Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Physical Security

// // //
3/5/2018
11:30 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now

Icelandic Intrigue: Who Stole 600 Bitcoin Servers?

Police in Iceland are investigating the physical theft of more than 600 servers used to mine Bitcoin and other cryptocurrencies, according to reports.

Police in Iceland are in the middle of an intriguing mystery: Who is behind the theft of 600 different servers used to mine cryptocurrency, including Bitcoin, from several data centers in the tiny island country.

The thefts, according to the Associated Press, were first reported on Friday, March 2, after 11 people were arrested. One of those arrested is a security guard. Law enforcement is, however, still looking for other people in connection with the heist, the AP said.

The break-ins and burglaries themselves appear to date back to December and January, when authorities started investigating, but police kept silent until Friday's court hearing. The servers are worth about $2 million, according to the AP and other reports.

The crime's been dubbed the "Big Bitcoin Heist" in Iceland.

If your Bitcoin mining operation isn't safe in Iceland, where is it safe?\r\n(Source: 12019 via Pixabay)\r\n
If your Bitcoin mining operation isn't safe in Iceland, where is it safe?
\r\n(Source: 12019 via Pixabay)\r\n

"Everything points to this being a highly organized crime," Olafur Helgi Kjartansson, a police commissioner in Iceland, told the AP.

The surging popularity of Bitcoin and other cryptocurrencies coincides with an increase in different types of crimes related to the mining of digital currency. The Icelandic case is unusual since it involved a physical theft, but other types of illegal activities also are on the uptick.

A recent report on Security Now discovered rogue employees are using spare IT equipment and other resources to mine Bitcoins. This can lead to problems ranging from skyrocketing electrical bills to the introduction of malicious software that create backdoors into the network. (See Rogue Employees Mine Cryptocurrency Using Company Hardware.)

One reason Iceland is a haven for cryptocurrency mining is the island's large resources of cheap, renewable energy that help keep servers running 24/7, according to the AP. To help locate more persons of interest, investigators are searching for spikes in electrical use.


The fundamentals of network security are being redefined – don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth annual Big Communications Event. There's still time to register and communications service providers get in free!

The reason for these thefts is apparent: the volatile nature of cryptocurrency and the loose regulations surrounding this marketplace. At the end of 2017, Bitcoin was trading for about $20,000, although it has fallen since then (on the morning of Monday, March 5, it was trading at about $11,500). If the Bit Bitcoin Heist organizers get all 600 high-powered servers running, they could mine hundreds or thousands of cryptocurrencies.

In addition to the illegal mining of Bitcoins by rogue employees, cyberthieves increasingly demand ransom and other payments in cryptocurrency, creating what one security expert dubbed the new "Wild West" of cybersecurity. (See Cryptocurrency Crime: The Internet's New Wild West.)

And in some cases, cybercriminals create man-in-the-middle schemes to divert Bitcoin payments meant to pay off a different criminal group as part of a ransomware scheme. In one case, the victim attempted to pay off one group seeking ransomware only to have the Bitcoin settlement diverted to another group of criminals -- and the victim's data was never restored, security firm Proofpoint observed. (See Ransomware Shows There's no Honor Among Cyberthieves.)

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42247
PUBLISHED: 2022-10-03
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
CVE-2022-41443
PUBLISHED: 2022-10-03
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
CVE-2022-33882
PUBLISHED: 2022-10-03
Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.
CVE-2022-42306
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
CVE-2022-42307
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.