Hacker Diverts Traffic from 19 ISPs to Steal a Large Sum of Bitcoins
Gabriel Roşu / 5 years ago
It is said that researchers over at Dell’s SecureWorks security division have uncovered a series of hacking attempts in which a bitcoin thief redirected a portion of online traffic from 19 ISPs, including data from Amazon, DigitalOcean and OVH, in order to steam digital currency from a group of bitcoin users.
The hijack said to have lasted just 30 seconds, but the hacking attempt is said to have been performed 22 times. On each attempt, the hacker gained control of the processing power of a group of bitcoin miners, redirecting their mining activity towards his private pool. Security researchers say that the hacker was able to pocket a flow of bitcoins and other digital currencies worth roughly $9,000 through the hijacking.
“With this kind of hijacking, you can quite easily grab a large collection of clients,” said Pat Litke, one of the Dell researchers. “It takes less than a minute, and you end up with a lot of mining traffic under your control.”
A technique called BGP is said to have been used, exploiting the border gateway protocol. The hacker took advantage of a staff user account at a Canadian ISP to periodically broadcast a spoofed command that redirected traffic from other ISPs from February throughout May this year. The command, along with miners not checking their rigs to notice the ‘new’ settings, led to the hacker pocketing $83,000 worth of cryptocurrency.
“Some people are more attentive to their mining rigs than others,” said Joe Stewart, a Dell researcher whose own computers were caught up in one victimized mining pool. “Many users didn’t check their setups for weeks, and they were doing all this work on behalf of the hijacker.”
The BGP hijacking method has been discussed as a potential threat to the internet security since 1998. Back then, a group of hackers known as L0pht stated that they could use the attack to take down the entire Internet in 30 minutes. The discussion was followed at the DefCon security conference in 2008 and was later used in 2013 to temporarily redirect a portion of US internet traffic to Iceland and Belarus.
Thank you Wired for providing us with this information