back to article Canon not firing on all cylinders: Fledgling cloud loses people's pics'n'vids, then 'Maze ransomware' hits

Canon has had a double shot of bad luck lately. First, its brand-new photo-and-video-hosting cloud started losing files. Now it's reportedly fallen victim to ransomware. The Japanese camera maker noticed at the end of July that footage uploaded before June 16 to image.canon had started going missing. The service launched in …

  1. Mike 137 Silver badge

    "...offers 10GB of long-term storage space for people's personal photos and videos"

    Why?

    A basic camera card these days is 64GB, and costs as little as £10. Why not store your photos at home and not risk data loss (as just demonstrated)?

    1. Tom Chiverton 1

      Re: "...offers 10GB of long-term storage space for people's personal photos and videos"

      Because you'd expect their back ups to be more robust than yours. At the very least, duplicate site...

      1. eldakka Silver badge

        Re: "...offers 10GB of long-term storage space for people's personal photos and videos"

        Because you'd expect their back ups to be more robust than yours.

        But do they have backups? I mean, if they had backups, why were they unable to restore the 'lost' images?

        Cloud != backed up.

        Cloud != replicated mult-site data.

        Those are typically additional services on offer from the cloud providers, for extra charge.

        Selected quotes from Canon.image FAQ

        Q. Will my images be completely deleted once the expiration has passed?

        A.Once the 30-day expiration has passed, your original images will be automatically deleted from the image.canon cloud server. The thumbnails of original still images (JPEG/HEIF/RAW) will remain after the expiration, however. If this service is not used for 1 year, though, all of your images, including thumbnails, will be deleted.

        Q.Can the expiration of original images be extended?

        A.You can change the expiration of up to 10 GB of images to long-term storage. Select the images, and forward them to 10 GB storage from the menu. Note that if this service is not used for 1 year, all of your images will be deleted. Click here for details about the storage period.

        And from their Terms of Use:

        7. Content Storage

        Members may upload and store Image on storage (a) under the Service (the “Storage (a)”). The Storage (a) has the maximum storage capacity limitation set by hosting service provider(s) employed by Canon for the Service. Storage capacity or period for Storage (a) is available on the website or in apps for the Service. Image is stored in Storage (a) for a maximum of thirty (30) days from the day the Image is uploaded. During the thirty (30) day period, a Member may, at its sole discretion, move the Image from Storage (a) to storage (b) under the Service (the “Storage (b)”). IMAGE THAT IS NOT MOVED FROM STORAGE (A) TO STORAGE (B) DURING THE THIRTY (30) DAY PERIOD WILL BE FIRST INACCESSIBLE TO RELEVANT MEMBERS AND THEREAFTER AUTOMATICALLY DELETED. The storage capacity or period of the Storage (b) is separately set by Canon at its sole discretion. Storage capacity for Storage (b) is available on the website or in apps for the Service. IF A MEMBER DOES NOT ACCESS THE SERVICE BY LOGGING ON HIS OR HER CANON ID ACCOUNT FOR ONE (1) YEAR FROM THE DATE OF HIS OR HER LAST LOGIN, THE MEMBER’S IMAGE STORED IN STORAGE (B) WILL BE FIRST INACCESSIBLE TO RELEVANT MEMBERS AND THEREAFTER AUTOMATICALLY DELETED.

        Once the Image is deleted, it cannot be recovered. Members can check the dates for any scheduled deletion of Image on the website and in the apps of the Service.

      2. Doctor Syntax Silver badge

        Re: "...offers 10GB of long-term storage space for people's personal photos and videos"

        "Because you'd expect their back ups to be more robust than yours."

        Expect != know

    2. SuperGeek

      Re: "...offers 10GB of long-term storage space for people's personal photos and videos"

      I agree. I back my SD cards up to BD-RE discs too. No need to rely on third party, because we all know what happens there *cough* MegaUpload *cough*

      1. Steve K Silver badge

        Re: "...offers 10GB of long-term storage space for people's personal photos and videos"

        Careful with BD-RE...

        If they are anything like Optical DVD-R/DVD+R/CD-R etc. then after a few years they are unreadable.

