Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Physical Security

3/5/2018
11:30 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Icelandic Intrigue: Who Stole 600 Bitcoin Servers?

Police in Iceland are investigating the physical theft of more than 600 servers used to mine Bitcoin and other cryptocurrencies, according to reports.

Police in Iceland are in the middle of an intriguing mystery: Who is behind the theft of 600 different servers used to mine cryptocurrency, including Bitcoin, from several data centers in the tiny island country.

The thefts, according to the Associated Press, were first reported on Friday, March 2, after 11 people were arrested. One of those arrested is a security guard. Law enforcement is, however, still looking for other people in connection with the heist, the AP said.

The break-ins and burglaries themselves appear to date back to December and January, when authorities started investigating, but police kept silent until Friday's court hearing. The servers are worth about $2 million, according to the AP and other reports.

The crime's been dubbed the "Big Bitcoin Heist" in Iceland.

If your Bitcoin mining operation isn't safe in Iceland, where is it safe?\r\n(Source: 12019 via Pixabay)\r\n
If your Bitcoin mining operation isn't safe in Iceland, where is it safe?
\r\n(Source: 12019 via Pixabay)\r\n

"Everything points to this being a highly organized crime," Olafur Helgi Kjartansson, a police commissioner in Iceland, told the AP.

The surging popularity of Bitcoin and other cryptocurrencies coincides with an increase in different types of crimes related to the mining of digital currency. The Icelandic case is unusual since it involved a physical theft, but other types of illegal activities also are on the uptick.

A recent report on Security Now discovered rogue employees are using spare IT equipment and other resources to mine Bitcoins. This can lead to problems ranging from skyrocketing electrical bills to the introduction of malicious software that create backdoors into the network. (See Rogue Employees Mine Cryptocurrency Using Company Hardware.)

One reason Iceland is a haven for cryptocurrency mining is the island's large resources of cheap, renewable energy that help keep servers running 24/7, according to the AP. To help locate more persons of interest, investigators are searching for spikes in electrical use.


The fundamentals of network security are being redefined – don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth annual Big Communications Event. There's still time to register and communications service providers get in free!

The reason for these thefts is apparent: the volatile nature of cryptocurrency and the loose regulations surrounding this marketplace. At the end of 2017, Bitcoin was trading for about $20,000, although it has fallen since then (on the morning of Monday, March 5, it was trading at about $11,500). If the Bit Bitcoin Heist organizers get all 600 high-powered servers running, they could mine hundreds or thousands of cryptocurrencies.

In addition to the illegal mining of Bitcoins by rogue employees, cyberthieves increasingly demand ransom and other payments in cryptocurrency, creating what one security expert dubbed the new "Wild West" of cybersecurity. (See Cryptocurrency Crime: The Internet's New Wild West.)

And in some cases, cybercriminals create man-in-the-middle schemes to divert Bitcoin payments meant to pay off a different criminal group as part of a ransomware scheme. In one case, the victim attempted to pay off one group seeking ransomware only to have the Bitcoin settlement diverted to another group of criminals -- and the victim's data was never restored, security firm Proofpoint observed. (See Ransomware Shows There's no Honor Among Cyberthieves.)

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-4020
PUBLISHED: 2021-11-27
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23654
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
CVE-2021-43785
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...
CVE-2021-43776
PUBLISHED: 2021-11-26
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other se...
CVE-2021-41243
PUBLISHED: 2021-11-26
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be add...