Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DVRs Used To Attack Synology Disk Stations and Mine Bitcoin

Unknown Lamer posted about 7 months ago | from the dvr-burned-the-house-down dept.

Security 75

UnderAttack (311872) writes "The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device."

Sorry! There are no comments related to the filter you selected.

Why is anyone surprised... (4, Insightful)

TWX (665546) | about 7 months ago | (#46627955)

...by this?

I'm more surprised that we haven't seen reports of infected DVD and Blu-ray players whose only purpose is to seek out more powerful devices (PCs, smartphones) on peoples' networks to compromise and turn into bitcoin zombies. After all, it only takes a few people to come up with the exploits in the first place, and then 5kr1p7 k1dd13s can use the tools others have created.

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46627983)

I keep imagining Kevin Spacey as Lex Luthor going...."BILLIONS, once again you underestimate me!" when this happens.

next hack all of the dish, directv, and cable ones (0)

Anonymous Coward | about 7 months ago | (#46628025)

next hack all of the dish, directv, and cable ones and make HBO free and with no HDCP.

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46628033)

I'm surprised because even if ever single one of these devices were dedicated to mining, due to the wimpy CPU in them, the virus authors might manage to make a few pennies, tops.

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46628097)

They didn't teach you multiplication in school?

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46628117)

That is after a few hundred million of them they might make some money. It takes a gigahash/s to actually mint enough coins to buy a chocolate bar nowadays. I'd say these things should clock in somewhere in the low kilohash/s range.

Do you think they made a few hundred million of these camera boxes? That would put them somewhere in the range of a few per person in the developed world. I know I don't have any at home. :P

Re:Why is anyone surprised... (1)

Cramer (69040) | about 7 months ago | (#46628121)

Obviously, you didn't learn much there yourself? 25MHz * ??? = 2.5GHz and that would be one core of a modern CPU. (the answer is 100 by the way.) [Security DVRs are some of the least powerful hardware around. We aren't talking about a current gen Tivo Romio -- which is still a bad choice for mining.]

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46628199)

>25MHz * ??? = 2.5GHz and that would be one core of a modern CPU

Holy fuck, my eyes are bleeding from reading that. Megahurtz do not work that way, kid, even if bitcoin is perfectly parallelizable.

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46628157)

Let's see if they taught you multiplication in school: How many infected systems of this type would it take to mine any significant amount of bitcoins?

Re:Why is anyone surprised... (4, Insightful)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46628443)

If memory serves, most of Synology's non-intel NASes are Marvell based. Marvell's fastest device, in terms of general compute, is the MV78460. 4 cores, ARMv7, up to 1.6GHz. As documented here [synology.com] most Synology NASes ship with something slower than that.

For reference, a 1.6GHz 'Kirkwood' Marvell core is good for slightly under .2 meghashes/s. About half as fast as an Atom CPU, less than 1/4000th as fast as an AMD7970, and just plain embarassing compared to the ASICs that do most of the work these days. With devices that run on USB power alone pulling north of 1gighash/s, you could probably own every Synology ARM NAS in the first world and barely pay yourself for your time.

Re:Why is anyone surprised... (3, Informative)

Anonymous Coward | about 7 months ago | (#46628801)

For even more perspective: The current hash rate on the Bitcoin network is about 40,000,000 gigahashes per second. With 0.2 megahashes per second, you can expect to earn 3600*0.2/40,000,000,000 Bitcoins per day. That's 0.000000018 Bitcoins (or about two Satoshis) per day. At that rate, it would take 380 years to earn a dollar.

"Bitcoin": Error in reporting? (3, Informative)

DrYak (748999) | about 7 months ago | (#46629167)

That might also be an error in reporting: TFA's Author might have written "bitcoin mining" (for lack of understanding the whole alt-coin ecosystem) when it would be best described as "cryptocurrency miner".
The last few article on /. mentioning mining malware, all said "bitcoin mining" when careful reading showed up that in fact the malware didn't mine bitcoins but another cryptocurrency better suited for CPU (one of the latest I remember was PTShares).
Reporter just say "bitcoin mining" because that's the only thing they know and they vaguely remember that creating bitcoins was something CPU intensive.

