Massive Bitcoin heist sees hacker divert traffic from 19 ISPs (Wired UK)


Casascius


Among all the scams and thievery in the bitcoin economy, one
recent hack sets a new bar for brazenness: stealing an entire chunk
of raw internet traffic from more than a dozen internet service
providers, then shaking it down for as many bitcoins as
possible.

Researchers at Dell’s SecureWorks security division say they’ve
uncovered a series of incidents in which a bitcoin thief redirected
a portion of online traffic from no less than 19 internet
service providers, including data from the networks of Amazon
and other hosting services like DigitalOcean and OVH, with the goal
of stealing cryptocurrency from a group of bitcoin users.
Though each redirection lasted just 30 seconds or so, the thief was
able to perform the attack 22 times, each time hijacking and
gaining control of the processing power of a group of bitcoin
miners, the users who expend processing power to add new coins to
the currency’s network.

The attacker specifically targeted a collection of bitcoin
mining “pools” — bitcoin-producing cooperatives in which users
contribute their computers’ processing power and are rewarded
with a cut of the resulting cryptocurrency the pool produces. The
redirection technique tricked the pools’ participants into
continuing to devote their processors to bitcoin mining while
allowing the hacker to keep the proceeds. At its peak,
according to the researchers’ measurements, the hacker’s scam was
pocketing a flow of bitcoins and other digital currencies including
dogecoin and worldcoin worth close to $9,000 a day. “With this kind
of hijacking, you can quite easily grab a large collection of
clients,” says Pat Litke, one of the Dell researchers. “It takes
less than a minute, and you end up with a lot of mining traffic
under your control.”

The Dell researchers believe the bitcoin thief used a technique
called BGP hijacking, which exploits the so-called border gateway
protocol, the routing instructions that direct traffic at the
connection points between the internet’s largest networks. The
hacker took advantage of a staff user account at a Canadian
internet service provider to periodically broadcast a spoofed
command that redirected traffic from other ISPs, starting in
February and continuing through May of of this year. The Dell
researchers won’t name that ISP, and they’re not sure how the
hacker gained access to the account or whether he or she might have
in fact been a rogue staffer.

That BGP hijack allowed the hacker to redirect the miners’
computers to a malicious server controlled by the hijacker.
From that server, the hacker sent the mining machines a
“reconnect” command that changed the mining computers’
configuration to contribute their processing power to a pool that
stockpiled the bitcoins they produced rather paying them out to
the mining pool’s participants. “Some people are more
attentive to their mining rigs than others,” says Joe Stewart, a
Dell researcher whose own computers were caught up in
one victimised mining pool.  “Many users didn’t
check their setups for weeks, and they were doing all this work on
behalf of the hijacker.”

In total, Stewart and Litke were able to measure $83,000 worth
of cryptocurrency stolen in the BGP attack. But the total haul
could be larger; The researchers stopped collecting data for
several weeks of the attack because Stewart broke his ankle in
the midst of the study.

BGP hijacking has been discussed as a potential threat to
internet security since as early as 1998, when a group of hackers
known as the L0pht testified to congress that they could use the
attack to take down the entire internet in 30 minutes. The scheme
gained
renewed attention at the DefCon security conference in 2008
,
and five years later was used to temporarily and mysteriously redirect
a portion of US internet traffic to Iceland and Belarus
.

Compared to those large-scale digital hijackings, the latest
bitcoin heist was a much smaller and targeted traffic-stealing
operation. And given that it required inside access to an ISP,
Dell’s researchers don’t expect Bitcoin thieves to repeat the
attack any time soon.

In fact, the BGP bitcoin-stealing exploits represent less of a
new vulnerability in bitcoin than the persistent fragility of the
internet itself, Dell’s researchers say. If one Canadian ISP can be
used to redirect large flows of the internet to steal a pile of
cryptocurrency, other attackers could just as easily steal massive
drifts of internet data for espionage or pure disruption. The Dell
researchers suggest that companies set up monitoring through a
service like BGPmon, which can
detect BGP hijacking attacks. But they shouldn’t expect to be able
to actually prevent those attacks any time soon.

“We’re going to see other events like this,” says Dell’s
Stewart. “It’s ripe for exploitation.”

This article originally appeared on Wired.com

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

8 August 2014 | 9:40 am – Source: wired.co.uk

Leave a Reply

Your email address will not be published.