AWS console breach leads to demise of service with “proven” backup plan

A code-hosting service that boasted having a full recovery plan has abruptly closed after someone gained unauthorized access to its Amazon Web Service account and deleted most of the customer data there.

Wednesday's demise of Code Spaces is a cautionary tale, not just for services in the business of storing sensitive data, but also for end users who entrust their most valuable assets to such services. Within the span of 12 hours, the service experienced the permanent destruction of most Apache Subversion repositories and Elastic Block Store volumes and all of the service's virtual machines. With no way to restore the data, Code Spaces officials said they were winding down the operation and helping customers migrate any remaining data to other services.

"Code Spaces will not be able to operate beyond this point," a note left on the front page of codespaces.com said. "The cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a[n] irreversible position both financially and in terms of on going credibility. As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us."

Read 4 remaining paragraphs | Comments

Hacker taunts arrested comrade after someone drops dime to FBI

NullCrew's Twitter feed gives Timothy French and a fellow NullCrew member a fitting sendoff—calling them "skids."

Continuing variations on a theme, the FBI has arrested yet another alleged “hacktivist” based on information provided by a confidential informant. This time, FBI agents from the bureau’s Chicago field office nabbed Timothy Justin French, who the Justice Department claims was a member of a group called NullCrew. Another alleged NullCrew member, a juvenile offender, was arrested by the Royal Canadian Mounted Police based on information passed by the FBI.

Based on a statement from a member of NullCrew who remains at large, the arrests weren’t a big surprise. Calling French and the other hacker “skids” (script kiddies), the NullCrew member mocked their poor operational security and failure to cover their own digital tracks. And in a reference to the LulzSec case, the poster said that French missed “what should’ve been the most fucking obvious thing ever: don't let just any asshole in the crew, and don't give them the keys to the fucking kingdom. The FBI got someone to get you fuckers, and you deserved it. I've already taken care of that little problem—if it walks like Sabu and talks like Sabu...”

French, who the FBI claims is known by the usernames “Orbit,” “crysis,” and a number of other IRC, Skype, and Twitter handles, was arrested on June 11 at his home in Morristown, Tennessee. He is accused, along with other members of NullCrew, of launching “computer attacks that resulted in the release of computer data and information, including thousands of username and password combinations,” according to a statement issued by the Justice Department.

Read 3 remaining paragraphs | Comments

Nokia paid millions in ransom to stop release of signing key in 2007

A Nokia building in Finland.

Finnish law enforcement is currently investigating a blackmail case involving Nokia and an unknown person, according to local media.

On Tuesday, MTV News in Finland reported for the first time that in 2007, Nokia paid millions of euros to someone who had acquired the Symbian encryption signing key to prevent its distribution. If released, that key would have allowed Nokia phones to accept non-authorized applications. At the time, Nokia was the world’s leading smartphone manufacturer.

After receiving the ransom demand, Nokia informed the National Bureau of Investigation, which appears to have orchestrated a surveillance operation. Nokia paid the multi-million euro ransom in cash, left in a bag at a parking lot near the Särkänniemi amusement park in the city of Tampere. As MTV News reported, “Police, however, lost track of the blackmailer and the money was gone. The case is still unsolved.”

Read 2 remaining paragraphs | Comments

Hacker infects Synology storage devices, makes off with $620,000 in Dogecoin

One of the affected Synology devices.
Synology

A hacker generated digital coins worth more than $620,000 by hijacking a popular type of Internet-connected storage device from Synology, security researchers said.

The incident, which was documented in a research report published Tuesday by Dell SecureWorks, is only the latest hack to steal other people's computing resources to perform the computationally intense process of digital currency mining. The cryptographic operations behind the process often draw large amounts of power and produce lots of heat. People looking to acquire a large war chest of digital coins typically must pour large amounts of money and effort into the endeavor. One way malicious actors get by this requirement is by compromising large numbers of devices operated by other people. The devices then perform the work at the expense of the unsuspecting end users and pass on the proceeds to the attacker.

According to researchers from SecureWorks Counter Threat Unit, the attackers exploited four separate vulnerabilities contained in the software of Synology network-attached storage boxes. The vulnerabilities were documented in September and fixed in February by Synology. By then, large numbers of people began complaining their Synology devices were running sluggishly and extremely hot. It turns out that at least some of them were running software that mined large sums of the Dogecoin cryptocurrency.

Read 5 remaining paragraphs | Comments