The black-hats creating sophisticated malware (a worm, infecting vulnerable connected DVR, so they in turn can attack Synology NAS and launch mining software) aren't probably stupid enough to mine bitcoin, they probably know better, and the miner is for whatever is the current most CPU-worthy (i.e.: non SHA-256^2 baesd) cryptocurrency-coin.

ARM Chips?? (0)

Anonymous Coward | about 7 months ago | (#46637459)

I'm wondering what the overall hashing rate of their 'botnet' is?

Combine the low hashing rate with the latency inherent in scattered devices on a network and... I see there needing to be a huge supply of them to produce any decent amounts of accepted shares on a pool. Heck, I'm running the new ccminer on 2 Nvidia 650Ti's and getting almost 11mh/s mining HeavyCoins. That may sound like a lot to some people, but the BitCoin difficulty is in the BILLIONS... yeah, 5 billion and climbing.

I'm actually making .5% a day on a different venture that doesn't mine bitcoins, yet pays bitcoins every 10 minutes. Heck, the last 3 days have been averaging almost .7% a day in profits. Come check it out at thecleangame[.]net/multicoin So far we have a great group of folks in the beta program and the site is about to go live.

Massive things are happening in the mining world these days... come join the fun! :D

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46628153)

due to the wimpy CPU in them, the virus authors might manage to make a few pennies, tops.

yeah .. looks like someone got some brains out here .. fucking bitcoin monkeys will make news of mining exploits on a watch .. I'm sick of this bitcoin hype .. IT's stupid to start with because It's not anonymous , It starts an arms race and 90% of the people involved are RETARDS . have fun RETARDS.. phew .. what "money" can do .. turdcoin

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46628257)

and Synology devices run ... LINUX.

Hello folks, I think the 'virus free' honeymoon is over.

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46628365)

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it, writes SecurityFocus columnist Scott Granneman.

Re:Why is anyone surprised... (2)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46628471)

and Synology devices run ... LINUX.

Hello folks, I think the 'virus free' honeymoon is over.

Maybe I'm just pessimistic; but I thought it had been a truism for some years that embedded linux, especially in the cheap seats, was a total clusterfuck: firmware never getting released at all, firmware getting released with exploits that were known before it was even built, loads of shoddy little hacks to get the product out the door, and so on.

Re:Why is anyone surprised... (1)

cusco (717999) | about 7 months ago | (#46629517)

And pretty much every single process running as root. On a lot of dedicated security DVRs, especially the cheap ones, root is the only user too. If you wanted to see a true clusterfuck of Linux programming just needed take one of the GE brand security DVRs out of the box. Now that they've sold their security products to United Technologies the situation has supposedly improved, but I have my doubts.

Re:Why is anyone surprised... (4, Informative)

Pope (17780) | about 7 months ago | (#46630103)

Synology's firmware is updated p. regularly in my few month's experience of owning a DiskStation.

Re:Why is anyone surprised... (1)

SpzToid (869795) | about 7 months ago | (#46628635)

As an alternative to Synology, how about FreeNAS running on an ITX platform:

http://www.ixsystems.com/stora... [ixsystems.com]

Because the software is better supported via the FreeNAS community?

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46628831)

Linux with a default pasword of 1234. It's not a hack...

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46630437)

I hacked mine to open up my luggage for me.

Re:Why is anyone surprised... (2)

K. S. Kyosuke (729550) | about 7 months ago | (#46630023)

Even the best doors and locks won't protect the idiot who leaves them wide open.

Re:Why is anyone surprised... (2)

Zero__Kelvin (151819) | about 7 months ago | (#46630529)

This has absolutely nothing at all to do with viruses. Cracking in to a system that has a weak password has quite literally nothing to do with the security of the OS, and everything to do with the lack of security as implemented by the consumer.

Re:Why is anyone surprised... (3, Insightful)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46628379)

...by this? I'm more surprised that we haven't seen reports of infected DVD and Blu-ray players whose only purpose is to seek out more powerful devices (PCs, smartphones) on peoples' networks to compromise and turn into bitcoin zombies. After all, it only takes a few people to come up with the exploits in the first place, and then 5kr1p7 k1dd13s can use the tools others have created.

The main surprise is just that it's worth the trouble. Synology's high end has a few systems built around notably undistinguished Xeons(more for ECC support than anything else, they don't use very speedy ones); but if this attack is built for ARM, you are talking the relative cheap seats. Probably kilohashes to low megahashes per second, depending on how much capacity you reserve for the intended function of the device.

Even free-as-in-stolen, you're telling me that the best use somebody can think of for a botnet of network attached storage devices is generating maybe as many hashes as one of those cheapo USB-stick ASICs, rather than, say, basking in juicy private data and massive stolen storage space?

Re:Why is anyone surprised... (2)

Neil Boekend (1854906) | about 7 months ago | (#46628449)

Maybe they also installed a bitcoin botnet to cover up their real "work".

Re:Why is anyone surprised... (1)

Anonymous Coward | about 7 months ago | (#46628763)

This is logical, I can completely see this —why not throw a bitcoin miner in there for fun? At worst, you earn nothing on top of what you're really up to.

Re:Why is anyone surprised... (1)

coastwalker (307620) | about 7 months ago | (#46629005)

Completely agree, the bitcoin miner is just the headline. The rest of it is to scan the contents of the NAS, I wonder which government owns them?

Re:Why is anyone surprised... (1)

dbIII (701233) | about 7 months ago | (#46628473)

you're telling me that the best use somebody can think of for a botnet of network attached storage devices

If criminals were bright enough to think of those other applications they would probably be able to think of the consequences if they get caught.
Unless you are already doing it how many people would have a clue where to fence stolen credit card numbers let alone any other "juicy private data".
With bittorrent etc I don't know it "massive stolen storage space" has any value.

Last word - what the fuck are people doing letting cheap and nasty NAS drives be routable from out on the internet? It's not as if a VPN is hard these days and it's not as if even a $30 piece of gear can keep the nasties out in it's default configuration. These things are only likely to be exposed if somebody fucks up.

Re:Why is anyone surprised... (1)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46628537)

'Cheap and nasty' = 'purchased and installed by amateurs trying to save money'. Down that path lies nothing good. Extra demerits are, of course, awarded to any vendor whose shitty 'cloud monitoring' service uPnPs like a madman trying to punch through whatever feeble pretense of security your equally crap router might have provided in order to be 'user friendly' and allow you to watch your house be burglarized from your smartphone or whatnot.

Re:Why is anyone surprised... (1)

dbIII (701233) | about 7 months ago | (#46628657)

any vendor whose shitty 'cloud monitoring' service

Ah - that's the truly special level of stupidity I had not considered.

Re:Why is anyone surprised... (1)

gl4ss (559668) | about 7 months ago | (#46628803)

the cheap and nasty nas drive isn't visible to internet but has access to internet.. that's a quite common setup. but the dvr's themselves are connected to the internet(so that their owners can see the video feeds on their ipads...).

Re:Why is anyone surprised... (2)

AmiMoJo (196126) | about 7 months ago | (#46629303)

This suggests that this malware has been around for a long time, dating from back when it was worth mining Bitcoins with a low end CPU. Three or four years maybe.

We can hope that Bitcoin mining was just a module someone added to it, or was in there from way-back-when and the malware has slowly evolved and added new infection vectors that were only recently discovered. Otherwise it must have been floating around undetected for years, and in the early days might have actually generated some cash.

Re:Why is anyone surprised... (1)

tlhIngan (30335) | about 7 months ago | (#46630587)

This suggests that this malware has been around for a long time, dating from back when it was worth mining Bitcoins with a low end CPU. Three or four years maybe.

Uh, why is CPU mining pointless today? Because the returns are so low?

Yes, the returns are very low. However, they're non-zero. So if you can find a pile of computing devices that you can use for FREE, even if you only earn 0.001 BTC a day, that's still a positive ROI for you.

Now couple that with millions of PCs, routers, DVRs, etc., and suddenly 0.001 BTC per day per device on average is not too shabby anymore. Even 0.000001 BTC still makes it worthwhile.

