- Dec 27, 2016
- 1,480
A report from the security intelligence group RedLock found at least two companies which had their AWS cloud services compromised by hackers who wanted nothing more than to use the computer power to mine the cryptocurrency bitcoin. The hackers ultimately got access to Amazon's cloud servers after discovering that their administration consoles weren't password protected.
"Upon deeper analysis, the team discovered that hackers were executing a bitcoin mining command from one of the Kubernetes containers," reads the RedLock report. Kubernetes is a Google-created, open-source technology that makes it easier to write apps for the cloud.
"The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the internet," the report says. The companies impacted were Aviva and Gemalto, both multi-billion dollar, multi-national companies. They were notified by RedLock about the issues.
Hackers are known to slip into corporate servers to steal data, which they usually sell for money, or give to state-actors who are looking for intel. But bitcoin mining is a different thing all together. These hackers are basically just stealing pricey space in corporate cloud storage.
RedLock discovered the breaches along with hundreds of other administration consuls which were unlocked across AWS, Microsoft Azure, and Google Cloud — most likely by a careless systems administrator.
But illicit bitcoin mining isn't always coming from the outside - CoinDesk reported that two IT workers for the government of Crimea were fired in late September, after it was discovered that they were mining bitcoins on their work computers. In January, an employee for the US Federal Reserve was put on probation and fined for mining on servers owned by the US central bank.
"Upon deeper analysis, the team discovered that hackers were executing a bitcoin mining command from one of the Kubernetes containers," reads the RedLock report. Kubernetes is a Google-created, open-source technology that makes it easier to write apps for the cloud.
"The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the internet," the report says. The companies impacted were Aviva and Gemalto, both multi-billion dollar, multi-national companies. They were notified by RedLock about the issues.
Hackers are known to slip into corporate servers to steal data, which they usually sell for money, or give to state-actors who are looking for intel. But bitcoin mining is a different thing all together. These hackers are basically just stealing pricey space in corporate cloud storage.
Power in numbers
Though anyone could try to mine bitcoin off their computer services, the process is super energy intensive, and could be costly in electricity costs alone. But it's worth while for many because success can be very lucrative.
To avoid the high cost of going at it alone, most bitcoin miners join a pool of different computers which combined their powers to solve complex algorithms. Successfully solving the problem generates a set number of new bitcoin, which as of Friday were worth upwards of $4,300 each. Inherent to its design, the cryptocurrency can be mined until there are a total of 21 million bitcoin floating around the internet, but the process becomes more and more difficult as the years pass.
RedLock discovered the breaches along with hundreds of other administration consuls which were unlocked across AWS, Microsoft Azure, and Google Cloud — most likely by a careless systems administrator.
But illicit bitcoin mining isn't always coming from the outside - CoinDesk reported that two IT workers for the government of Crimea were fired in late September, after it was discovered that they were mining bitcoins on their work computers. In January, an employee for the US Federal Reserve was put on probation and fined for mining on servers owned by the US central bank.
