the offsite location. Here a criminal with a password was more powerful than a natural disaster. Of course this was because they used one set of credentials for everything. They shouldn't have.

Re:The cloud

[hawkinspeter]

That sounds more like an online backup (although geographically distinct) than an offsite backup.

Backing up your cloud in your cloud...

[QilessQi]

...doesn't seem to work so well.

Re:Backing up your cloud in your cloud...

[gstoddart]

Yo dawg, I hear you like clouds.

Re:Backing up your cloud in your cloud...

It's clouds all the way down.

Re:Backing up your cloud in your cloud...

[frank_adrian314159]

Yo!

I like big clouds and I cannot lie...

Just unplug your server from the internet...

So you just unplug your server's network connection from the internet while you fix the damage... oh. cloud stuff needs constant internet connection? hm. well I guess that's it then. It was an honor to serve with you. BOOM!

Re: Just unplug your server from the internet...

Well, sounds like they first attempted to fix it themselves using ther mad 1337 skills. Amazon cloud is run by adults, and they must have a large staff of top notch security experts. This might sound like monday morning quarterbacking, but if they really feared this threat, they should have called amazon so that not only could they put their instance on ice, they might have gotten some help in hunting down the creep.

Re: Just unplug your server from the internet...

[BUL2294]

Who do you "call" with most cloud vendors? After all, sounds like whoever was doing the DDOS to extort Code Spaces could have also "called" Amazon to do any number of things, as whoever it was had the passwords, other accounts, etc.

Unless you're one of Amazon EC3's largest customers (e.g. Netflix), you're one of thousands of low-paying customers with rudimentary authentication. Amazon should have an "oh shit" master key that relies on old-school technology, like a RSA number keyfob that the client's president keeps in a locked drawer. That would be the nuclear option. But if something like that were available, it might have cost the client an extra $10/month...

Re: Just unplug your server from the internet...

[Penguinisto]

Who do you "call" with most cloud vendors? After all, sounds like whoever was doing the DDOS to extort Code Spaces could have also "called" Amazon to do any number of things, as whoever it was had the passwords, other accounts, etc..

I've actually worked with them once - sure someone could impersonate them, but you could just as easily call up, explain the situation, and then prove you're the rightful owner of the account (using info that most script kiddies aren't going to think of gathering in the first place, let alone spoof the original contact phone #.)

To their credit, Amazon is actually fairly intelligent and responsive, even to small accounts.

BTW - if you use/handle it right, each instance comes pre-made with a specific SSH auth keyset for root, and you're the only one with the private key (even Amazon doesn't have it) - store/use that as your proof by logging into an instance with one (it's something the script kiddie definitely won't have).

Re: Just unplug your server from the internet...

[ZeroPly]

Have you worked with service providers? From the time you've dialed their number, what is your estimate of how long it takes to get someone on the line who can lock down an entire corporate account? Remember that there's a big authentication issue there - how do they know it's not a prank call?

By comparison, I can get to our server center and completely isolate us and all our data from the Internet in under 10 minutes.

Re: Just unplug your server from the internet...

[rnswebx]

The funny thing here is that Amazon offers two factor auth with an RSA key (or app for smartphone)

Re: Just unplug your server from the internet...

The key is downloaded through the web browser the moment it is created. It cannot be downloaded ever again. It's possible that Amazon has it stored, but unlikely and not relevant to your assertion. There is no need for them to store it.

I can't think of a better argument...

[Lab+Rat+Jason]

for air gapped backups.

Re:I can't think of a better argument...

[Russ1642]

If your backups are sitting right next to your active files they aren't backups. They're just copies sitting there.

Re:I can't think of a better argument...

[Richy_T]

There may be better ones but this is sufficient all on its own. As the poster above me says, if it's not offline, it's not a backup.

Re:I can't think of a better argument...

[CAIMLAS]

Or for in-house networks.

Pretty trivial to just pull the cable when your kit has been compromised and you're facing extortion.

Re:I can't think of a better argument...

[gsslay]

Why isn't this standard procedure for all data repositories?

Doesn't matter how efficient and secure you are, if one person can wipe absolutely everything from one control panel then you have a risk that is not being addressed. And one that isn't even difficult to address.

Re:I can't think of a better argument...

[Charliemopps]

for air gapped backups.

It has to be more than that. We had a policy of air gapped backups that everyone followed. But we had several different sites with several different admins. There was a large hurricane and we found some flaws in the system to say the least.

In several cases, the backups were kept IN the drive... they were gone.
In others, they removed the backups, put them on top of the server or in a desk draw.... gone as well.

In others, they actually removed the tapes from the site, but often they were taken home by the admin or other staff... in those cases we faired slightly better because both the site and the staffs house would have to be under water. Hurricanes are big however, so we had about a 50% success rate there.

