Network hijacker steals $83,000 in Bitcoin ... and enough Dogecoin for a cup of coffee Researchers at Dell's SecureWorks Counter Threat Unit (CTU) have identified an exploit that can be used to steal cryptocurrency from mining pools – and they claim that at least one unknown miscreant has already used the technique to pilfer tens of thousands of dollars in digital cash. The heist was achieved by using bogus …
Something I pointed out several months ago, when I stated that it would only cost a few thousand to hit the BTC network with a 51% attack….
But some idiot stated "you need 51% of the network to commit BTC fraud… no one can afford to get equipment to generate 51%"
Simples… just attack the routing on the mining pools…. glad someone was listening…
I've looked through your comments to find out what it is you said and I can not find any matching comment.
If you claimed that it would only cost a few thousand to hit it with a 51% attack then you were wrong.
As for "just attack the routing" you will fail. If you had read and understood the article you would read this bit: "This requirement ensures malicious networks cannot hijack traffic without human intervention from a legitimate network." In other words you have to have legitimate access to the routers to hijack the traffic.
The error was in 3 places.
1) no client-server authentication. (As article states)
2) security in ISP hosting the attack.
3) security on peer isp, which should have had the policies in place not to accept invalid route advertisements.
3 doesnt apply if both the original and breach servers were in the same ISP. I don't think many ISPs do protective policies within their iBGP.
It is frightening to realise that networks are too complicated to have a proper password renewal scheme that has any relevance.
I've worked in companies that force employees to change password every month. I can only imagine the chaos that such a measure would create in an ISP. Unfortunately, whereas in a private company I do not see the use of such measures, in an ISP there is a definite use case for it.
Any decent network uses Tacacs or similar. Turn access off for depating employees with one click.
Further, secure ISPs now choose to enable change access only through a change process, no change authorised without permission...
I don't understand the comment in the final paragraph that miners just need to enable TLS. Surely that doesn't guarantee that their packets get to the right place: merely that they drop the connection to the hijackers? So once the "tick" ends, their proof of work is still unsubmitted, and the result is that the Bitcoin remains unmined? Or have I misunderstood how mining works?
"Cryptocurrency miners, on the other hand, have an even easier solution available: they can require their mining pool servers to use Secure Socket Layer (SSL)"
Getting a SSL cert from the dozen browser approved CAs is way easier than to hijack BGP. And BGP routers go years without a firmware upgrade, so it's very likely that we'll see these kind of attacks again in future.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
