Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
October 30, 2014
arrowPress Releases
October 30, 2014
PR Newswire
View All





If you enjoy reading this site, you might also want to check out these UBM Tech sites:


Cloud source host Code Spaces hacked, developers lose code
Cloud source host Code Spaces hacked, developers lose code
June 18, 2014 | By Christian Nutt




Today, SVN and Git source repository Code Spaces announced that it's down for the count after hackers took control of its back-end -- and destroyed its code repositories in retribution after system admins attempted to regain control of the site.

According to a statement published on its website -- which is now down -- hackers took control of Code Spaces and attempted to ransom it. When admins attempted to regain control of the system, the hackers destroyed its archives in retaliation: "most of our data, backups, machine configurations and offsite backups were either partially or completely deleted," Code Spaces' statement read.

During that process, at least two game developers have lost code: Ian Stocker of Magical Time Bean, developer of Escape Goat 2, has lost access to earlier revisions of his project which were stored on the service and are now destroyed. Bounden developers Game Oven were also affected, according to a tweet from designer Adriaan de Jongh.

The attack highlights a danger of storing code in the cloud that is not always considered.

Earlier today, the Code Spaces site was still up, but it is now unresponsive. The message it displayed said, in part, "... at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us." This statement is still viewable via Google cache.


Related Jobs

CCP
CCP — Newcastle, England, United Kingdom
[10.30.14]

Senior Backend Programmer
Guerrilla Games
Guerrilla Games — Amsterdam, Netherlands
[10.30.14]

Animation System Programmer
Square Enix Co., Ltd.
Square Enix Co., Ltd. — Tokyo, Japan
[10.30.14]

Programmers
Blizzard Entertainment
Blizzard Entertainment — San Francisco, California, United States
[10.29.14]

iOS Engineer, San Francisco










Comments


Adriaan de Jongh
profile image
Heh, sorry about the words in that tweet ;)

It was indeed something we did not consider. Fortunately, we have backups of our backups.

Kai Boernert
profile image
As far as I understood it, the attack was only possible due to the way the Amazon cloud panel works or? With normal servers that are seperate for backup and normal useage it would not have been possible to kill both simultanously this easy?

Anyway this clearly shows, that just because it's in the cloud does not mean it cannot get lost, better always keep a local backup, especially if your wage/live depends on it.

Albert Thornton
profile image
That seems a dangerous assumption to state openly as fact.

The statement from Code Spaces doesn't indicate that it has anything to do with the specifics of Amazon Cloud or Amazon Cloud Panel; rather it indicates that they failed to separate their backups and failed to adequately secure their panel (they did not use two-step authentication).

Leszek Szczepanski
profile image
I think the damage to the developers might not be that great. If the code was being worked upon, there should be numerous relatively recent working copies. A lot of old data most probably is lost. However I doubt that many people lost their most important data.

It's still an awful thing to happen :/

Todd Boyd
profile image
There were no off-site backups, so their fool-proof plan had a single point of failure.

Kim Wahlman
profile image
"In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted."

According to their own statement, they did have offsite backups.

Matthew Cary
profile image
There are different kinds of backups that guard against different things. It sounds like their backups were accessible in the same way their live copies were, and as such the hacker was able to delete them as easily as the live copies were deleted. A "offline" backup that wasn't controllable from the Amazon console would have been immune & this attack would have resulted in the loss of everything since the last backup instead of the loss of everything ever. It sounds like their backups were guarding against data corruption or accidental deletion and had no provisions for bad-actors. When you are selling yourself as a safe place to store valuable data that is just not good enough.

When I've seen this attack discussed on more system-operations oriented forums the general consensus is that while the Hacker is the person to blame here, the Code-Space admins showed a shocking lack of redundancy for a company that is supposed to be about providing secure storage.

Todd Boyd
profile image
Everything -- EVERYTHING -- was in AWS. That is not "off-site", even though *physically*, it might be.

Christian Nutt
profile image
They may have had off-site backups but the issue seems to be that it was all controlled via one single AWS dashboard, so that doesn't seem to matter.

John Maurer
profile image
I applaud SVN's attempt to re-take their customers data, but I've never been completely sold on Cloud technology. In my opinion the benefits don't offset the risks. If you can't/won't/choose not to secure it on your local network, then its not secure.

Cyber-crime has become big business, so much so that even the US government has had to up its game in order to deal with this kind of criminal via white-box hackers and a host of other specialists and technologies. In the business world the money is where the data is, that's why guy's like Oracle's Larry Ellison are some of the richest men in the world.

When it comes to cloud tech, early adopters beware, because no matter how well it has been encapsulated your data is still accessible via the public domain whether you like it or not.

No human can beat the analog hole.

Michael Brown
profile image
It's a shame, not just for the game devs but for everyone affected. I'm sure a lot of hobbyist coders were really hurt by this incident. I never liked the idea of Cloud backups for this very reason. I'm sure even security companies are plenty susceptible to hackers, provided the hackers are good enough. And if anyone cares about your super-secret code, you better not be storing it online. Anyway, for the people who were captivated by the recently-coined Cloud, this is definitely a huge blow. Stocks will drop.

This is also a reminder that while one backup is great, 2 is company. If well-managed, it would take a freakish turn of events for you to completely lose all of your data. But really, the same can kinda go for just one backup, so I dunno.


none
 
Comment: