Slashdot Mirror

← Back to Stories (view on slashdot.org)

DVRs Used To Attack Synology Disk Stations and Mine Bitcoin

Posted by Unknown on from the dvr-burned-the-house-down dept.

UnderAttack (311872) writes "The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device."

75 comments

  1. Why is anyone surprised... by TWX · · Score: 4, Insightful

    ...by this?

    I'm more surprised that we haven't seen reports of infected DVD and Blu-ray players whose only purpose is to seek out more powerful devices (PCs, smartphones) on peoples' networks to compromise and turn into bitcoin zombies. After all, it only takes a few people to come up with the exploits in the first place, and then 5kr1p7 k1dd13s can use the tools others have created.

    --
    Do not look into laser with remaining eye.
    1. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      I keep imagining Kevin Spacey as Lex Luthor going...."BILLIONS, once again you underestimate me!" when this happens.

    2. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      I'm surprised because even if ever single one of these devices were dedicated to mining, due to the wimpy CPU in them, the virus authors might manage to make a few pennies, tops.

    3. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      They didn't teach you multiplication in school?

    4. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      That is after a few hundred million of them they might make some money. It takes a gigahash/s to actually mint enough coins to buy a chocolate bar nowadays. I'd say these things should clock in somewhere in the low kilohash/s range.

      Do you think they made a few hundred million of these camera boxes? That would put them somewhere in the range of a few per person in the developed world. I know I don't have any at home. :P

    5. Re:Why is anyone surprised... by Cramer · · Score: 1

      Obviously, you didn't learn much there yourself? 25MHz * ??? = 2.5GHz and that would be one core of a modern CPU. (the answer is 100 by the way.) [Security DVRs are some of the least powerful hardware around. We aren't talking about a current gen Tivo Romio -- which is still a bad choice for mining.]

    6. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      due to the wimpy CPU in them, the virus authors might manage to make a few pennies, tops.

      yeah .. looks like someone got some brains out here .. fucking bitcoin monkeys will make news of mining exploits on a watch .. I'm sick of this bitcoin hype .. IT's stupid to start with because It's not anonymous , It starts an arms race and 90% of the people involved are RETARDS . have fun RETARDS.. phew .. what "money" can do .. turdcoin

    7. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      Let's see if they taught you multiplication in school: How many infected systems of this type would it take to mine any significant amount of bitcoins?

    8. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      >25MHz * ??? = 2.5GHz and that would be one core of a modern CPU

      Holy fuck, my eyes are bleeding from reading that. Megahurtz do not work that way, kid, even if bitcoin is perfectly parallelizable.

    9. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      and Synology devices run ... LINUX.

      Hello folks, I think the 'virus free' honeymoon is over.

    10. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it, writes SecurityFocus columnist Scott Granneman.

    11. Re:Why is anyone surprised... by fuzzyfuzzyfungus · · Score: 3, Insightful

      ...by this? I'm more surprised that we haven't seen reports of infected DVD and Blu-ray players whose only purpose is to seek out more powerful devices (PCs, smartphones) on peoples' networks to compromise and turn into bitcoin zombies. After all, it only takes a few people to come up with the exploits in the first place, and then 5kr1p7 k1dd13s can use the tools others have created.

      The main surprise is just that it's worth the trouble. Synology's high end has a few systems built around notably undistinguished Xeons(more for ECC support than anything else, they don't use very speedy ones); but if this attack is built for ARM, you are talking the relative cheap seats. Probably kilohashes to low megahashes per second, depending on how much capacity you reserve for the intended function of the device.

      Even free-as-in-stolen, you're telling me that the best use somebody can think of for a botnet of network attached storage devices is generating maybe as many hashes as one of those cheapo USB-stick ASICs, rather than, say, basking in juicy private data and massive stolen storage space?

    12. Re:Why is anyone surprised... by fuzzyfuzzyfungus · · Score: 4, Insightful

      If memory serves, most of Synology's non-intel NASes are Marvell based. Marvell's fastest device, in terms of general compute, is the MV78460. 4 cores, ARMv7, up to 1.6GHz. As documented here most Synology NASes ship with something slower than that.

      For reference, a 1.6GHz 'Kirkwood' Marvell core is good for slightly under .2 meghashes/s. About half as fast as an Atom CPU, less than 1/4000th as fast as an AMD7970, and just plain embarassing compared to the ASICs that do most of the work these days. With devices that run on USB power alone pulling north of 1gighash/s, you could probably own every Synology ARM NAS in the first world and barely pay yourself for your time.

    13. Re:Why is anyone surprised... by Neil+Boekend · · Score: 2

      Maybe they also installed a bitcoin botnet to cover up their real "work".

      --
      Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
    14. Re:Why is anyone surprised... by fuzzyfuzzyfungus · · Score: 2

      and Synology devices run ... LINUX.

      Hello folks, I think the 'virus free' honeymoon is over.

      Maybe I'm just pessimistic; but I thought it had been a truism for some years that embedded linux, especially in the cheap seats, was a total clusterfuck: firmware never getting released at all, firmware getting released with exploits that were known before it was even built, loads of shoddy little hacks to get the product out the door, and so on.

    15. Re:Why is anyone surprised... by dbIII · · Score: 1

      you're telling me that the best use somebody can think of for a botnet of network attached storage devices

      If criminals were bright enough to think of those other applications they would probably be able to think of the consequences if they get caught.
      Unless you are already doing it how many people would have a clue where to fence stolen credit card numbers let alone any other "juicy private data".
      With bittorrent etc I don't know it "massive stolen storage space" has any value.

      Last word - what the fuck are people doing letting cheap and nasty NAS drives be routable from out on the internet? It's not as if a VPN is hard these days and it's not as if even a $30 piece of gear can keep the nasties out in it's default configuration. These things are only likely to be exposed if somebody fucks up.

    16. Re:Why is anyone surprised... by fuzzyfuzzyfungus · · Score: 1

      'Cheap and nasty' = 'purchased and installed by amateurs trying to save money'. Down that path lies nothing good. Extra demerits are, of course, awarded to any vendor whose shitty 'cloud monitoring' service uPnPs like a madman trying to punch through whatever feeble pretense of security your equally crap router might have provided in order to be 'user friendly' and allow you to watch your house be burglarized from your smartphone or whatnot.

    17. Re:Why is anyone surprised... by SpzToid · · Score: 1

      As an alternative to Synology, how about FreeNAS running on an ITX platform:

      http://www.ixsystems.com/stora...

      Because the software is better supported via the FreeNAS community?

      --
      You can't be ahead of the curve, if you're stuck in a loop.
    18. Re:Why is anyone surprised... by dbIII · · Score: 1

      any vendor whose shitty 'cloud monitoring' service

      Ah - that's the truly special level of stupidity I had not considered.

    19. Re:Why is anyone surprised... by Anonymous Coward · · Score: 1

      This is logical, I can completely see this —why not throw a bitcoin miner in there for fun? At worst, you earn nothing on top of what you're really up to.

    20. Re:Why is anyone surprised... by Anonymous Coward · · Score: 3, Informative

      For even more perspective: The current hash rate on the Bitcoin network is about 40,000,000 gigahashes per second. With 0.2 megahashes per second, you can expect to earn 3600*0.2/40,000,000,000 Bitcoins per day. That's 0.000000018 Bitcoins (or about two Satoshis) per day. At that rate, it would take 380 years to earn a dollar.

    21. Re:Why is anyone surprised... by gl4ss · · Score: 1

      the cheap and nasty nas drive isn't visible to internet but has access to internet.. that's a quite common setup. but the dvr's themselves are connected to the internet(so that their owners can see the video feeds on their ipads...).

      --
      world was created 5 seconds before this post as it is.
    22. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      Linux with a default pasword of 1234. It's not a hack...

    23. Re:Why is anyone surprised... by coastwalker · · Score: 1

      Completely agree, the bitcoin miner is just the headline. The rest of it is to scan the contents of the NAS, I wonder which government owns them?

      --
      Facts are history now plebs have politics for religion on social media.
    24. Re:Why is anyone surprised... by Lumpy · · Score: 1

      Because only complete and utter morons put their DVD player directly on the internet. While a security DVR is required to be in the internet or accessible via the internet for remote viewing.

      It's why I simply point and laugh at the fools that all herald ipv6 where they can have a public IP for every device. Only idiots want that, those of us that are sane only want public facing IP for the devices that need it.

      --
      Do not look at laser with remaining good eye.
    25. Re:Why is anyone surprised... by AmiMoJo · · Score: 2

      This suggests that this malware has been around for a long time, dating from back when it was worth mining Bitcoins with a low end CPU. Three or four years maybe.

      We can hope that Bitcoin mining was just a module someone added to it, or was in there from way-back-when and the malware has slowly evolved and added new infection vectors that were only recently discovered. Otherwise it must have been floating around undetected for years, and in the early days might have actually generated some cash.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    26. Re:Why is anyone surprised... by Anonymous Coward · · Score: 1

      >> Because only complete and utter morons put their DVD player directly on the internet

      Welcome to DVD player.

      Choose WIFI network. [click]

      Input WIFI password [click]

      Thank you, enjoy.

    27. Re:Why is anyone surprised... by cusco · · Score: 1

      And pretty much every single process running as root. On a lot of dedicated security DVRs, especially the cheap ones, root is the only user too. If you wanted to see a true clusterfuck of Linux programming just needed take one of the GE brand security DVRs out of the box. Now that they've sold their security products to United Technologies the situation has supposedly improved, but I have my doubts.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    28. Re:Why is anyone surprised... by cusco · · Score: 1

      I work in the security industry, and you would be absolutely shocked at some of the work being done out there. The residential and retail markets are absolutely the worst, since there's no money to be made there unless you're pumping out dozens of slipshod installations per week per installer. For most of those guys their level of technical expertise is that they can find porn and Facebook on the Internet.

      a security DVR is required to be in the internet or accessible

      Huh? Not just 'NO' but 'NO FUCKING WAY NO'. Even most of the iToys have a VPN client, there is absolutely no reason to put any security device on the Internet for any reason (except maybe as a honeypot).

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    29. Re:Why is anyone surprised... by K.+S.+Kyosuke · · Score: 2

      Even the best doors and locks won't protect the idiot who leaves them wide open.

      --
      Ezekiel 23:20
    30. Re:Why is anyone surprised... by Pope · · Score: 4, Informative

      Synology's firmware is updated p. regularly in my few month's experience of owning a DiskStation.

      --
      It doesn't mean much now, it's built for the future.
    31. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      I hacked mine to open up my luggage for me.

    32. Re:Why is anyone surprised... by Zero__Kelvin · · Score: 2

      This has absolutely nothing at all to do with viruses. Cracking in to a system that has a weak password has quite literally nothing to do with the security of the OS, and everything to do with the lack of security as implemented by the consumer.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    33. Re:Why is anyone surprised... by tlhIngan · · Score: 1

      This suggests that this malware has been around for a long time, dating from back when it was worth mining Bitcoins with a low end CPU. Three or four years maybe.

      Uh, why is CPU mining pointless today? Because the returns are so low?

      Yes, the returns are very low. However, they're non-zero. So if you can find a pile of computing devices that you can use for FREE, even if you only earn 0.001 BTC a day, that's still a positive ROI for you.

      Now couple that with millions of PCs, routers, DVRs, etc., and suddenly 0.001 BTC per day per device on average is not too shabby anymore. Even 0.000001 BTC still makes it worthwhile.

      Remember, the cost of the equipment, electricity, etc is FREE to the miner.

      Hell, there are plugins to Unity (the game engine) that does Bitcoin mining for developers to release free-to-play games, as well. (Presumably for both computers and mobile devices, so no, the game is not heating the CPU because its got awesome graphics and play, but because it's mining behind your back).