In some cases they had a safe on site. This proved marginally better... the tapes were safe in most cases. In one instance we had a rather brave Admin fly across the country, take a cab out to the site and the literally SWIM to get the tape. But in a lot of cases the tape was OK, but the safe was under water. So we weren't able to retrieve it for days.

The sites where local admins stored the tapes at local banks faired the best. So now that's our policy. Backups get stored off-site, in a vault. Technology is better now so we also do remote backups across the net now as well in case the bank is under water as well. But no matter what, we can always head to the bank vault. Ok, I guess a meteor would ruin our day, but you cant plan for everything.

Re:I can't think of a better argument...

[DoofusOfDeath]

If your backups are sitting right next to your active files they aren't backups. They're just copies sitting there.

I think that's an oversimplification. They're still backups. They're just not backups against some failure modes that people would have expected.

Re:I can't think of a better argument...

[nine-times]

There was a large hurricane and we found some flaws in the system to say the least.

That's why you have backups in different geographical areas.

The sites where local admins stored the tapes at local banks faired the best.

Have you considered a service like Iron Mountain? They'll send out a truck to pick up your backups every day, if you like, and store it in a very safe location.

Re:I can't think of a better argument...

[Charliemopps]

There was a large hurricane and we found some flaws in the system to say the least.

That's why you have backups in different geographical areas.

The sites where local admins stored the tapes at local banks faired the best.

Have you considered a service like Iron Mountain? They'll send out a truck to pick up your backups every day, if you like, and store it in a very safe location.

Iron Mountain doesn't serve most of the areas involved. We have dozens of VERY rural sites. Like the top of a mountain, or out in the desert, or along the Mexican border kind of rural. One remote on a mountain gets so much snow build up on it we have a local guy contracted to shovel snow off of it weekly so it doesn't overheat. Another is at the bottom of a canyon on an Indian reservation. The tech has to ride once a week on a helicopter to get to it. In the event of an outage he literally takes a mule down the face of a cliff to get to it. Places like that really do still exist in the United States, as hard as it is to believe.

Re:I can't think of a better argument...

This.

Insurance that doesn't cover tornadoes is still insurance... that doesn't cover tornadoes. You can't complain when you save money on the insurance (by excluding that part) and then get hit with a tornado.\

-Kris

Re:I can't think of a better argument...

[Nkwe]

In the event of an outage he literally takes a mule down the face of a cliff to get to it. Places like that really do still exist in the United States, as hard as it is to believe.

Good example of a high bandwidth, high latency data transfer.

Re:I can't think of a better argument...

[pnutjam]

I'm considering starting an offline/offsite backup service using flash media and mail, with some other options. Storage would be encrypted and hashed to prevent bitrot. Just curious if anyone has some constructive criticism.

Re:I can't think of a better argument...

[operagost]

IP over equine carrier?

Re:I can't think of a better argument...

[nine-times]

The idea has some potential. Figure out the best media for it-- a specific model of external drive that's rugged, high capacity, but also light/thin for cheap shipping costs. Figure out a fitting rotation scheme to keep the price down. For example, if you dropped a new backup in the mail every morning and kept them all offsite for a month, you would need at least 30 drives (ignoring the time it takes to ship the drive offsite and back). That's potentially a lot of money, plus shipping and warehousing costs.

Alternatively, you could do something where you try to time it so they drop it in the mail at the end of each week, and they receive it back two weeks later-- basically they ship it to you and you almost immediately ship it back-- so then they'd only need 2-3 drives. If you held onto one drive per month for 3 months, and then 3 monthly snapshots per year, indefinitely, then that means you'd need 3 drives to be in the weekly rotation plus 3 for the monthly rotation, plus 3/year for permanent offsite, it means you (or the client) need to buy 6 drives + 3/year. That doesn't seem so bad.

Like you said, make sure they're encrypted and hashed, not just to guard against bitrot, but to guard against snooping and damage in transport. All in all, that might not be a bad solution for areas that are rural enough that you can't get Iron Mountain, and your Internet connection is too slow to push your backups over the Internet. I don't know how large that market is or how much they'd be willing to pay.

Re:I can't think of a better argument...

[pnutjam]

I'm thinking what your describing is a small part of the market, which I will probably pursue also. My main thrust is going to be for archival type backups, family photos, legal documents, etc. Things that are stored for years and rarely looked at. I want to start with annual and quarterly plans. I see alot of potential customers in the sub 32GB market, judging from past restores I've done where clients have almost lost data.

I also want to offer something for larger data sets, but it would be expensive and hence a limited market.

Thanks for your feedback. I am working on a pilot site at http://www.o2ark.com/ (probably won't be up for a week or so, but check back if your interested).

Re:I can't think of a better argument...

[nine-times]

I feel like archival settings might be even trickier. There are two additional problems that jump to my mind.

