Code Spaces, a Cloud-based hosting platform that enables development and collaboration for software teams, has had to close up shop due to an orchestrated DDOS attack.
In addition to the DDOS attack on June 17, it was identified that the intruder also had gained access to the control panel for the company's Amazon EC2 account and subsequently started deleting customer data stored there after extortion demands were not met. The hacker left demands and a Hotmail email address for contact.
By the time Code Spaces was able to recapture login to its EC2 account and remove the intruder's credentials, backup logins had been created making it almost impossible to eliminate quickly.
The unfortunate thing here is that part of Code Spaces' appeal was that the company promoted full redundancy, duplication, and distribution of the data across three different geographical datacenters.
Some data still exists, and while the company has determined that it's cheaper to just shutdown than to attempt to compensate all those customers affected, they are offering to help those customers retrieve remaining data.
The company has posted an apology on its web site, suggesting that it has no reason to believe it was in inside job and revealing the steps it took to try and save the company from the attack.
The apology ends with this:
We hope that one day we will be able to and reinstate the service and credibility that Code Spaces once had!
Amazon is not being blamed as AWS clearly states that its customers are solely responsible for managing credential access to its services. How the hacker was able to beat AWS' two-factor authentication is still under investigation.
With the growing number of attacks and the expanding Cloud landscape, this is just the tip of the iceberg. Security continues to be one of the biggest barriers for most companies considering moving any piece of on-premises services to the Cloud and the Cloud's reputation for security isn't getting better, no matter who is ultimately at fault.
This also highlights a definite problem for those company's attempting to do business in the Cloud, particularly small startups. Larger service providers can take a hit and adjust, but the new mom-and-pop Cloud shops can't withstand a financial meltdown due to service interruption. Executives within Microsoft have recently started proliferating statements publicly that in the end, there will only be three sustainable Cloud service providers: Microsoft, Amazon, and Google. The Code Spaces incident seems to suggest there's some potential truth in that, and that would be bad for us all.