Remember, the cost of the equipment, electricity, etc is FREE to the miner.

Hell, there are plugins to Unity (the game engine) that does Bitcoin mining for developers to release free-to-play games, as well. (Presumably for both computers and mobile devices, so no, the game is not heating the CPU because its got awesome graphics and play, but because it's mining behind your back).

The ROI of CPU mining is high when the I is low

Probably *NOT* bitcoins (1)

DrYak (748999) | about 7 months ago | (#46629369)

As I've mentionned above, it's probably NOT bitcoins being mined.
The last few article on /. mentioning mining malware, all said "bitcoin mining" when careful reading showed up that in fact the malware didn't mine bitcoins but another cryptocurrency better suited for CPU (one of the latest I remember was PTShares).
Reporter just say "bitcoin mining" because that's the only thing they know and they vaguely remember that creating bitcoins was something CPU intensive.

If the black-hats are smart enough to think this contrived way to infect the synology (infect first the "always on internet" DVR and only then, once you're on the other side of the firewall, start scanning the home intra-net for NAS hidden behind the firewall), perhaps they are also able to pick a CpU worthy (ie.: not SHA-256^2 based) cryptocurrency coin.

Even free-as-in-stolen, you're telling me that the best use somebody can think of for a botnet of network attached storage devices is generating maybe as many hashes as one of those cheapo USB-stick ASICs, rather than, say, basking in juicy private data and massive stolen storage space?

While you're at it, it's best to take as much opportunity as possible.
- you can "safely" mine on a nas, because the clueless user won't notice a heavily degraded performance (unlike on their desktop).
- you can pick-up a coin which won't be beaten by cheapo USB ASICs: math based coins (like PrimeCoin, RieCoin, etc.) are still mined on CPUs. SHA3 based coins (CopperLark, QuarkCoin, etc) don't have an efficient GPU implementation yet. SCrypt-based coins are some memory-intensive, that the jump between hardware generations doesn't yield such a strong difference in hash rate: even if the current mining is mostly done on GPU and some early experimental FPGA, high-end server CPU can still give Litecoin for their run. (so even if the ARM inside NAS isn't that powerful, a whole botnet mining Litecoin could still earn some money back).

And last but not least:
- that the worm download a payload for mining bitcoins, doesn't prevent the the worm to also download a payload for scanning credit-cards numbers, SSN, naked photos, etc.
So don't despair, the massive stolen storage space will also be juiced for all it's worth.

The coin-mining at least is low bandwidth, and it's possible for the blackhats to check if their plan is working just by looking at the income on the cryptocurrency address used for mining. Scanning the stolen storage space would be much more bandwidth intensive (the victim would notice that "their internet has become slow").

On the other hand, getting that money out of the botnet and into the black-hat's pockets is going to be tough:
cryptocurrency aren't anonymous. in fact they work based on the exact opposite: every single transaction is boardcaster to the whole network. While this provide good security against counterfeit wiithout needing a central authority (the whole point of the bitcoin protocole), that also means that anyone can follow the transaction following this mining.
If the hackers indeed used a rare CPU-based coin, that means that they can't do much except exchange it on one of the few major exchange which accepts even very minor coins (like cryptsy). That means it's rather easy for law forces to collaborate with cryptsy to try and catch any transaction with coins coming from this mining- then it's just a question of matching this transaction with user profiles and/or follow the money trail further.

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46631107)

Are you familiar with the difference between pooled mining and solo mining? Even one block reward payout would be worth the effort if you were solo mining and "got lucky".

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46631679)

when we do takeovers its not that uncommon to find that these things have been turned into cp/warez ftp servers.

Re:Why is anyone surprised... (1)

Lumpy (12016) | about 7 months ago | (#46629129)

Because only complete and utter morons put their DVD player directly on the internet. While a security DVR is required to be in the internet or accessible via the internet for remote viewing.

It's why I simply point and laugh at the fools that all herald ipv6 where they can have a public IP for every device. Only idiots want that, those of us that are sane only want public facing IP for the devices that need it.

Re:Why is anyone surprised... (1)

Anonymous Coward | about 7 months ago | (#46629327)

>> Because only complete and utter morons put their DVD player directly on the internet

Welcome to DVD player.

