It’s no secret that unscrupulous bitcoiners have conjured up some inventive techniques in order to fraudulently garner large sums of digital currency. From infecting DVRs and security cameras with bitcoin mining malware to tapping into computers to use their power, cybercriminals are trying every conceivable way.
One of the latest stories consists of a hacker stealing a large amount of raw Internet traffic from about a dozen Internet service providers and then using it to generate as many bitcoins as possible. This happened recently as the hacker generated approximately $84,000 worth of bitcoins by diverting the computer power of private bitcoin mines.
The incident was first uncovered by a team of researchers at Dell SecureWorks, a private cyber intelligence firm, after they discovered that scores of their own mining power had been stolen. Soon after, the researchers found the initial source coming from an anonymous Canadian ISP.
The culprit(s) had gained administrative access to an ISP router and attacked the Border Gateway Protocol (BGP) that had been created to connect different networks on the Internet. By affecting the BGP functions at the ISP, the individual(s) had been able to send traffic from a legitimate mining pool to his or her own. In fact, the hackers launched two spurious pools; the first was designed to send users to the second.
“By convincing the miners to connect to this second malicious pool rather than the original malicious pool, the hijacker filters out traffic that has already been hijacked so it is not hijacked again,” stated in a paper, which noted that the incidents can be traced back to as early as February.
Furthermore, the accused also stole mining power to release other digital currencies, including dogecoin, hobonickels and worldcoin.
It is still unknown as to how the cyberattackers infiltrated the network and reroute the ISPs in the first place. One possible theory being put forward is that a former or current employee of the ISP was the instigator or an external hacker had committed a breach of the company, according to the London Guardian.
The only security apparatus to incorporate in the future is to combine servers to use Secure Sockets Layer (SSL) encryption protocol. If this were performed in the first place then this whole matter would have been avoided entirely. Another recommendation is to establish a monitoring service through a service akin to BGPmon.
In the end, according to Joe Stewart, a Dell researcher, “We’re going to see other events like this. It’s ripe for exploitation,” reports Wired magazine.