First, it would mean you'd want to recheck the hash on a regular basis, and doing that cheaply is a bit of a logistical problem to solve in itself, but it only raises the question: what do you do when the hash comes back bad? The best solution that I can think of is to develop a system where the data is automatically duplicated to another medium and both are checked regularly, and if either one turns up defective, you restore it from the other copy. I don't know if this is what you had in mind, but the best option in this case might be to load all the data from the flash media you receive into your own server and use a filesystem with it's own check-summing to prevent bitrot. You could then keep that server backed up effectively and efficiently and reuse the USB keys. All this would increase the complexity of the operation, but probably work better.

The second problem is making sure clients can manage, find, recall, and decrypt their data once you have it. Imagine I periodically ship a 32 GB drive to you, and eventually I've shipped 20 of them out to you. I'm a good customer, spending a bunch of money with you. Now I go, "Hey, I want this specific file back, but I don't remember what key it's on, and I don't have the decryption key anymore." Yes, if I do this, I'm an idiot, but when you're dealing with customer service for the general public, you're dealing with idiots. So my question would be, how are you going to keep that from happening?

So there are a couple different problems here. One might already be solved by the software you plan on using to encrypt/hash the data. Does it keep an index of all of these archives that the user can search? Ideally, if you dumped things to a server like I mentioned earlier, there would also be a way for clients to connect remotely and view the contents of their archive, assuming that they have the correct encryption key or password. But then there's a second problem: If you're safeguarding against people losing this data due to a computer crash, fire, flood, etc., how do you make sure they have a backup of that index and the encryption keys? I kind of feel like, now you need a second service that does the same thing, just so I can ship the index and keys to *that* service. Or only require a password and not encryption keys, I suppose.

Re:I can't think of a better argument...

[pnutjam]

Yes, my plan is to move the data to offline servers to perform the checks, probably two to begin with. I would love to avoid both file indexing and storing encryption keys. Which I will try first, that way I can avoid any warrant issues. I don't plan to support incremental backups. I will store multiple volumes, but what's in them is your business. Ideally I would like to rotate out the old volume when a new volume comes in, that's why I am marketing this as archival backup. I suppose I should plan for some multiple set system. Ideally the multiple sets would be onsite and archives would go offsite less frequently. I'm not targeting the backup every week crowd, although I should make an option available.

Re:I can't think of a better argument...

[tibit]

family photos

sub 32GB market

My wife's camera has a 32GB SD card, and she fills it up regularly. We have terabytes of family photos, and it's just occasional shooting, she's not much into photography, and those aren't raw files either. I don't think it's a very unique kind of a situation.

Re:I can't think of a better argument...

[pnutjam]

Do you use any sort of cloud storage for those? My brother does video production and most of the offsite storage products are prohibitively expensive once you get into that territory.

Re:I can't think of a better argument...

[tibit]

I have my own offsite storage: a few encrypted hard drives distributed among friends. Works great.

Re:I can't think of a better argument...

[pnutjam]

yes, I agree. Obviously your not my target market.

Whoever pulled this off

would you mind going into ebay.com & deleting my account?

Ebay refuses to close it.

Re:Whoever pulled this off

[sexconker]

would you mind going into ebay.com & deleting my account?

Ebay refuses to close it.

Move to Europe and sue them under your new right to be forgotten.

Well that escalated quickly

[ACK!!]

At least they had backups of their cloud data in a safe place where no random asshat could just go in and waste the data. That is a code hosting company you can trust with your stuff that is for sure!

No offsite backups?

[cHALiTO]

They didn't have offline backups? tapes? I'm not familiar with codespaces service, but how come the backups could be deleted remotely?

Re:No offsite backups?

[gstoddart]

No, because it was all in Amazon. Who needs tape when you have the cloud, right?

So the stuff they had backed up from Amazon to Amazon, was still controlled by the same logins (or the ones the hacker had created).

So when he/she/they started deleting stuff, the backups also got deleted.

Sounds like a brilliant strategy, and an epic demonstration of what can go wrong with the cloud.

If you host your own stuff, you do your own backups. If you backup your cloud data to the cloud using the same stuff as the rest of it ... well, your backups are hardly secure, are they.

So unless Amazon has offsite tape backups (which I highly doubt) ... they're pretty much screwed.

I think this is about the same as backing up your hard drive to itself so you have a spare copy.

Re:No offsite backups?

[Threni]

You mean if you copy "file.txt" to "file-copy.txt" in the same folder you've not performed a backup? Wow! I learned something today!

I hope their customers get their money back! Or did the attackers copy "all our bank details.txt" as well?

Re:No offsite backups?

[Bengie]

No, because it was all in Amazon. Who needs tape when you have the cloud, right?

A rule of thumb that I've heard was "It's not backed up until on at least 2 different media types, at least 2 different file systems, and stored in at least 2 different physical locations".

Re:No offsite backups?

>

I think this is about the same as backing up your hard drive to itself so you have a spare copy.

