• Jason Battles

From Russia with Love.

Updated: May 10, 2018

So it turns out that adhering to the 12 Factor App Methodology is kind of big deal, especially when dealing with security. Take just a few extra precautions and avoid the heartache of having your stuff ransom-wared by some Russian.




Some of us just have to learn the hard way. While we knew that the following the 12 Factor App Methodology was kind of important, we did not truly understand the potential impact until a fateful day several months ago. Allow me to explain...


The Back Story

The Fire Ants had been working on our new Pitcher's Friend application with a half-dozen micro-services and a couple of data stores. We were faithfully developing and committing our code to our GitHub repositories -- one for each micro-service. It was awesome. We were working hard to do everything properly, and yet, and one day we ran afoul of Factor 3: Config and the situation became dire. Factor 3 informs that a true twelve-factor app stores config, and security credentials as environment variables, and not in the code. You can probably guess the rest of the story.


As we connected our new analytics and visualization micro-service to our data store, we temporarily stored our MongoDB Access Key in the code to make sure it all worked and then promptly forgot as we experienced success and committed our code to our repo. It was less than 20 minutes before our MongoDB environment stopped responding. Who knew that there were malware scripts continually monitoring our repos looking for credentials? We logged into Mongo, reviewed our collections, and found this nice little gem from some IP address we tracked to Russia. (some IP address have been screen to protect both the innocent and guilty parties)


Just Nasty

“Your DataBase is downloaded and backed up on our secured servers. To recover your lost data; Send 0.5 BTC to our BitCoin address and Contact us by eMail with your MongoDB server IP Address and a Proof of Payment. You are welcome.”


Argh! At first I was livid. "We got hacked!!!. Crap!" Then, after a few deep breaths, I thought it was really cool. "We got hacked!!! Wow!"


We did not pay the bitcoin ransom. Instead, we shot that MongoDB in the back of the head and created new collections with re-populated data (thank you containers). Of course, we also scrubbed our repositories for any access keys, credentials, and configs, and removed them.


Lesson Learned

Do your best to follow the 12 Factor App Methodology. If you do not, then have very good reasons. Ignore the 12 Factors at your own peril.



© 2018 by The Fire Ants.

Contact

T: 405.293.3155
admin@fireants.io
https://github.com/fire-ants

Portfolio
  • Twitter B&W
  • LinkedIn B&W