Technology Solutions: How to Protect Your Volleyball Club from a DDoS Attack

THE ATTACK

June 17, 2014, began just like any other Tuesday until the Code Spaces team arrived at the office to find their website and systems unavailable due to a surge in traffic. The website wasn’t loading, and customers couldn’t gain access to the platform.

IT professionals worked frantically to get the system running properly, only to realize the company was the target of a Distributed Denial of Service (DDoS) attack. Hackers had crippled the network with a flood of unauthorized traffic and gained access to the company’s Amazon EC2 control panel, where they left messages with a Hotmail address for Code Spaces to make contact.

Reaching out to the email address revealed the hacker’s motive–a huge ransom demand to stop the traffic flood and restore service. The team refused to comply with this illegal extortion and implemented their cyberattack response plan, which began with an investigation.

Hope surged when the company realized intruders hadn’t managed to get beyond the control panel because they didn’t have access to the company’s private keys. They changed their EC2 passwords and attempted to regain control of the system. This was a defining moment for Code Spaces where events took a dramatic turn for the worst.

Hackers had already created several backup logins and immediately retaliated by randomly deleting artifacts from the panel. As the team watched their data disappear, they realized they had significantly underestimated the severity of the attack. They eventually managed to retrieve panel access, but all data, backups, machine configurations, recovery mechanisms, and offsite backups were either partially or completely deleted. There was nothing left behind to restore the company to its former glory.

The company left a final sobering message and apology to customers on June 18th.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of on-going credibility. As such, at this point in time, we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have with us.”

What went wrong for the Code Spaces?

The attack on Code Spaces was a nightmare scenario that escalated quickly and led to the company’s demise. Unfortunately, the nightmare can be real for any organization.

Let’s break down the major blows.

• Hackers gained access to an administrative control panel: Strong passwords, multifactor authentication (MFA), and access control are basic cybersecurity best practices. AWS offers MFA and access control features, but it appears Code Spaces didn’t use them.
• Attackers also destroyed backup data. While Code Spaces backed up data and even had a recovery plan, it appears to have used a cloud-based backup service accessible from the same AWS management controls accessed by the hackers. In other words, one compromised password allowed hackers to access and eliminate all customer data and backups to restore the system.
• They tried to fix the problem without help. Throughout the duration of the rapidly escalating attack, Code Spaces never sought professional assistance. The response team didn’t contact Amazon Web Services for assistance or consult professional cyber incident response experts.

Could the attack on Code Spaces have been prevented entirely? It’s impossible to tell. The compromised password might have been obtained through a previous phishing scam or a brute force attack (which would suggest a weak password).

Could it have been less catastrophic? Almost certainly. If the attackers had no access to the company’s backups, Code Spaces might have recovered their reputation and continued on the path to success.

The Implications for Junior Volleyball Clubs

DDoS attacks aren’t going anywhere. They’re actually increasing at an alarming rate. In the years since the attack on Code Spaces DDoS attacks have increased by over 800%.

In recent years, the threat of DDoS attacks on major sporting events has been increasing. Motivations range from geopolitical disputes to financial gain. As larger organizations put more robust security measures in place, opportunistic attackers are likely to look toward smaller, less secure organizations as a target. Additionally, cybercriminals can see the value in a juvenile’s spotless credit record.

A DDoS attack like the one that shut down a growing company in 2014 could do long-term or even irreparable damage to a junior volleyball league today. Imagine the consequences for your league if all member data was erased in a single day.

You can watch the full story video on Code Spaces.

CLOSING THE BLOCK: CYBERSECURITY HOT TIP

Secure backups + Cyber Insurance = Recovery
Complete, up-to-date backups in a secure location offer a chance for organizations to restore the system with the original information. Investing in a custom cyber insurance policy can give organizations the funds necessary to pick up the pieces and restore the system if an attack does occur.

Check out more Technology and Business Solutions for Club Directors.

About the Author
Brad Preston is a client advisor at World Insurance Associates (World) specializing in the Sports industry. Prior to World, he spent more than 20 years at Advanced Event Systems and SportsEngine where he worked closely with the JVA and other member clubs in the volleyball space. He is well versed in club operations, staff, and member management, and most importantly, the use of technology and its inherent cyber risks. The JVA and World have partnered together to bring JVA Members educational articles and content to help you learn about your unique cyber risks and exposures, and how to better protect your businesses, members, and families in general. Feel free to reach out to Brad directly with any questions at bradpreston@worldinsurance.com