Choose WIFI network. [click]

Input WIFI password [click]

Thank you, enjoy.

Re:Why is anyone surprised... (1)

cusco (717999) | about 7 months ago | (#46629575)

I work in the security industry, and you would be absolutely shocked at some of the work being done out there. The residential and retail markets are absolutely the worst, since there's no money to be made there unless you're pumping out dozens of slipshod installations per week per installer. For most of those guys their level of technical expertise is that they can find porn and Facebook on the Internet.

a security DVR is required to be in the internet or accessible

Huh? Not just 'NO' but 'NO FUCKING WAY NO'. Even most of the iToys have a VPN client, there is absolutely no reason to put any security device on the Internet for any reason (except maybe as a honeypot).

Re:Why is anyone surprised... (0)

Anonymous Coward | about 7 months ago | (#46632061)

Security people are typically far too stupid to understand what VPN is. 99.97% of all security DVR's are on the internet, just freaking google any keywords from common DVR start pages and you will find thousands of hits.

Plus every single place that has the things, like gas stations and stores, are ran by drooling morons that will never pay for a "VPN" thingy.

Editor? (0)

Anonymous Coward | about 7 months ago | (#46627957)

Grammar.

Not for Slashdot.

Obligatory... . (0)

Anonymous Coward | about 7 months ago | (#46627977)

I've got the same combination on my luggage!

I hate April fools on the internet. (0, Troll)

Anonymous Coward | about 7 months ago | (#46627987)

I hate April fools on the internet... April fools only works in person, it is just dumb and possibly dangerous on the internet.

Re:I hate April fools on the internet. (3, Informative)

nbetcher (973062) | about 7 months ago | (#46628037)

Unfortunately this does not appear to be a case of April fools. Somehow I wish it were.

Re:I hate April fools on the internet. (1)

exomondo (1725132) | about 7 months ago | (#46628167)

I hate April fools on the internet... April fools only works in person, it is just dumb and possibly dangerous on the internet.

Posted by Unknown Lamer on Monday March 31, 2014 @11:58PM

management fools (1)

dltaylor (7510) | about 7 months ago | (#46628351)

But when you've actually been asked by management whether you've implemented RFC 3514 (the "Evil Bit"), how can the Internet NOT be better?

Re:I hate April fools on the internet. (1)

evilviper (135110) | about 7 months ago | (#46628481)

Posted by Unknown Lamer on Monday March 31, 2014 @11:58PM

The date/time you see on the story depends on your timezone. Yet it doesn't put everyone else into a time-warp where it's not April 1st for them...

This story absolutely was posted on April 1st, /. local time, as evidenced by the date embedded in the link to it:

http://it.slashdot.org/story/1... [slashdot.org]

I'm confused (2)

viperidaenz (2515578) | about 7 months ago | (#46628085)

Interestingly, all of this malware is compiled for ARM CPUs

How else does malware running on ARM based systems work?

Re:I'm confused (1)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46628475)

It's JVMs all the way down. Except for the one that's actually Dalvik and willing to go head-to-head with Oracle to prove it.

Much better this year (5, Funny)

AuMatar (183847) | about 7 months ago | (#46628135)

This april fools is believable.

Anonymous Coward (0)

Anonymous Coward | about 7 months ago | (#46629989)

Unfortunately it is all too believable...

espresso machines (0)

Anonymous Coward | about 7 months ago | (#46628165)

are you sure espresso machines are not being used for same purposes? mine seem to be running out of coffee every 3 cups or so

Worth (0)

Anonymous Coward | about 7 months ago | (#46628181)

Even though these people aren't paying for the power these devices use, I really doubt that there is any worth doing this. Even with thousands of them, could you mine a single block chain on an ARM processor when the network is overruled with FGA devices?

Re:Worth (1)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46628505)

I don't have an exact answer, Synology ARM devices vary, though mostly Marvell based; but for reference the 'Sheevaplug', based on a slightly obsolete Marvell storage processor, is quoted to be good for about .2 megahashes/second. I don't keep up with bitcoin difficulties, just don't care that much; but with USB-stick ASIC devices claiming 1 gigahash/second and greater, you'd need to own a mind-boggling number of these things to make it worth the time.

