Researchers from Dell's SecureWorks Counter Threat Unit has just announced that it has uncovered the exploits of a thief who hijacked the networks of Internet service providers to steal $83,000 worth of bitcoins and other cryptocurrencies.
The unnamed hacker, who committed the thefts from February to May this year, managed to gain access to the networks of major hosting companies such as Amazon, OVH and Digital Ocean. The hacker redirected the connections of cryptocurrency miners to a mining pool that he controlled. In the end, the CTU said that the thief gained access to 51 networks from 19 ISPs.
The hijacker's victims first became aware of the attacks last March 22. A user on bitcointalk.org, who went by the username "caution," reported suspicious activity on the mining poll on wafflepool.com.
Other users in the forum said that they were having the same problem. The mining systems were said to be redirecting to an unknown IP address. The hijacker continued giving work to miners. However, when a block was found, users no longer received their cut from the mining effort. The hacker managed to do this by redirecting the mining traffic to a malicious server.
While the first reports of the hijackings came out in March, CTU claims that the hacker first attempted to divert mining traffic on Feb. 3. According to the group's analysis, the hijacker tried to compromise networks for an entire week in February. His first attempts may have been unsuccessful because it went unnoticed.
The hacker sent out Border Gateway Protocol broadcasts. BGP is an external routing protocol that connects network on the web. CTU was able to trace his malicious announcements to an ISP in Canada. The research group claims that the hacker may either be a rouge ISP employee, an ex-employee who still has the router password or a malicious hacker.
"An estimated $2.6 million in cryptocurrency mining activity occurs every day. Every network administrator should prepare for the risk of narrowly focused, malicious BGP hijacking incidents," SecureWorks' Pat Litke and Joe Stewart said in a press release.
Aside from bitcoins, the hacker also stole other cryptocurrencies such as dogecoin, HoboNickels and WorldCoin.