Researchers at Sans Institute recently documented the case of a digital video recorder (DVR) that had become infected with malware designed to mine Bitcoin. The team was impressed with the attack primarily because the DVR in question didn’t have an interface for downloading software from the Internet.
To get around this hurdle, the attacker used a series of Unix commands in order to upload a Wget package – a bundle of software used to retrieve files using HTTP, HTTPS and FTP – to the DVR. With the software in place, it was a breeze to then connect to a server and download the Bitcoin miner.
The DVR in question was part of a series to show how vulnerable Internet-connected appliances can be to malware attacks. For this particular case study, Sans Institute CTO Johannes Ullrich purchased an EPCOM Hikvision S04 DVR from eBay and restored it to factory defaults. He then connected it to the web to see if online attackers would bite.
Within the first day alone, 13 different IP addresses made contact with the DVR and nearly half were able to log into the box using its default username and password. But it was the work of one attacker that impressed him the most – installing the Bitcoin mining software.
Ullrich used packet-sniffing software and learned the DVR was connecting to a mining server that relies on a large number of machines to do its dirty work. As we’ve outlined before, it’s not practical to mine Bitcoin using anything other than specially-designed hardware these days. But if you have thousands of inefficient miners at your disposal and it doesn’t cost you anything to operate them, there’s nothing to lose and anything you generate is pure profit.