DEV Community

Troy
Troy

Posted on

3

CapitalOne AWS breach & AWS security discussion

CapitalOne was recently victim to a leak that may have affected 100 million individuals in the US. This post will not go into the unethical intent of the accused or the affect of private information being leaked, but rather the technical aspects and securing your AWS environment. If you'd like to read into it further, this document does a fair job at explaining it.

The diagram below is my understanding of how the CapitalOne S3 data was compromised. Background information about the accused also states that she worked for Amazon Web Services from 2015-2016 in the S3 division. Knowing that she worked for Amazon Web Services for a period of time very well may have affected her ability to compromise CapitalOne.

diagram

There seems to be still unanswered questions, such as:

  • What credentials were exploited for the accused to assume the STS role to gain access?
  • Why wasn't AWS GuardDuty's trusted list being maintained?
  • Why was the STS role that was assumed allowed access to the S3 bucket? A strict bucket policy with allowed ARN's should've been used.

What is your opinion on the technical aspect of the exploitation and securing an AWS environment?

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more