Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Physical Security

3/5/2018
11:30 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Icelandic Intrigue: Who Stole 600 Bitcoin Servers?

Police in Iceland are investigating the physical theft of more than 600 servers used to mine Bitcoin and other cryptocurrencies, according to reports.

Police in Iceland are in the middle of an intriguing mystery: Who is behind the theft of 600 different servers used to mine cryptocurrency, including Bitcoin, from several data centers in the tiny island country.

The thefts, according to the Associated Press, were first reported on Friday, March 2, after 11 people were arrested. One of those arrested is a security guard. Law enforcement is, however, still looking for other people in connection with the heist, the AP said.

The break-ins and burglaries themselves appear to date back to December and January, when authorities started investigating, but police kept silent until Friday's court hearing. The servers are worth about $2 million, according to the AP and other reports.

The crime's been dubbed the "Big Bitcoin Heist" in Iceland.

If your Bitcoin mining operation isn't safe in Iceland, where is it safe?\r\n(Source: 12019 via Pixabay)\r\n
If your Bitcoin mining operation isn't safe in Iceland, where is it safe?
\r\n(Source: 12019 via Pixabay)\r\n

"Everything points to this being a highly organized crime," Olafur Helgi Kjartansson, a police commissioner in Iceland, told the AP.

The surging popularity of Bitcoin and other cryptocurrencies coincides with an increase in different types of crimes related to the mining of digital currency. The Icelandic case is unusual since it involved a physical theft, but other types of illegal activities also are on the uptick.

A recent report on Security Now discovered rogue employees are using spare IT equipment and other resources to mine Bitcoins. This can lead to problems ranging from skyrocketing electrical bills to the introduction of malicious software that create backdoors into the network. (See Rogue Employees Mine Cryptocurrency Using Company Hardware.)

One reason Iceland is a haven for cryptocurrency mining is the island's large resources of cheap, renewable energy that help keep servers running 24/7, according to the AP. To help locate more persons of interest, investigators are searching for spikes in electrical use.


The fundamentals of network security are being redefined – don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth annual Big Communications Event. There's still time to register and communications service providers get in free!

The reason for these thefts is apparent: the volatile nature of cryptocurrency and the loose regulations surrounding this marketplace. At the end of 2017, Bitcoin was trading for about $20,000, although it has fallen since then (on the morning of Monday, March 5, it was trading at about $11,500). If the Bit Bitcoin Heist organizers get all 600 high-powered servers running, they could mine hundreds or thousands of cryptocurrencies.

In addition to the illegal mining of Bitcoins by rogue employees, cyberthieves increasingly demand ransom and other payments in cryptocurrency, creating what one security expert dubbed the new "Wild West" of cybersecurity. (See Cryptocurrency Crime: The Internet's New Wild West.)

And in some cases, cybercriminals create man-in-the-middle schemes to divert Bitcoin payments meant to pay off a different criminal group as part of a ransomware scheme. In one case, the victim attempted to pay off one group seeking ransomware only to have the Bitcoin settlement diverted to another group of criminals -- and the victim's data was never restored, security firm Proofpoint observed. (See Ransomware Shows There's no Honor Among Cyberthieves.)

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-22703
PUBLISHED: 2022-01-17
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.
CVE-2021-42357
PUBLISHED: 2022-01-17
When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be pr...
CVE-2022-0242
PUBLISHED: 2022-01-17
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
CVE-2021-38965
PUBLISHED: 2022-01-17
IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346.
CVE-2021-33040
PUBLISHED: 2022-01-17
managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.