This is the crux of the matter... they had backups meant for accidental delete events (like copying a file you edit over to file.orig just in case you fuck it up) but that is of absoultely zero use in a malicius delete event.

Re:No offsite backups?

[jeffmflanagan]

>Sounds like a brilliant strategy, and an epic demonstration of what can go wrong with the cloud.

No, it's just an example of what can happen to incompetent people. There's no reason to believe that these people would not have also failed to have offline backup with local servers. There was nothing to prevent them from keeping backups locally or on another cloud.

Blaming cloud computing for this is completely idiotic, and about what I expect on the dumbed down Slashdot these days.

Re:No offsite backups?

[Anne+Thwacks]

You have been short-changed.

If its worth money:

Hve three copies, on three media types in three locations.

Not so sure about file systems. If you have proprietry backup software, then you will never get the data when you really need it. tar loves you!

Re:No offsite backups?

[anolisporcatus]

I agree, there always need to be multiple backups in multiple locations, especially if it is someone elses information.

Re:No offsite backups?

[nine-times]

I don't think you necessarily need to backup to tapes yourself. If you backed up your Amazon stuff to Rackspace, for example, you would be protected both against someone gaining access to your Amazon account, as well as a systemic problem with Amazon. Just so long as there's nothing in your Amazon account that would allow an attacker to access your Rackspace account, that should be a pretty good solution.

No solution is perfect. You're just looking for one that's extremely unlikely to break.

Re:No offsite backups?

[freeze128]

So now it's a double tragedy? Codespace doesn't have offsite backups AND Amazon doesn't have offsite backups? Shame on BOTH of them!

Re:No offsite backups?

[gstoddart]

You know, I've actually heard people championing cloud stuff saying "we don't need to keep backups, it's in the cloud".

People act like the cloud is full of unicorns and rainbows, and makes all problems go away, and then they do really stupid things like this and realize that isn't the case.

The problem, is that people buy into it, and then when they realize they've made poor decisions, it's too damned late.

It sounds like Codespace more or less created their own mess, but it's their clients who are really getting screwed.

Re:No offsite backups?

[pnutjam]

maybe glacier?

Re:No offsite backups?

[pnutjam]

one online, one backup, on archive if it's important

Pretend your Noah, god has commanded you to take 2 copies of all your data and put it on an ark.

Re:No offsite backups?

[Rakarra]

"We don't need those computer guys! The cloud service will handle our IT needs, then we can get rid of our IT people."

Except at that point you're getting rid of your IT expertise who can tell you what you actually need.

Re:No offsite backups?

[Rakarra]

Funny, smarmy assholes with 7 digit IDs and a Google+ login ID is what I expect from the dumbed down Slashdot these days.

Ouch! :-)

Re:No offsite backups?

[ZombieBraintrust]

I 'm sure Amazon does. I probably just costs more.

Re:No offsite backups?

[afairch]

about what I expect on the dumbed down Slashdot these days.

Funny, smarmy assholes with 7 digit IDs and a Google+ login ID is what I expect from the dumbed down Slashdot these days.

Funny, I expect the ones with 6 digit IDs...

Re:No offsite backups?

[david_thornley]

My personal important stuff is on two computers and on Dropbox*. I figure that a legal issue that wipes out Dropbox is highly unlikely to coincide with a disaster that destroys my two home computers.

There's nothing wrong with a cloud backup. As long as the originals aren't in the cloud. Similarly, there's nothing wrong with originals in the cloud - as long as you've got a local backup.

*If the NSA looks at what I've got on Dropbox, they're using time and resources they could be using to pry into something somebody else wants to keep private from them. I'm providing a very small public service here.

Re:No offsite backups?

[thejynxed]

In this day and age of ransoming extortionists, folding companies, and natural disasters, you better have the paranoid amount and never do fewer than 6 backups.

Re:No offsite backups?

[I'm+New+Around+Here]

Watch your back. There's still double and triple digit IDs floating around here. Someone may yell at you to get off their lawn. :^)

Re:No offsite backups?

[I'm+New+Around+Here]

No, you do Save As..., and add a number at the end of the filename. That's how the pro's do it.

Re:MS

[lucm]

That jail must be very crowded with all the nigerian scammers and fake craigslist landlords who use hotmail to scam people.

If your operation is compromised, shut it down

The guys behind Code Spaces should be issued a citation for Operating While Pwned. If you know admin access is compromised, shut it down out-of-band.

Re:MS

[dale.furno]

Any self respecting bassmint dweller would not have used their home network to do this.

So what to do about it

[bugs2squash]

Presumably when they realized that the attacker had access to their control panel they shoulda coulda (yes I know I hate that too) called Amazon and had them shut everything down until order could be restored.

The dog ate my homework.

[Thanshin]

I must be a cynic but my first reaction is to think:

1 - Create cloud based system.
2 - Sell subscriptions for hundreds of $.
3 - Announce hacker attack!
4 - Profit.

