Cybercriminals Steal Cryptocurrency Via BGP Hijacking

  • 8 August 2014
  • 1 reply
  • 353 views

Userlevel 7
By Eduard Kovacs on August 08, 2014 Cybercriminals Steal Cryptocurrency from Mining Pools Via BGP Hijacking
Over the course of four months, threat actors managed to make tens of thousands of dollars by redirecting the connections of cryptocurrency miners to mining pools they control, the research team at Dell SecureWorks' Counter Threat Unit reported on Thursday.
According to researchers, the attackers compromised 51 pools at a total of 19 hosting companies, including Amazon, Digital Ocean, OVH, ServerStack, EGIHosting, Choopa, LeaseWeb and B2 Net Solutions.
The attacks leveraged the Border Gateway Protocol (BGP), an external routing protocol that connects networks on the Web. BGP prevents malicious networks from hijacking traffic because both ends of networks linked via this protocol must be configured manually in order to communicate properly.
 
SecurityWeek/ Full Article Here/ http://www.securityweek.com/cybercriminals-steal-cryptocurrency-bgp-hijacking

1 reply

Userlevel 7
The following article is a update on BGP Hjacking
(BGP hijacking for cryptocurrency profit )
 
by https://mailto:mzorz%28at%29net-security.org - Editor in Chief - Tuesday, 19 August 2014.
 
In cryptocurrency, "mining" is the act of validating transactions listed in the public ledger (also known as the block chain). When a transaction is initiated, it is placed in a queue where it is prioritized based on the date and time of submission, and the size of the affixed transaction "fee."

Working from the top of the queue, miners cryptographically attempt to "find a block," which entails crunching numbers to satisfy a particular formula while simultaneously agreeing as network that the calculated results are valid. Mining is a generic activity; the mining pool dictates which cryptocurrency is mined.

In this podcast recorded at Black Hat USA 2014, Joe Stewart, Director of Malware Research at Dell SecureWorks, talks about his team's discovery of suspicious activity occurring on mining systems connected to the wafflepool.com mining pool.

 
Help Net Security/ Full Article Here/ http://www.net-security.org/article.php?id=2100

Reply