Tópico: [EN] Linode Hacked
06-01-2016, 11:53 #1
[EN] Linode HackedSecurity Notification and Linode Manager Password Reset
January 5, 2016 1:53 pm
Effective immediately, Linode Manager passwords have been expired. You will be prompted to set a new password on your next login. We regret this inconvenience, however this is a necessary precaution.
A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials.
This may have contributed to the unauthorized access of the three Linode customer accounts mentioned above, which were logged into via manager.linode.com. The affected customers were notified immediately. We have found no other evidence of access to Linode infrastructure, including host machines and virtual machine data.
The entire Linode team has been working around the clock to address both this issue and the ongoing DDoS attacks. We’ve retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the thorough investigation is complete, we will share an update on the findings.
You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing. At this point we have no information about who is behind either issue. We have not been contacted by anyone taking accountability or making demands. The acts may be related and they may not be.
The security of your data, the functionality of your servers, and your confidence in Linode are extremely important to all of us. While we feel victimized ourselves, we understand it is our responsibility, and our privilege as your host, to provide the best possible security and service. You can help further enhance the security of your account by always using strong passwords, enabling two-factor authentication, and never using the same password at multiple services.
We sincerely apologize for the recent disruptions in your Linode service. Thank you for your patience, understanding and ongoing trust in Linode.
Filed under: announcements by Linode Security Team
06-01-2016, 13:24 #2
DDoS Attacks Storm Linode Servers WorldwideBy Douglas Bonderud • January 5, 2016
It all started on Dec. 26: Cloud hosting provider Linode reported a series of DDoS attacks affecting its Linode Manager and website, according to SecurityWeek. Infrastructure was also targeted, but in a few hours, the company’s IT teams had everything under control.
Until the next day. So began a 10-day series of continuing attacks that left most of Linode’s services slow or unresponsive. The company has since resolved these issues, but is it possible to mitigate this kind of DDoS damage going forward, or are cloud providers forever at the mercy of denial-based storms?
The distributed denial-of-service (DDoS) attack is a common vector for cybercriminals since it’s often the easiest means to an end: Malicious actors compromise a large number of devices, then have them all attempt simultaneous, high-traffic connections. Targeted servers may slow to a crawl as CPUs attempt to keep up or fail altogether if overwhelmed.
In some cases, the threat of DDoS attacks are used to compel action or demonstrate security weakness. For example, the hacking group Phantom Squad threatened to take down the PSN and Xbox Live gaming networks on Christmas to showcase poor IT security practices. While there were some minor service hiccups during the holidays, it seems the group was either unsuccessful or simply chose a new target. Linode, unfortunately, did not fare so well.
A Poor Present
As noted by SC Magazine, the Christmas attacks on Linode caused “service interruptions at DNS infrastructure and data center locations in the U.S. and the U.K., including Dallas, London, Atlanta, Frankfurt, Newark, N.J., Tokyo, Singapore and Fremont, Calif.” What’s more, they occurred just after maintenance on Xen Linode host servers and came with no warning. No group has stepped forward to claim responsibility or demand any kind of action from the cloud provider.
Instead, the company was hit by attack after attack and was criticized for a lack of response to the issue at hand. By New Year’s Eve, Linode network engineer Alex Forster posted a detailed article about the hack, noting that in six days, the company had endured 30 different attacks that switched vectors each time Linode closed a security hole. According to The Register, as of Jan. 4, the cloud provider was finally back on track, with only one server in Atlanta listing a partial outage.
Takeaways From the DDoS Attacks
For cloud providers, the Linode attack is an uncomfortable reminder that the massive attack surface presented by servers and infrastructure makes cloud offerings a tempting target for DDoS attacks. Sheer request volume can quickly overwhelm even high-traffic servers, and the results are often unpredictable. As problems spread from the back end to specific tenants, they spill over into other client instances, turning a complex situation into complete chaos.
Best bet? Linode offers a good example: Hunker down and start closing holes. While this is no guarantee that attackers will shut things down and walk away, it’s often the quickest and most effective way to mitigate the impact of distributed attacks. As Forster’s blog post demonstrated, however, companies can’t afford to ignore their public face even when fighting private battles. Whenever possible, it’s important to provide a kind of play-by-play — an active report on what’s happening and what’s being done to counter the issue.
Short and sweet? No company is immune to DDoS attacks, and in the cloud, these storms have far-reaching impacts.
06-01-2016, 13:38 #3
DDoS attacksDec 31, 2015 - 22:45 UTC
- Multiple volumetric attacks simultaneously directed toward all of our authoritative nameservers, causing DNS hosting outages
- Multiple volumetric attacks simultaneously directed toward all of our public-facing websites, causing Linode Manager outages
- Layer 7 (“400 bad request”) attacks toward our web and application servers, causing Linode Manager outages
- Large volumetric attacks toward our colocation provider’s upstream interconnection points, overwhelming the router control planes and causing significant congestion/packet loss
- Large volumetric attacks toward Linode network infrastructure, overwhelming the router control planes and causing significant congestion/packet loss
All of these attacks have occurred multiple times. Over the course of the last week, we have seen over 30 attacks of significant duration and impact. As we have found ways to mitigate these attacks, the vectors used inevitably change.
Network Engineer at Linode
Posted 6 days ago. Dec 31, 2015 - 22:23 UTC
07-01-2016, 13:39 #4