Re:The dog ate my homework.

[Megane]

I particularly like the bit about "real-time backup". Backup to where, exactly? If it's "real-time", it's probably not to something off-line like tape, and may even be just a filesystem that keeps old versions around.

Not a Great Response

[Edrick]

If you're a hosted site with important data and your site is compromised, the first & best move is to cut the cord immediately. Contact Amazon (or whomever is hosting the data) and get all access shut down instantly and immediately, thereby ending the attacker's ability to do anything further. This will cause an outage, but at least everything is safe.

Working with Amazon, they can create a new account, give it a strong password, and begin cleaning up the mess with the new account (which the hacker will be unaware of). Now they can, at their own leisure, change passwords, administer accounts, delete crap created by the hacker, etc...Trying to outpace a professional hacker at their own game is a gamble that isn't worth it---especially if no offsite backups exist!!!

Lastly, they should be forwarding all of the email/attacker info to Amazon, Microsoft (Hotmail), and to the authorities. Whether they can be caught or not is up in the air, but odds are almost certain that this attacker has hit other sites and would eventually have different cases correlated to each other.

Safety & security of data is #1, fixing damage caused is #2, and accountability is #3. Securing the site against future attacks is part of #3---there's no reason to put the site up (or leave it up) and risk further attacks, thereby risking data loss or a security breach.

Re:Not a Great Response

[jader3rd]

Contact Amazon (or whomever is hosting the data) and get all access shut down instantly and immediately, thereby ending the attacker's ability to do anything further.

But what if the attacker is the one contacting Amazon to shutdown everything? Do you want your business shut down by random teenagers calling Amazon, telling them to shut everything down?

Re:Not a Great Response

[Nemyst]

If the attacker has access to the financial details used by the company to pay for the hosting, which is generally how you can authenticate people safely, you have much bigger problems.

Re:Not a Great Response

[drinkypoo]

How do you propose Amazon distinguishes between the owners and the hacker impersonating them, once the hacker has obtained their logins and passwords?

The same way literally everyone else on the planet does it, by verifying the billing information.

Re:Not a Great Response

[Oligonicella]

Which - for the benefit of the buffoon you're responding to - is kept by Amazon and is out of reach, unless the subscribers are beyond abysmally stupid and had files with said information in blatant view on their cloud, making them culpable again.

Re:Not a Great Response

[T.E.D.]

Working with Amazon, they can create a new account, give it a strong password, and begin cleaning up the mess with the new account (which the hacker will be unaware of). Now they can, at their own leisure, change passwords, administer accounts, delete crap created by the hacker, etc...

I'm missing something. In order for you to use that nice new account with the strong password, Amazon is going to have to connect your data servers back up with the internet, right? And the instant they do that, the hacker has all their access restored too, right? What's stopping them from immediately changing this new account's password to something they know? Or deleting it? Or doing all sorts of other nasty things before you discover each and every hidey-hole they made for themselves?

Really, I don't see how you can cleanup an attack in realtime with the network up without it turning into a game of corewars (which your side is not likely to win).

Re:Not a Great Response

[FilmedInNoir]

That seems logical and intelligent,so I'm going to suggest two possibilities.
Either the people running Code Spaces are morons or they cooked up this hacker story to cover their tracks because of something else.
Either, again that they screwed up because they are morons, or that they are hemorrhaging money and wanted to shut down.

Re:Not a Great Response

[guruevi]

The billing information is most likely right there in the control panel in order to make your cloud payments. It was stupid of them to not anticipate this attack but a lot of companies are vulnerable to this.
- Imagine this happens with an Amazon/Microsoft/Google... admin account; they could blow away entire data centers
- Imagine this happens to someone's Office365 hybrid account - now they not only have access to your Cloud products but also your linked local Exchange servers

Re:Not a Great Response

[Fruit]

But what if the attacker is the one contacting Amazon to shutdown everything? Do you want your business shut down by random teenagers calling Amazon, telling them to shut everything down?

Well, at least you'll still have your data.

shut down immediately and lock up

[stenvar]

If someone has penetrated your system so that they have root or admin privileges over all your machine, you shut down immediately. In the physical world, you pull the plug. On Amazon, you immediately tell Amazon to lock things down, disable all passwords and administrative control, and then work back up to fixing things.

Re:shut down immediately and lock up

[tlhIngan]

If someone has penetrated your system so that they have root or admin privileges over all your machine, you shut down immediately. In the physical world, you pull the plug. On Amazon, you immediately tell Amazon to lock things down, disable all passwords and administrative control, and then work back up to fixing things.

But that's so 20th century! I mean, in the 21st century, if you can't do everything yourself without having to deal with another human being, then it's broken! Interacting with other humans is so... icky.

Re:shut down immediately and lock up

[klode]

I have vague memories of a case from a long time ago, where an attacker had put some sort of data encryption in place with the key only in memory. Assuming that memory isn't from a fever dream...

