March 28, 2014

Bitcoin mining? - Had to close my AWS account

When I read about a similar incident in hacker news sometime back,  I felt sorry for that person and also happy that I had not exposed my secret key. I woke up this morning to see the same thing happen to my account.  I got an email this morning from AWS that my account was compromised and the secret key was available in github.

When I looked at that Github project, I was cursing myself. It was created a year back when I was taking part in a startup weekend event. I don't even remember checking in my secret key in the rush for delivering something over the weekend. Now it has come to haunt me. Someone had launched almost 20 "c3.8xlarge" instances in each region and too many spot instances. Estimated bill is already $300 in a day. It was exhausting for me to find every resource launched in every region and terminate it. I had to close my AWS account to stop further charges and sent an email to the support team and hoping that they would consider that my account was compromised. I am guessing it is bitcoin mining incident again.

I was using this account just for learning AWS and was launching EC2 micro/medium instances to try few things.  I assume most of the devs working in cloud projects would have their personal account to learn AWS and would never ever need to launch such Large instances. I hope that Amazon AWS would provide an option to create a developer account which gives access only to create micro/medium instances for learning AWS and not to worry about huge bill even if the key is exposed by mistake.

Hope that AWS support team helps me this time.

I wish I had the skills like Liam Neeson in "Taken" movie to go after them :)

EDIT:

Estimated bill is now $1534. I called up Amazon immediately and the customer care was very helpful. They informed me that they would arrange for one time credit and asked me to be careful with the Access keys. They also fixed my account and asked me to continue using it.

As suggested by Garp in the comments, the first thing I did is to delete my AWS access keys and created a IAM user with permission to create only t1.micro instances in us-east-1 region.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "ec2:*",
      "Effect": "Allow",
      "Resource": "arn:aws:ec2:us-east-1:*",
      "Condition": {
         "StringEquals": {
            "ec2:InstanceType": "t1.micro"
         }
      }
    },
    {
      "Effect": "Allow",
      "Action": "elasticloadbalancing:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "cloudwatch:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "autoscaling:*",
      "Resource": "*"
    }
  ]
}

Amazon customer care is the best. 

20 comments:

  1. So is this the same guy who stole your bicycle ?

    ReplyDelete
  2. So sad venky.. Thanks for sharing. I feel I missed an opportunity to play with someone's account ;-)

    ReplyDelete
  3. Windows Azure is good in that sense, they limit your cores to 20 by default and you send an email to support or call them to get it bumped up.

    ReplyDelete
  4. Wow that sucks you know Leonardo Da Vinci said that in the future the people that uses the invisible money win everthimg

    ReplyDelete
  5. It looks like it's possible in IAM policies to enforce what size instances a user can spawn. I gave this a quick shot in the IAM policy simulator and it seemed to effectively restrict my user to only being able to do anything with m1.small instances. Hope this helps:

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "Stmt1396069018000",
    "Effect": "Allow",
    "Action": [
    "ec2:*"
    ],
    "Condition": {
    "StringEquals": {
    "ec2:InstanceType": "m1.small"
    }
    },
    "Resource": [
    "*"
    ]
    }
    ]

    ReplyDelete
    Replies
    1. Thanks Garp. I should have done that earlier. Lesson learnt.

      Delete
  6. Bitcoin mining is facing a hard time now due to hash rate difficulty. Nevertheless, if you’re still on it, opt for an ultra-low power device for a cheaper power cost. AMD Radeon HD 6970 (480 kH/s for Litecoin and 400 MH/s for Bitcoin) can be a pretty good hardware investment.

    ReplyDelete
  7. Good to see you write blog Venky.

    ReplyDelete
  8. This blog is so nice to me. I will keep on coming here again and again. Visit my link as well.. Donationhub

    ReplyDelete
  9. There was no price associated with BitCoins since there were no existing currencies that could be directly exchanged for them. A number of early adopters began getting involved in BitCoins since they saw its potential as an alternative medium of exchange. Sincerely

    ReplyDelete
  10. Transactions with bitcoins are anonymous in nature as such. It doesn't involve names but the transactions can be linked to the individual. how to purchase bitcoins

    ReplyDelete
  11. The estimation of Bitcoin dropped lately in view of the sudden stoppage of exchanging Mt. Gox, which is the biggest Bitcoin trade on the planet. latest crypto news

    ReplyDelete
  12. I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. usitech

    ReplyDelete
  13. Bitcoin is one of the first digital currencies. It can only be used on the internet. It is not controlled by a central bank and has its own made-up rules. So, should you use bitcoins? how to speed up my unconfirmed bitcoin transaction

    ReplyDelete
  14. The writings so beautifully composed. They are just irresistible.
    Kucoin exchange review

    ReplyDelete
  15. If you think Bitcoin is money, try paying your taxes with it. Yet Cameron and Tyler Winklevoss are now seeking to use their technological savvy, and money, to bring Bitcoin into the mainstream. stuck bitcoin transaction

    ReplyDelete
  16. Bitcoin can now be found on every corner, now there is a more serious problem. An interesting fact is that it is not possible to find a reliable source of drivers. I spent a lot of effort and time, in order to find and download ATI drivers http://driverscenter.com/manufacturers/ati. But when I find this, I could instal any driver which I need, so it's good storage, which I wanted share with you, guys.

    ReplyDelete
  17. This blog through it words has given a key to proficiency.
    Ricona ICO

    ReplyDelete
  18. Others might want to purchase Bitcoin with plastic. Coinbase likewise gives this administration and has clear well ordered guidelines on the best way to continue with either your charge or Visa. Ricona ICO

    ReplyDelete