      The ROI of CPU mining is high when the I is low

    34. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      Are you familiar with the difference between pooled mining and solo mining? Even one block reward payout would be worth the effort if you were solo mining and "got lucky".

    35. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      when we do takeovers its not that uncommon to find that these things have been turned into cp/warez ftp servers.

    36. Re:Why is anyone surprised... by Anonymous Coward · · Score: 0

      Security people are typically far too stupid to understand what VPN is. 99.97% of all security DVR's are on the internet, just freaking google any keywords from common DVR start pages and you will find thousands of hits.

      Plus every single place that has the things, like gas stations and stores, are ran by drooling morons that will never pay for a "VPN" thingy.

  2. Editor? by Anonymous Coward · · Score: 0
    Grammar.

    Not for Slashdot.

  3. Obligatory... . by Anonymous Coward · · Score: 0

    I've got the same combination on my luggage!

  4. I hate April fools on the internet. by Anonymous Coward · · Score: 0, Troll

    I hate April fools on the internet... April fools only works in person, it is just dumb and possibly dangerous on the internet.

    1. Re:I hate April fools on the internet. by nbetcher · · Score: 3, Informative

      Unfortunately this does not appear to be a case of April fools. Somehow I wish it were.

    2. Re:I hate April fools on the internet. by exomondo · · Score: 1

      I hate April fools on the internet... April fools only works in person, it is just dumb and possibly dangerous on the internet.

      Posted by Unknown Lamer on Monday March 31, 2014 @11:58PM

    3. Re:I hate April fools on the internet. by evilviper · · Score: 1

      Posted by Unknown Lamer on Monday March 31, 2014 @11:58PM

      The date/time you see on the story depends on your timezone. Yet it doesn't put everyone else into a time-warp where it's not April 1st for them...

      This story absolutely was posted on April 1st, /. local time, as evidenced by the date embedded in the link to it:

      http://it.slashdot.org/story/1...

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  5. next hack all of the dish, directv, and cable ones by Anonymous Coward · · Score: 0

    next hack all of the dish, directv, and cable ones and make HBO free and with no HDCP.

  6. I'm confused by viperidaenz · · Score: 2

    Interestingly, all of this malware is compiled for ARM CPUs

    How else does malware running on ARM based systems work?

    1. Re:I'm confused by fuzzyfuzzyfungus · · Score: 1

      It's JVMs all the way down. Except for the one that's actually Dalvik and willing to go head-to-head with Oracle to prove it.

  7. Much better this year by AuMatar · · Score: 5, Funny

    This april fools is believable.

    --
    I still have more fans than freaks. WTF is wrong with you people?
  8. espresso machines by Anonymous Coward · · Score: 0

    are you sure espresso machines are not being used for same purposes? mine seem to be running out of coffee every 3 cups or so

  9. Worth by Anonymous Coward · · Score: 0

    Even though these people aren't paying for the power these devices use, I really doubt that there is any worth doing this. Even with thousands of them, could you mine a single block chain on an ARM processor when the network is overruled with FGA devices?

    1. Re:Worth by fuzzyfuzzyfungus · · Score: 1

      I don't have an exact answer, Synology ARM devices vary, though mostly Marvell based; but for reference the 'Sheevaplug', based on a slightly obsolete Marvell storage processor, is quoted to be good for about .2 megahashes/second. I don't keep up with bitcoin difficulties, just don't care that much; but with USB-stick ASIC devices claiming 1 gigahash/second and greater, you'd need to own a mind-boggling number of these things to make it worth the time.

      It's doubly weird because NASes probably have some neat stuff stashed on them, and would also be natural hosts for some sort of 'super-sleazy-CDN' type project, which would be equally illicit but might actually be worth more than a lukewarm cup of instant coffee.

  10. April 1st by Anonymous Coward · · Score: 0

    Glad this made it in before April 1st.

  11. Counterfeit by Oligonicella · · Score: 1, Interesting

    These should be considered counterfeit. True, they are probably good bitcoins in the accuracy department, but by no stretch of the imagination could they be considered legitimately mined. Is there a mechanism built into the bitcoin structure that allows for this and voids the coins?