1) While the system was up and running, data could be copied to/from the server in unencrypted form.
2) Pulling the plug meant losing access to the data, because it meant losing the encryption key to the on-disk information.

Re:shut down immediately and lock up

[Lab+Rat+Jason]

My safe word is "Apples."

Re:shut down immediately and lock up

[stenvar]

Well, you look at all the possible risks of each of your actions and then make the best decision. That kind of attack is unlikely compared to many others, so you're better of shutting down.

Re:EC2

[Richy_T]

The trade-offs can be really good even for a large company. It has to be done right though and many companies don't even do their local IT properly.

Picard and Dathon at El-Adrel

[Thud457]

Lord Kril at Rylos.

The cloud

Normally things form clouds AFTER going up in smoke. With the 'new technology' it is the opposite.

Facking Idiots

[l0ungeb0y]

Not providing for your own OFFLINE BACKUPS is a reckless oversight of such magnitude that I am entirely incapable of having sympathy for these asshats. We need a few examples such as these to serve as cautionary tales for those who think the Cloud is the answer to everything.

Re:Facking Idiots

[iggymanz]

nothing to do with being cloud based or not, just proper attention to good systems operations practices was lacking.

even not doing the obvious and blocking all newly created accounts after certain time is just incredibly irresponsible.

Re:Facking Idiots

[locotx]

Well there is something wrong when people believe "the cloud" is the solution. It's a misinterpretation of a concept applied. I think the marketing push for "cloud" services being sold as a end all solution for backups, security and data storage gives off the feeling from the early 2000's where websites were being sold for all the things they could deliver, which they didn't. So to say it has nothing to do with "cloud based", I agree from the technical side, but i disagree from the "cloud" concept and marketing pitch side.

Re:Facking Idiots

[Rakarra]

nothing to do with being cloud based or not, just proper attention to good systems operations practices was lacking.

I thought a big "plus" of the cloud was that you could fire your IT staff because all these concerns were the cloud providers now, not yours.

Re:Facking Idiots

[iggymanz]

but here we're talking about cloud staff being incompetent

Secure. Responsive. 24/7/365. the Cloud.

[swschrad]

and our admin password is "letmein"

Git

[blackiner]

This is why git is such an effective code hosting solution. Everyone who has cloned the repository is a potential backup copy.

Re:Git

[JigJag]

Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it ;)

        Torvalds, Linus (1996-07-20). Message. linux-kernel mailing list. IU. Retrieved on 2014-04-26.

I guess we should update that quote and replace ftp with git

Re:Git

[140Mandak262Jamuna]

Why git? Even clearcase snap shot views are full copies of the repository. (Granted, snapshot views dont have history in themselves and levels of roll backs will be limited). Almost all the source control systems that clone the source repository create full backups. Of course git is much nicer and has replicated history as well.

Re:Git

[sjames]

Well other than "Of course git is much nicer and has replicated history as well", anyone can afford git.

Re:Git

[david_thornley]

And, unlike ClearCase, git is actually reasonably easy to use for what it does.

Re:MS

[sexconker]

Any self respecting bassmint dweller would not have used their home network to do this.

Basement dwellers don't leave the basement.
Basement dwellers are self-loathing, not self-respecting.
Basement dwellers use their own network to connect to proxies, which just makes it more of a pain in the ass to trace back.
Extreme basement dwellers will use other means of accessing a separate network - a cantenna pointed at a neighbors house, a spliced line, whatever. This just means the cops track down the victim, figure out they're not computer literate, and ask "Any people who could have done this?" and learn about the freak in the neighbor's basement.

Hackers don't get caught because law enforcement doesn't care.
When the cops, the government, or a corporation cares, hackers get caught or disappeared.

wrong order?

[roc97007]

Someone else mentioned having offline backups, so I won't belabor that. But once they knew they were compromised, perhaps a smarter thing to do would have been to contact the service provider and take countermeasures (ask for a snapshot of the site as it was, examine and disable accounts, change admin passwords, perhaps contact authorities) before reaching out to the perp. I'm not sure reaching out to the perp was a good idea in any case.

For awhile I hosted a number of websites from a rental space, and I did get compromised once. (security hole in a popular web admin tool) As soon as I detected it, I drove to the physical site, unplugged the server from the internet, and worked from the console. It occurs to me that this might be a difficult strategy to implement with cloud services.

Re:wrong order?

[Anomalyst]

a difficult strategy to implement with cloud services.

Any competent hosting provider has a TCP/IP KVM in their datacenter. They hook it up, give you a password and the IP address and you have console access $500 worth of hardware, money well spent, I'd say

Re:wrong order?

[roc97007]

a difficult strategy to implement with cloud services.

