Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Friday June 20 2014, @06:51PM   Printer-friendly
from the nas-based-beowulf-mining-cluster dept.

ThreatPost is reporting that a hacker, well-versed in malware and exploit development, took advantage of vulnerabilities in Synology network attached storage boxes popular with home users to mine more than $600,000 worth of the digital currency Dogecoin.

Researchers Pat Litke and David Shear of Dell SecureWorks' Counter Threat Unit published details of the attack, which exploited four vulnerabilities in the Synology boxes' DiskStation Manager Linux-based operating system. The bugs were reported last September and patched in February.

"To date, this incident is the single most profitable, illegitimate mining operation. This conclusion is based in part on prior investigations and research done by the Counter Threat Unit, as well as further searching of the Internet," they said. "As cryptocurrencies continue to gain momentum, their popularity as a target for various malware will continue to rise."

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday June 20 2014, @07:23PM

    by Anonymous Coward on Friday June 20 2014, @07:23PM (#58123)

    Much hack. Very money. Wow.

  • (Score: 0) by Anonymous Coward on Friday June 20 2014, @07:34PM

    by Anonymous Coward on Friday June 20 2014, @07:34PM (#58125)

    A hacker, well-versed in malware and exploit development

    Just when we heard that the NSA needed more creative financing and off-site exploration.

    Should we coin a new term? BlackOpHat? BlkOpHat?

    • (Score: 2) by Horse With Stripes on Friday June 20 2014, @07:43PM

      by Horse With Stripes (577) on Friday June 20 2014, @07:43PM (#58126)

      Should we coin a new term? BlackOpHat? BlkOpHat?

      I think this was clearly a case of a Hackertunist.

      • (Score: 0) by Anonymous Coward on Friday June 20 2014, @07:56PM

        by Anonymous Coward on Friday June 20 2014, @07:56PM (#58132)

        I think this was clearly a case of a Hackertunist.

        Which are quite rare compared to the opportoonists.

  • (Score: 3, Interesting) by BradTheGeek on Friday June 20 2014, @08:27PM

    by BradTheGeek (450) on Friday June 20 2014, @08:27PM (#58138)

    Lets see what laws were broken here...
    Hacking/unauthorized use of a computing device (multiple times).

    What damage was done? None that I can see except possible slowing peoples NAS boxes down. With smart enough setup, you could minimize that by lowering how hard you mine based of of other apps needs. IE, you see the transcoder process start because a user is streaming, or you see excessive disk access, then you stop/slow your mining process. Therefore minimal user impact.
    The other impact is electricity. I do not know the exact specs, but lets say the NAS boxes draw 15W idle and 150W spooled up to max. How much was actually stolen, in the form of an increased electricity bill from the 'victim'?

    Now, I do not it should have been done, but the victim impact seems small. It makes for another interesting question though. Could one design a lightweight mining box (for whatever coin) that mines at high enough rate above the average cost of electricity (given the volatility of coin prices hard to do, so offer no guarantees), then market it it to users as a NAS or other appliance.. since it is configured as such. The user knows the mining is taking place, and takes a cut of the mining profit while the selling company manages all other aspect (pools, configs, downtime, upgrades, etc). The user gets some computing appliance they want (perhaps at a discounted price), and the vendor gets to build a huge mining pool legitimately.

    • (Score: 0) by Anonymous Coward on Friday June 20 2014, @09:34PM

      by Anonymous Coward on Friday June 20 2014, @09:34PM (#58169)

      It almost sounds you are saying if the impact is small it is boarder line ok. However this does pose another question. is it morally ok if the "victim" impact is small and no real harm was done? Would you have done this hack?

    • (Score: 3, Interesting) by DECbot on Friday June 20 2014, @09:39PM

      by DECbot (832) on Friday June 20 2014, @09:39PM (#58172) Journal

      Are you telling me my smart phone isn't already doing this? Why the hell does my battery drain so quickly then?

      Oh yeah, NSA/advertisers' click, image, conversation, and location tracking. But anyhow, I was thinking about how to implement something like this at home, but never got around the cost of energy issue. Perhaps if I consider putting it on a solar panel or wind turbine, such a rig could actually turn a profit..... time to search for bit-mining equipment, power requirements, solar panels, and measure the size of my roof....

      .... Perhaps in 20 years, once the investment is paid off, I might be able to afford a burger from the profits. If only I had access to a few thousand consumer devices, something that sat around all day consuming power but with little load. You know, like a NAS box or a refrigerator. Yessss... my precious... an Internet of Things.....

      --
      cats~$ sudo chown -R us /home/base
    • (Score: 3, Interesting) by hankwang on Saturday June 21 2014, @12:46PM

      by hankwang (100) on Saturday June 21 2014, @12:46PM (#58385) Homepage

      How much was actually stolen, in the form of an increased electricity bill from the 'victim'?

      Apparently, ARM CPUs do about 4 kilohash/s at 6 W [litecoin.info]. According to this dogecoin mining calculator [coinwarz.com] that will cost 5 $/yr in electricity (at 0.10 $/kWh) and yield about 1.79 US$/yr in bitcoin, at the present rates.

      For an individual victim, it disappears in the noise of the electricity bill, but overall the US$ 600k in Dogecoin would be US$ 1.7M that he spent on other people's electricity bills. Probably part of it was spent a while ago when Dogecoins were easier to mine. And they probably didn't just select people with a low electricity rate; for example, over here (Netherlands), electricity is 2.5 times more expensive.

  • (Score: 3, Funny) by DECbot on Friday June 20 2014, @09:49PM

    by DECbot (832) on Friday June 20 2014, @09:49PM (#58178) Journal

    What checkbox do I need to click to enable this feature?

    --
    cats~$ sudo chown -R us /home/base
  • (Score: 1) by axsdenied on Friday June 20 2014, @11:35PM

    by axsdenied (384) on Friday June 20 2014, @11:35PM (#58232)

    Those boxes have really slow CPUs and no GPUs. Mining anything on them would return almost zero profit nowadays.
    Even if he hacked millions of them I still find it hard to swallow the story.

  • (Score: 3, Insightful) by kaszz on Saturday June 21 2014, @03:36AM

    by kaszz (4211) on Saturday June 21 2014, @03:36AM (#58294) Journal

    Did this hacker get caught?

    And is this cryptocurrency really worth something? or just like wallstreet valuation....
    (don't forget antivirus company estimation of "damages"..)