It's doubly weird because NASes probably have some neat stuff stashed on them, and would also be natural hosts for some sort of 'super-sleazy-CDN' type project, which would be equally illicit but might actually be worth more than a lukewarm cup of instant coffee.

April 1st (0)

Anonymous Coward | about 7 months ago | (#46628221)

Glad this made it in before April 1st.

Counterfeit (1, Interesting)

Oligonicella (659917) | about 7 months ago | (#46628233)

These should be considered counterfeit. True, they are probably good bitcoins in the accuracy department, but by no stretch of the imagination could they be considered legitimately mined. Is there a mechanism built into the bitcoin structure that allows for this and voids the coins?

Re:Counterfeit (1)

Anonymous Coward | about 7 months ago | (#46628253)

There is not, unless 51% of the network refuses to continue work on any chain containing a transaction that spent these balances.

Bitcoin was designed this way with no central control because many in the community see the ability for others to arbitrarily decide someone's money is worthless to be a bug, not a feature.

Asking it a pyramid scam ponzi token is legit? (-1, Troll)

dbIII (701233) | about 7 months ago | (#46628489)

So you want a mechanism to distinguish one ponzi from another that may is some way be associated with dishonesty?
It does not matter.
With bitcoin a new bitcoin from any source increases the value of existing bitcoins so the perpetrators do not care where it comes from.

Re:Counterfeit (2)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46628529)

Trying to determine whether a series of hashing operations resulting in a mathematically valid bitcoin is like trying to determine whether or not a file is copyright-infringing by examining it with a hex editor.

Sure, I'd cry approximately -6 tears if the person behind this were to be caught and hauled off, and if he actually managed to mine anything(which would surprise me) I'd have no problem with the notion of his being forced to disburse the minings to his victims; but attempting to determine, from the results of a calculation, whether that calculation was conducted on a CPU not owned by the person who instructed the calculation to be performed is practically a category error. It just doesn't make sense.

If you have outside knowledge(like the arrest and conviction of the cracker), you can make inferences from that(and also use that as a basis for forcing him to disgorge the ill-gotten gains); but absent such additional information, a mathematical operation is what it is, there is no 'licitness' metadata.

Re:Counterfeit (2)

rtb61 (674572) | about 7 months ago | (#46628851)

Of course we all know of a security agency that just positively loves video feeds for it's extortion program anything else just a cover. The interesting part of the story, how honeypots are much better at establishing internet security than engaging in global criminal activity, of course one is about law and order and the other is about criminal extortion with a political basis.

Yes and no (1)

DrYak (748999) | about 7 months ago | (#46629445)

Is there a mechanism built into the bitcoin structure that allows for this and voids the coins?

Is there a mechanism built into hard cash that allows to void the silvercoins/bank bills to be remotely voided? No.
And basically any cryptocurrency works the same. There's by definition NO SINGLE ENTITY in control of the bitcoin protocol (that's the whole point of it).
so nobody could remotely void any coin. (but at least that means that legally earned crypto-mony won't suddenly vanish neither... no fraudulous chargebacks on the bitcoin network)

On the other hand, cryptocurrencies aren't anonymous. At all. In fact they are (again by definition) the exact opposite: every signle transaction is broadcasted to the whole network. That really helps the security (thus every single node on the network can check and verify all transaction) without needs for a central authority (see previous point). But that also means that anyone can follow transaction a follow money jumping from one public key to another.

As the blackhats aren't probably mining actual bitcoins, but some minor alt-coins which is much more mine-able on CPUs, at some point, they'll need to exchange it for something more easily spendable. So they need to send them to one of the (few) exchanges accepting less known coins (Probably cryptsy).
Law forces could collaborate with exchanges and try to catch transaction whose coins can all be traced back to the initial mining by this botnet.
Then it's a matter of matching transaction with profiles registered at the exchange or further following the money trail.