Any competent hosting provider has a TCP/IP KVM in their datacenter. They hook it up, give you a password and the IP address and you have console access $500 worth of hardware, money well spent, I'd say

That really depends on the implementation. It's my understanding that cloud hosting leans heavily on VM, meaning your actual servers are unlikely to be physical. What the "console" means in this case could be problematic, as the "console" is not physical and is generally available in some fashion over the network. The cloud service is unlikely to give you direct access to the host machine's console, because the machine may be (probably is) hosting for several unrelated customers.

What you're describing is what's used in small current installations (smaller than the huge datacenters typical of cloud services) or really old machine rooms. A competent hosting provider wouldn't be pushing a crash cart around -- they would have built "console" access into the infrastructure; using a hardware or software solution as appropriate.

The point being, if the owner could get to the machine's console from the outside, so, potentially, could the perp. Again, depending on implementation.

backup training

[tommyatomic]

So these guys apparently had no training on proper backup policies and procedures.

This is definitely a training issue. Clearly no one taught them how to do proper backups or even what a proper backup policy should look like.

I feel bad for them, but at the point that they have done nothing to protect themselves I cannot bring myself to feel too bad.

Why does no one take their backups offsite anymore or backup to a NAS device that backs itself up to something that can be taken offsite?

Backups Backups BACKUPS!!!

No offline backups?

[krelvin]

Seriously.... no offline backups? Not a real business in that case.

Could Amazon have handled it better?

[Max+Threshold]

Instead of trying to take back control themselves, shouldn't they have contacted Amazon and let them handle it? Perhaps they could have frozen the entire account, locking out both the rightful owner and the attacker, until things were sorted.

Re:Could Amazon have handled it better?

[thejynxed]

They should have tracked down who was responsible, and had a baseball bat liberally applied to their kneecaps.

We have Bunnie. Gather one million dollars...

[steak]

This is a bummer, man.

Re:We have Bunnie. Gather one million dollars...

[Megane]

Oh noes! Now I won't ever be able to get a Novena laptop!

Use Git

[stewsters]

This is why distributed version control is important (git/mercurial), even if you think SVN is easier. Sometimes your remote server will disappear, whether its hackers, fires, or someone forgot to pay the bill.

This must be where IRS stored backups

[Culture20]

This must be where the IRS stored backups of emails.

Re:Secure. Responsive. 24/7/365. the Cloud.

[FictionPimp]

My password is "invalid" so when I type it wrong I get a message: "Your password is invalid."

Not so easy with a corporate network...

[ZeroPly]

Our offsite backups are put in a metal box and taken offsite. Unless you plan on hijacking a truck, it's a lot harder deleting our data than using a nice control panel on the web.

I have no pity

[cyberspittle]

So, after getting blackmail email, first course of action was to take matters into your own hands? The Cloud is just a tool to allow us to be tracked online. I'm going back to dial up and UUCP to select individuals in similar configuration. He he he

Site gap, not air gap

[mcrbids]

IMHO:

1) Backups that don't get done automatically often don't get done regularly, so they should be automatically performed via scripts.

2) Offline isn't as important as offsite. Buildings catch fire, get flooded, disappear into sink holes, get hit by falling jet airplanes.

3) Security matters. Paranoia should be the order of the day.

Just unplug the server

[grimmy]

....oh never mind.

No regular backups?

[xenobyte]

Nothing copied elsewhere or onto tape? - Guess not. The cloud is SOOOO secure...

Re:No regular backups?

[ttucker]

They probably were not even using the MFA provided by Amazon. It is kind of shitty to blame hosting providers for clients that do not even perform the bare minimum of suggested best practices.

Re:Secure. Responsive. 24/7/365. the Cloud.

[zlives]

this changes everything, well atleast my default password

Poor response.

[viperidaenz]

Would the correct response not have been to contact Amazon and have them immediate suspend all access and reset the passwords for them?

Re:Poor response.

[RGRistroph]

Amazon doesn't normally do that -- they just rent the (virtual) servers, the dashboard and other software including the OS would have been installed by the customer, at most they might reboot or shutdown and restart a machine . . . but they provide a self-serve API to do that, so probably not even that.

Unless the access involved the attackers getting the AWS account credentials, I don't think there's much Amazon could do.

Re:Full Circle

[viperidaenz]

You forgot to put Apple in the centralised category too.
HTTP, Internet and WWW didn't exist in the 80s either.

Re:The cloud ; how would a good admin handle this?

[volvox_voxel]

Out of curiosity, lets say you find yourself in the same position where you have a hacker/hackers with multiple accounts, and you want to change passwords, etc. How would you lock the system down so they could not do damage in this case? Is there a way to quickly purge all unknown users ? Could they have spoofed known good users? ..Is it possible to blow everyone else away except for the administrator, and reference an older archive of users? I'm very curious about how you could safely contain such of contagion.

Also, lets say you do have an off-line back-up, but you have a situation where a hacker has access to the usernames and passwords because they somehow got root access. How do you protect all their data once you decide to turn back on-line? Do you send out notice to all your users over their email accounts?