        You might be able to read the index, but the files may be inaccesible.

        The moral of the story is have multiple backup media (physical and Cloud) spread over on and off-site....

        1. Qumefox

          Re: "...offers 10GB of long-term storage space for people's personal photos and videos"

          It's kind of sad that after all these decades, it's hard to beat tape as a long term storage method. It's also sad that high capacity tape drives cost an arm and a leg as well...

    3. LDS Silver badge

      Re: "...offers 10GB of long-term storage space for people's personal photos and videos"

      The image.canon site is mostly a hub, it's not a service designed to store and show your photos online.

      Cameras upload photos and videos to the site, and then they can be routed automatically to Flickr, Lightroom and Google Drive/Photo, or downloaded to a PC of yours using an agent. There's an option to keep some of them in the "long-term storage" which is limited to 10GB only.

      Otherwise uploaded images are automatically deleted after 30 days - and only the thumbnails are kept. I wonder if there was a bug in the delete process. The service looks to be hosted in AWS - it's less probable it was a storage issue, but who knows?

      Previously some Canon cameras could upload directly to some services - but as APIs changed and new services became fashionable it required to update the cameras firmware. This way cameras only talk to the image.canon service, and Canon needs only to update it to upload elsewhere. Meanwhile it sees all the uploaded photos and can use it to gather data and train its AIs.

      "Why not store your photos at home and not risk data loss (as just demonstrated)?"

      You can lose them at home too, especially if you keep them on a single card. This demonstrated that if photos/videos are important for you a proper backup with multiple copies is what you need.

    4. Steve K Silver badge

      Re: "...offers 10GB of long-term storage space for people's personal photos and videos"

      Off site backup, memory cards can get lost/broken/corrupted, house can catch fire.....

    5. lglethal Silver badge
      Go

      Re: "...offers 10GB of long-term storage space for people's personal photos and videos"

      A house fire or break in and theft and your home storage is gone. Thats why people back up to the cloud. It's supposed to be a safe option.

      So long as you dont keep all your pics in either one or the other location, you are pretty well protected from losing everything.

  2. revenant

    "...exfiltrated 10TB of databases and other files..."

    I always wonder: How exactly do you nick 10TB of data without anyone noticing? If I were to try it from my basement it would take over a week even at the best speeds available to me.

    Do they somehow hook into an ultra-high speed link? Or use a botnet? Or are they just incredibly patient, and the victim so lax that they can sit on the network for weeks or months, quietly syphoning the data off?

    1. Stumpy Silver badge

      Re: "...exfiltrated 10TB of databases and other files..."

      My guess is that their source system is a server rented in a lights-out facility somewhere in the world with a nice fat pipe leading into it.

      So limiting factor is more likley going to be the size of the pipe leading out from the victim, which circles back round to your question of how do they do it without being noticed?

      Even if they're breaking it out amongst many lower speed exfiltration channels, one would have thought that anyone monitioring the network would notice any sudden uptick in outward traffic flows, and even using the fastest links, 10TB is going to take some time to exfiltrate.

      1. revenant

        Re: "...exfiltrated 10TB of databases and other files..."

        ...sudden uptick in outward traffic flows

        Yes, that's where I begin wondering if maybe they're just not monitoring outflow, or if 10TB is an exaggeration. I suspect it's the former.

        1. Anonymous Coward
          Anonymous Coward

          Re: "...exfiltrated 10TB of databases and other files..."

          Google says: (10 terabytes) / (10 days) = 92.5925926 megabits per second

          100megabit may well go unnoticed for a company like Canon, interspersed with driver downloads, not to mention they host peoples pictures and videos. And over 20 days its only half that. These sorts of attacks can occur over somewhat lengthy periods.

    2. Peter Clarke 1
      Big Brother

      Re: "...exfiltrated 10TB of databases and other files..."

      Anyone checked Google/Facebook/ Police Facial Recognition data sets?

    3. LDS Silver badge

      Re: "...exfiltrated 10TB of databases and other files..."

      Some files also compress well. If it's 10TB of uncompressed data, exfiltrating them after compression may mean less time. Anyway, if you're not patient hacking is not the job for you :-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020