Dell sounds alarm over network-hijacking cryptocurrency thefts
Researchers from Dell SecureWorks share details of a recent run of cryptocurrency thefts

A series of attacks against ISPs between February and May 2014 allowed an unknown assailant to siphon off more than $83,000 from legitimate cryptocurrency miners.
The perpetrator is thought to have compromised 51 networks belonging to 19 ISPS in order to redirect connections to the assailant's own mining pool to make a profit.
The attacks were picked up by the Dell SecureWorks Counter Threat Unit (CTU), and discussed at length during the Black Hat hackers conference in Las Vegas today.
The organisation said reports from people who had their connections hijacked began to emerge from 22 March 2014, with many disgruntled miners taking to online user forums to complain.
However, CTU's research also suggests the person responsible made some abortive attempts to carry out their deception in February too.
Speaking to IT Pro, Joe Stewart, director of malware research at Dell SecureWorks, explained: "We started to notice in the forums some people talking about some hijacking of cryptocurrency mining pools and people observed they were mining with the pool one day, and suddenly it switched to an IP address they didn't recognised, meaning they had been hijacked somehow."
Stewart decided to examine the set-up of his own cryptocurrency mining pools in response, and realised his own mining pool had been plundered too, prompting him to embark on an investigation.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Now this attack has come to light, the researchers are hopeful the mining community will know the warning signs to look for should another unscrupulous sort try something similar.
"The success of this attack was partly due to it being a new threat to [the cryptocurrency mining community] and now that it's been executed, it will be much more difficult for someone else to pull it off again," Pat Litke, CTU researcher at Dell SecureWorks told IT Pro.
"In this instance, the actor could have been much more successful with a little more planning... in the future I personally would be surprised to see more successful attacks of this nature simply because people are looking for them."
At present, the person responsible for the attacks is still unknown, although their activities have been traced to a single router at an ISP in Canada.
Based on this information, the CTU researchers have narrowed the list of potential suspects down to a rogue ISP employee or a malicious hacker.
"This kind of activity can happen at any time to any network, if you have a rogue operator at the ISP who has access to some of these routers," he said.
"This person abused their access to mine cryptocurrency but certainly he could use potential access to re-route someone else's network traffic for a short time in order to gain some sort of intelligence about them.
"You wouldn't want to do this long-term because people do notice their traffic isn't flowing where it should and it introduces latency," Stewart added.
The researchers alerted the ISP closest to the site where malicious activity was detected on 9 May, and it stopped three days later and. At the time of publication the attack had not resumed.
-
Blackouts in Spain and Portugal could be a cyber attack
Both countries are "paralyzed" by nationwide power outages
By Jane McCallion
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
By Jane McCallion
-
IMF urges El Salvador to remove Bitcoin as legal tender
News The country sought a $1.3 billion loan from the IMF last year, although this has been reportedly hindered by the fund’s Bitcoin concerns
By Zach Marzouk
-
Cryptocurrency: Should you invest?
In-depth Cryptocurrencies aren’t going away – but big questions remain over their longevity, the amount of energy they consume and the morals of investing
By James O'Malley
-
IT Pro News in Review: Record profits in tech, hackers turn to new languages for malware, Amazon's Bitcoin plans
Video Catch up on the most important news of the week in just two minutes
By ITPro
-
El Salvador offers its citizens free Bitcoin
News Bukele doubles down on crypto commitment with a giveaway
By Danny Bradbury
-
Square and Blockstream to build a solar Bitcoin mining facility
News Solar mining plant will aim to temper concerns of power consumption from Bitcoin mining
By Danny Bradbury
-
What are altcoins and how do they work?
In-depth The alternatives to Bitcoin explained
By Rene Millman
-
Steve Wozniak sues YouTube over Bitcoin scam videos
News Lawsuit claims YouTube is aware of the Bitcoin giveaway scams but hasn’t taken videos down
By Sarah Brennan
-
Bitcoin scam exposes the personal details of 250,000 people
News The UK and Australia represent approximately 93% of users hit by the crypto-scam
By Tyler Omoth