I'm curious about how admins deal with this in the real world.

A case for tape backup.

[bjgreenberg]

If you never heard of the many cases for tape backup, here it is.

That's not a backup

[dutchwhizzman]

Sorry, but a backup is something you keep *off line* for a good reason. This is a near-line copy, possibly at another site we're talking about here.

Re:That's not a backup

[L4t3r4lu5]

Not necessarily. I have a very limited budget, but even I manage to have both online and offline backup. There is a weekly full backup of all data and daily incremental backups to NAS devices on the network. Monday of every week, I copy the full backup done over the weekend to an encrypted USB drive and take it home. Two of these drives rotated weekly ensures there's always a backup off site, and it being encrypted satisfies data protection requirements. On-line backup is good for file recovery, off-line if there's a serious disaster.

The whole lot costs less than £1000 including software, and isn't particularly complicated. I don't see any reason for this kind of breach to cause loss of so much data unless there were some extremely incompetent people involved.

Re:Full Circle

[david_thornley]

The Internet existed in the 80s, and was descended from a 70s project. HTTP and the WWW came later.

better businesses prepare for disasters

[Chirs]

Nobody is saying they were legally responsible to prevent crime.

People *are* saying that they were poor businessmen who didn't plan for disasters. (What if the cloud provider failed catastrophically, or they lost all the passwords, or any number of other catastrophic events?)

distinction between managed and unmanaged

[Chirs]

With managed hosting, the provider handles support, backup/restore, etc. Typically with "the cloud" the resources are unmanaged. The end-user is responsible for all of that stuff.

I don't believe Amazon themselves offer managed services, but there are lots of other companies that will sell you managed services built on AWS.

Re:Secure. Responsive. 24/7/365. the Cloud.

[Calydor]

Dammit. Time to update my password to hunter3.

Re:Full Circle

[viperidaenz]

It wasn't anything like what it is today until 1989 when BGP was introduced and the last of the centralised routing was removed when ARPANET was decommissioned in the early 90's

The term "internet" was short for "inter-networking" and described any situation where two or more networks were connected.

Common Security Practise

[muphin]

I believe the owner of the EC2 had 1 single account (root account) when he should have setup 2 factor authentication for such an account and then created separate accounts, this would have prevented his issue using the security policies AWS has in place....
AWS is always targeted and being reliant on a single account for security is negligent.
So you people out there that use AWS, PLEASE don't use the default account, secure it with 2 factor and then create individual accounts for the services, using security policies to allow communication between each other. - from an AWS certified engineer :)

AWS HA and 2FA

[mrklamarr]

Bit of a shame code spaces weren't geared up with som AWS HA configuration hoping companies take note of this attack and how to limit the risk to their organisations. A simple AWS cli command could have been implemented here to force all IAM accounts with only read only access until AWS could be involved. Also master and all IAM accounts should have 2FA enabled to stop this happening.

Re:The cloud ; how would a good admin handle this?

[Enigma2175]

Also, lets say you do have an off-line back-up, but you have a situation where a hacker has access to the usernames and passwords because they somehow got root access. How do you protect all their data once you decide to turn back on-line? Do you send out notice to all your users over their email accounts?

I'm curious about how admins deal with this in the real world.

If a hacker can recover plaintext passwords by compromising your admin account you have failed as an admin. The most they should be able to recover is a (hopefully salted) password hash.

Hanlon's razor

[mikeroySoft]

"Never attribute to malice that which is adequately explained by stupidity."

Microsoft Danger v2.0

[Mondor]

This reminds me the cloud service of Microsoft, called Danger. It died the same way - they simply lost all customer information, with no backups made (and, actually, the size of full backup could be less than 1Tb).

In my humble opinion, these people are too lame to stay in business. Having offline backups couldn't be the only problem of their service. As I can conclude from the article, they also had problems with security and lack of common sense and strategic thinking.

https://en.wikipedia.org/wiki/...

AWS support

[yacc143]

That makes one wonder, why these gits did not call AWS support to have their account completely locked down first?

The guy will get caught.

[mtthwbrnd]

Everything is monitored. EVERYTHING. The only way that he will not get caught is if "they" (you know, them!) don't want him to get caught.

Re:EC2

[tibit]

I don't know what kind of magic sauce would allow one to have "IT in the cloud" setup. Windows clients with roaming profiles quickly get to be a drain even on a gigabit network. Even without a roaming profile, anything that isn't the boring old secretarial style work will require a decent bandwidth. Most media work or CAD work can't really be done over your typical cable internet. Those who would most benefit from an "IT in the cloud" type of a service - small businesses - really can't afford having gigabit links to their premises. Neither do I think that the bandwidth from any particular Amazon instance is where it needs to be. Does Amazon run their instances on machines/blades with 10Gbit links?

Deleted backups?

[nurb432]

How? If they were not off-line, they really were not backups.