recommended reading

Threatwatch

Bitcoin hacker who directed ISPs to do his bidding banked $83,000

Network intrusion; Unauthorized use of system administrator privileges; Man-in-the-middle attack

No less than 19 Internet service providers unwittingly contributed to the mining of digital currency, after a thief used a technique called BGP hijacking to redirect traffic, including data from the networks of Amazon.

BGP hijacking exploits the so-called border gateway protocol, “the routing instructions that direct traffic at the connection points between the Internet’s largest networks,” Wired explains. “The hacker took advantage of a staff user account at a Canadian internet service provider to periodically broadcast a spoofed command that redirected traffic from other ISPs.”

Dell SecureWorks researchers, who discovered the plot, declined to name the ISP and are not sure if the hacker cracked the account or might have been a rogue insider.  

The attacker used BGP hijacking to target a collection of bitcoin mining pools – “bitcoin-producing cooperatives in which users contribute their computers’ processing power and are rewarded with a cut of the resulting cryptocurrency the pool produces,” Wired continues. “The redirection technique tricked the pools’ participants into continuing to devote their processors to bitcoin mining while allowing the hacker to keep the proceeds.”

With that much power, the hacker was banking bitcoins and other cryptocurrencies, such as dogecoin, at a rate of $9,000 a day.

That BGP trick enabled the hacker to redirect the miners’ computers to a malicious server controlled by the hacker. From that server, the hacker sent the mining machines a command that changed their configurations to contribute their processing power to a pool that stockpiled the bitcoins they produced.

The researchers measured $83,000 worth of cryptocurrency stolen during the machinations. But the winnings could be greater, because they had to stop counting for several weeks when one of the researchers broke his ankle.  

While this BGP takeover only scored cash, other schemes using the same tactic could cause destruction, the researchers warned.

“If one Canadian ISP can be used to redirect large flows of the Internet to steal a pile of cryptocurrency, other attackers could just as easily steal massive drifts of Internet data for espionage or pure disruption,” Wired reports.  

sector

Financial Services; Web Services

reported

August 7, 2014

reported by

Wired

number affected

Unknown

location of breach

Unknown

perpetrators

Criminals

location of perpetrators

Canada

date breach occurred

February through May 2014

date breach detected

March 22, 2014

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.