Digital currencies such as Bitcoin are vulnerable to cyber attacks, according to researchers from Dell Secureworks who cite two recent cases.
In one, thieves managed to redirect internet traffic from at least 19 internet service providers (ISPs) to steal crypto-currency from a group of Bitcoin miners. In several short bursts of around 30 seconds the hacker was able to hijack mining pools which collaborate to unearth new coins, and redirect any profit to their own wallet by using high level protocols that allow the internet’s largest networks to communicate and cooperate.
“With this kind of hijacking, you can quite easily grab a large collection of clients,” said Pat Litke, a Dell Secureworks researcher. “It takes less than a minute, and you end up with a lot of mining traffic under your control.” He believes that as digital currencies continue to gain momentum, their popularity as a target for various malware will continue to rise.
The company estimates that at the peak of the attacks, the hacker was able to steal US$9,000 each day of Bitcoin, Dogecoin and Worldcoin. During the attacks the hacker benefited from the computing power donated by the pool members, diverting their profits.
It is believed that the hacker was able to gain access to a staff account at a North American ISP and issue bogus commands. The researchers would not name the affected ISP or provide further details of how the attacks were staged.
“We’re going to see other events like this. It’s ripe for exploitation,” another Dell researcher, Joe Stewart, told
A similar attack uncovered by the researchers targeted Network Attached Storage (NAS) devices, which individuals use to store files on their home networks. They found some unusual code in affected Synology devices apparently related to digital currencies. Owners complained that their NAS drives were performing sluggishly and had a very high central processing unit (CPU) usage.
Buried within the discovered code was a Dogecoin wallet address, and analysis revealed that it had received 500m Dogecoins, the bulk of which was earned in January and February 2014. The hacker had been using individuals’ own hardware to mine digital currencies for their own gain.
The US dollar and debt yields falling on the North Korea missile test, treasury being a top target for cyber criminals and why treasurers aren't into real-time payments all hit the latest headlines in the world of treasury this week. Don't miss our ten top news stories from around the world.
Treasurers are being expected to do more work with fewer resources than ever before, so it is little wonder that the automation of day-to-day operations was highly discussed on the second day of EuroFinance, the annual treasury event held in Barcelona this week.
Chicago based Treasury Management System (TMS) vendor GTreasury and Sydney based risk and treasury management vendor Visual Risk have joined forces in a strategic alliance to ... read more
After winning the German presidency for her fourth term, Angela Merkel must weld a coalition government or have a minority rule with the most far-right politicians seen in 50 decades.