But did you not already know that this is the word (0)

Anonymous Coward | about 7 months ago | (#46628237)

The word? The word is weebles wobble but they do not, I repeat, do not, fall down. You heard the word right. Weebles do wobble, yes, but they do not - that's right, do not - fall down.

hardyharhar but of course weebles fall down you foo you. No gosub and multiply.

Re:But did you not already know that this is the w (1)

JustOK (667959) | about 7 months ago | (#46628411)

Bird is the word

Re:But did you not already know that this is the w (0)

Anonymous Coward | about 7 months ago | (#46634699)

rubbish!

Grease is the word, not only is it the word, it's also the time and the place, and indeed the motion!

OT: Where's my pink ponies? (0)

Anonymous Coward | about 7 months ago | (#46628249)

It's 90 minutes into April USA time and still no OMGPONIES!!!!!

Maybe that's the joke this year - nothing special on March 32nd.

Then again, I did see a "red" submission that looks out-of-this-world fake, so maybe we'll see something soon.

someone clearly didn't care to sync his watch (0)

Anonymous Coward | about 7 months ago | (#46628377)

as we can see, he was two minutes early.

I hate slashdot on April fools day (0)

dbIII (701233) | about 7 months ago | (#46628447)

Since part of the world has the date of April 1 we've got a couple of days of trying to tell which stories are bogus and which not.
Please bring back the ponies instead of making us guess.

Well the laundry thought (1)

Chrisq (894406) | about 7 months ago | (#46628685)

Well the laundry thought they may as well make SCORPION STARE self-funding by mining bitcoins. Its fortunate the researchers did not activate the primary function

Synology vulnerability? (3, Informative)

doas777 (1138627) | about 7 months ago | (#46629123)

TFA has very little info on the supposed Synology management interface vulnerability.

I believe this article covers some some of the general info on the vulnerabilities: http://www.symantec.com/connec... [symantec.com]

Pointless? (1)

countach (534280) | about 7 months ago | (#46629457)

At the current bit coin difficulty, I would have thought even a large botnet of conventional CPUs would be pretty pointless.

DVR passwords are often numbers only! (0)

Anonymous Coward | about 7 months ago | (#46630631)

The reason why is the DVR devices often only include buttons on the front for basic playback controls and numbers for selecting which camera to view. Naturally, the numbers are used for the admin/user logins!

It's the same issue with most Samsung DVR's. I have a Samsung DVR (SHR-4000 series). It has an embedded linux on a bootflash disk attached to an IDE interface. Even though there is a PC application (SmartViewer), you can only use numeric passwords. Might as well use 1-2-3-4 folks! Since it has nothing to stop repeated invalid attempts!

I started to notice a ton of UDP 123 (NTP) traffic going to "zero.bora.net". Curiously, this host is in Korea but does not appear to be related to Samsung Electronics. The volume of traffic is very high and is definitely not NTP traffic. I suspect that the DVR is attempting to stream my "video" off my cameras to this host. The traffic is all hashed and not recognized by wireshark as proper NTP traffic.

if you have a Samsung DVR folks, watch your network carefully for "zero.bora.net". Even though I have configured mine to use a local NTP server, it still sends high volume of traffic to that host. (all blocked at my firewall)

Needless to say, I am not buying another Samsung security product.

probably mining an alt coin (1)

markass530 (870112) | about 7 months ago | (#46631827)

impossible to make any cash mining bitcoin this way, probably mining primecoin or one of the other CPU based alt coins

I hear tell... (1)

swschrad (312009) | about 7 months ago | (#46632075)

that if you DVR fishing shows, you spread worms, too

Synology user, got hit with this (0)

Anonymous Coward | about 7 months ago | (#46638777)

I use mine for TV shows and as a VPN (travel a lot) and I got hit with this. I found out when it was slow as a dog, rebooted it, and the services never came up (malware screwed up the boot). SSH worked, and then I found the indications of infection... I was away so I had to ask someone to stop by my house and unplug the power.

Luckily I mostly keep media files on it, and anything sensitive is in an encrypted container.

I'm pissed that Synology knew about these bugs for months and only patched them after they were exploited. I will probably make my own NAS running some flavor of Linux and then just put the Synology as one only available on my local network.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?