Hacker Amasses $620,000 in Dogecoin
If Dogecoin is still a joke, it might just be the best joke on the Internet. At first, the cryptocurrency seemed like nothing but a silly meme taken to its logical extreme, but one hacker discovered a way to install an illicit coin-mining operation on network-attached storage (NAS) devices, netting him more than $600,000 in Dogecoin.
Pat Litke and David Shear, two security researchers at Dell, wrote a blog post explaining how they discovered the scheme. Users who purchased Synology products, a brand of easy-to-use, relatively inexpensive Taiwanese NAS devices popular with small-office and home-office users, complained of slow performance and excessive heat.
Tracking these oddities to their source, users discovered a folder on the NAS devices called, appropriately enough, PWNED. This folder was up to its cold, wet snout with Dogecoin-mining malware.
MORE: What Is Bitcoin?
For those who are not familiar with Dogecoin, it is a form of anonymous online currency whose value fluctuates depending on how many people use it. It is much less valuable than its Bitcoin big brother, partially because it is much newer, and partially because it was meant as something of a joke. (The titular Doge is an Internet meme in which a Shiba Inu, a breed of Japanese dog, eyeballs the user and makes grammatically ridiculous statements.)
Like Bitcoin, new units of Dogecoin must be "mined" by computers that work to solve complex mathematical processes, and malicious hackers have developed ways of hijacking other people's computers to do the grunt work, thereby fattening their own digital wallets.
"To date, this incident is the single most profitable illegitimate mining operation," the Dell researchers noted.
By the time Synology and its users got wise to the scheme, the damage had already been done. The hacker who infected the NAS devices with malware had already racked up more than 500 million Dogecoins, or approximately $620,496. (This number will vary, as Dogecoin's value is not constant.)
The infected systems mined Dogecoin for the malefactor between September 2013 and April 2014, with the majority of the coins generated in January and February.
As for who's behind it, the Dell researchers had only an educated guess. The malware's code hinted at an actor named Folio, who has some history in the world of designing exploits and malware. Folio is likely German-speaking, suggesting that this is not the work of an Eastern European criminal syndicate.
However Folio did it, infecting NAS devices with malware is a clever way to mine digital currency, even if the devices are relatively low-powered, because users tend to ignore them after initial setup. The devices simply run in the background as repositories for shared files.
Coin-mining malware initially targeted high-end gaming machines that had powerful graphics-processing cards, but such schemes were quickly discovered as the cards overheated. Malicious coin miners have since turned to targeting lower-end computers and even smartphones, none of which can do much mining on its own, but whose efforts can be joined with those of other hijacked devices in an Internet-based coin-mining workgroup.
NAS devices would not seem to be an obvious target for coin-mining malware. They look like regular enclosures for multiple hard drives, but include network ports and specialized software so that multiple computers on the same local network — or on the Internet — can quickly access files stored on the drives.
The Dell researchers found that each infected Synology device had its own Web address. Folio apparently used those connections to attack the devices and exploits vulnerabilities in their Linux-based operating systems, which were patched in February.
Follow Marshall Honorof @marshallhonorof and on Google+. Follow us @tomsguide, on Facebook and on Google+.
Copyright 2014 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
