Hackers are using Internet-connected appliances to mine Bitcoins

[Shawn Knight]

Researchers at Sans Institute recently documented the case of a digital video recorder (DVR) that had become infected with malware designed to mine Bitcoin. The team was impressed with the attack primarily because the DVR in question didn’t have an interface for downloading software from the Internet.

To get around this hurdle, the attacker used a series of Unix commands in order to upload a Wget package – a bundle of software used to retrieve files using HTTP, HTTPS and FTP – to the DVR. With the software in place, it was a breeze to then connect to a server and download the Bitcoin miner.

The DVR in question was part of a series to show how vulnerable Internet-connected appliances can be to malware attacks. For this particular case study, Sans Institute CTO Johannes Ullrich purchased an EPCOM Hikvision S04 DVR from eBay and restored it to factory defaults. He then connected it to the web to see if online attackers would bite.

Within the first day alone, 13 different IP addresses made contact with the DVR and nearly half were able to log into the box using its default username and password. But it was the work of one attacker that impressed him the most – installing the Bitcoin mining software.

Ullrich used packet-sniffing software and learned the DVR was connecting to a mining server that relies on a large number of machines to do its dirty work. As we’ve outlined before, it’s not practical to mine Bitcoin using anything other than specially-designed hardware these days. But if you have thousands of inefficient miners at your disposal and it doesn’t cost you anything to operate them, there’s nothing to lose and anything you generate is pure profit.

Permalink to story.

https://www.techspot.com/news/56667-hackers-are-using-internet-connected-appliances-to-mine-bitcoins.html

 

[Jad Chaar]

Eh this really doesnt surprise me.

 

[Nima304]

Here's another example of how vulnerable the "Internet of things" really is. Functionality is great, as long as robust security comes along with it. Make sure that everything you give a public face to the Internet to is secure.

My dad asked me a couple days ago what it would take to set up a security system, HVAC system, and CCTV camera system which could all be remotely administered via the Internet. I gave him a long lecture about how hackers could compromise the infrastructure through vulnerable remote management interfaces and do whatever they want to you afterwards. Here's proof of this occurring.

 

[Guest]

It seems every new device/software/technology deals with security last. If you are going to connect to the internet, security should be first.

 

[RenGood08]

I agree with both you Nima and the Guest guy. I lecture my parents and teach my parents security all the time. They aren't very tech savy, so I teach them all about technology. The perks, downsides and anything else in between. If security isn't your first thought when the internet is into play, then you are approaching it wrong and need to rethink your strategy. The first thing attackers go after is stuff not properly protected on the internet. (Like leaving default passwords on things, not having hard enough passwords, or not having a password to authenticate at all.)

 

[Misagt]

I love my computer and spend a large amount of time online. With that said, I do try and keep as much of my house offline as possible as I prefer that only I have access to things in my home.

 

[treetops]

This reminds me of my friends step dad in high school, he was retired 30 years in the air force. He yelled at us for connecting the computer to the phone lines to play games modem to modem. He was like dont you know how easy it is for hacker to access my computer!

We thought he was crazy, he drank natural ice after all. But seeing stories like this makes me reconsider his theories on UFO space travel lol.