How did hackers access critical infrastructure in the Code Spaces attack?



Last week’s catastrophic Code Spaces compromise reminded us just how vulnerable our systems can be. We have talked about some of the lessons learned in the aftermath of the attack, but the question remains: how did the initial compromise happen?

Generally, when bad guys gain access to a system, it happens in one of four ways:

  1. Brute Force: They try thousands of username/password combinations until one works. Amazon locks users out after a number of unsuccessful login attempts, so in the case of Code Spaces, this is not what happened.
  2. Log Into An Infected Machine: If a user logs into their account from an infected machine, the bad guys can easily capture their information and use it to gain greater access.
  3. Phishing: Phishing and spear phishing attacks are getting more sophisticated every day. If even one employee is tricked by one of these attacks and voluntarily types their information into a bogus form, the entire system can be compromised.
  4. Sessions Left Open: One of the most common ways accounts are compromised is also the least technologically advanced. Someone logs in and forgets or neglects to log out when they leave the computer. A bad guy comes along, opens the browser and has instant access to the account.

Hackers may have gained entry to Code Spaces through any of the last three methods and we may never know which one. It does not really matter. The key point is that no matter how strong your password is or how many factors of authentication you use, the bad guys will eventually find a way past your security.

As long as users are responsible for their passwords and logging into sensitive sites by typing their credentials, accounts are vulnerable. Realizing this was part of the impetus behind creating Silo.

With Silo, all web code executes and all user interactions occur in a secure sandbox. With each launch, users get a freshly-built browsing environment with secure links to provisioned apps. All the web code is contained within Silo, so apps are kept beyond the reach of exploits. Because credentials are securely stored in the cloud and securely submitted directly to web apps, users are protected from malware which might intercept passwords, or mistakenly entering their data on phishing sites. At the end of a session, the browsing environment, along with all the data it contains, is destroyed.

Most security measures are like putting additional locks on the door to your house. Or even additional doors. Given enough time and resources, even the most robust locks can be picked.

Silo takes a different approach. We move the entire house.

Scott Petry - Scott is Co-Founder and CEO of Authentic8. Prior to Authentic8, Scott founded Postini and served in a variety of C-level roles until its acquisition by Google in 2007.

Topics: Identity