Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Physical Security

// // //
3/5/2018
11:30 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now

Icelandic Intrigue: Who Stole 600 Bitcoin Servers?

Police in Iceland are investigating the physical theft of more than 600 servers used to mine Bitcoin and other cryptocurrencies, according to reports.

Police in Iceland are in the middle of an intriguing mystery: Who is behind the theft of 600 different servers used to mine cryptocurrency, including Bitcoin, from several data centers in the tiny island country.

The thefts, according to the Associated Press, were first reported on Friday, March 2, after 11 people were arrested. One of those arrested is a security guard. Law enforcement is, however, still looking for other people in connection with the heist, the AP said.

The break-ins and burglaries themselves appear to date back to December and January, when authorities started investigating, but police kept silent until Friday's court hearing. The servers are worth about $2 million, according to the AP and other reports.

The crime's been dubbed the "Big Bitcoin Heist" in Iceland.

If your Bitcoin mining operation isn't safe in Iceland, where is it safe?\r\n(Source: 12019 via Pixabay)\r\n
If your Bitcoin mining operation isn't safe in Iceland, where is it safe?
\r\n(Source: 12019 via Pixabay)\r\n

"Everything points to this being a highly organized crime," Olafur Helgi Kjartansson, a police commissioner in Iceland, told the AP.

The surging popularity of Bitcoin and other cryptocurrencies coincides with an increase in different types of crimes related to the mining of digital currency. The Icelandic case is unusual since it involved a physical theft, but other types of illegal activities also are on the uptick.

A recent report on Security Now discovered rogue employees are using spare IT equipment and other resources to mine Bitcoins. This can lead to problems ranging from skyrocketing electrical bills to the introduction of malicious software that create backdoors into the network. (See Rogue Employees Mine Cryptocurrency Using Company Hardware.)

One reason Iceland is a haven for cryptocurrency mining is the island's large resources of cheap, renewable energy that help keep servers running 24/7, according to the AP. To help locate more persons of interest, investigators are searching for spikes in electrical use.


The fundamentals of network security are being redefined – don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth annual Big Communications Event. There's still time to register and communications service providers get in free!

The reason for these thefts is apparent: the volatile nature of cryptocurrency and the loose regulations surrounding this marketplace. At the end of 2017, Bitcoin was trading for about $20,000, although it has fallen since then (on the morning of Monday, March 5, it was trading at about $11,500). If the Bit Bitcoin Heist organizers get all 600 high-powered servers running, they could mine hundreds or thousands of cryptocurrencies.

In addition to the illegal mining of Bitcoins by rogue employees, cyberthieves increasingly demand ransom and other payments in cryptocurrency, creating what one security expert dubbed the new "Wild West" of cybersecurity. (See Cryptocurrency Crime: The Internet's New Wild West.)

And in some cases, cybercriminals create man-in-the-middle schemes to divert Bitcoin payments meant to pay off a different criminal group as part of a ransomware scheme. In one case, the victim attempted to pay off one group seeking ransomware only to have the Bitcoin settlement diverted to another group of criminals -- and the victim's data was never restored, security firm Proofpoint observed. (See Ransomware Shows There's no Honor Among Cyberthieves.)

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-43705
PUBLISHED: 2022-11-27
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
CVE-2022-45934
PUBLISHED: 2022-11-27
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45931
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
CVE-2022-45932
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
CVE-2022-45933
PUBLISHED: 2022-11-27
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side proj...