    1. Re:Counterfeit by Anonymous Coward · · Score: 1

      There is not, unless 51% of the network refuses to continue work on any chain containing a transaction that spent these balances.

      Bitcoin was designed this way with no central control because many in the community see the ability for others to arbitrarily decide someone's money is worthless to be a bug, not a feature.

    2. Re:Counterfeit by fuzzyfuzzyfungus · · Score: 2

      Trying to determine whether a series of hashing operations resulting in a mathematically valid bitcoin is like trying to determine whether or not a file is copyright-infringing by examining it with a hex editor.

      Sure, I'd cry approximately -6 tears if the person behind this were to be caught and hauled off, and if he actually managed to mine anything(which would surprise me) I'd have no problem with the notion of his being forced to disburse the minings to his victims; but attempting to determine, from the results of a calculation, whether that calculation was conducted on a CPU not owned by the person who instructed the calculation to be performed is practically a category error. It just doesn't make sense.

      If you have outside knowledge(like the arrest and conviction of the cracker), you can make inferences from that(and also use that as a basis for forcing him to disgorge the ill-gotten gains); but absent such additional information, a mathematical operation is what it is, there is no 'licitness' metadata.

    3. Re:Counterfeit by rtb61 · · Score: 2

      Of course we all know of a security agency that just positively loves video feeds for it's extortion program anything else just a cover. The interesting part of the story, how honeypots are much better at establishing internet security than engaging in global criminal activity, of course one is about law and order and the other is about criminal extortion with a political basis.

      --
      Chaos - everything, everywhere, everywhen
  12. But did you not already know that this is the word by Anonymous Coward · · Score: 0

    The word? The word is weebles wobble but they do not, I repeat, do not, fall down. You heard the word right. Weebles do wobble, yes, but they do not - that's right, do not - fall down.

    hardyharhar but of course weebles fall down you foo you. No gosub and multiply.

  13. OT: Where's my pink ponies? by Anonymous Coward · · Score: 0

    It's 90 minutes into April USA time and still no OMGPONIES!!!!!

    Maybe that's the joke this year - nothing special on March 32nd.

    Then again, I did see a "red" submission that looks out-of-this-world fake, so maybe we'll see something soon.

  14. management fools by dltaylor · · Score: 1

    But when you've actually been asked by management whether you've implemented RFC 3514 (the "Evil Bit"), how can the Internet NOT be better?

  15. someone clearly didn't care to sync his watch by Anonymous Coward · · Score: 0

    as we can see, he was two minutes early.

  16. Re:But did you not already know that this is the w by JustOK · · Score: 1

    Bird is the word

    --
    rewriting history since 2109
  17. I hate slashdot on April fools day by dbIII · · Score: 0

    Since part of the world has the date of April 1 we've got a couple of days of trying to tell which stories are bogus and which not.
    Please bring back the ponies instead of making us guess.

  18. Well the laundry thought by Chrisq · · Score: 1

    Well the laundry thought they may as well make SCORPION STARE self-funding by mining bitcoins. Its fortunate the researchers did not activate the primary function

  19. Synology vulnerability? by doas777 · · Score: 3, Informative

    TFA has very little info on the supposed Synology management interface vulnerability.

    I believe this article covers some some of the general info on the vulnerabilities: http://www.symantec.com/connec...

  20. "Bitcoin": Error in reporting? by DrYak · · Score: 3, Informative

    That might also be an error in reporting: TFA's Author might have written "bitcoin mining" (for lack of understanding the whole alt-coin ecosystem) when it would be best described as "cryptocurrency miner".
    The last few article on /. mentioning mining malware, all said "bitcoin mining" when careful reading showed up that in fact the malware didn't mine bitcoins but another cryptocurrency better suited for CPU (one of the latest I remember was PTShares).
    Reporter just say "bitcoin mining" because that's the only thing they know and they vaguely remember that creating bitcoins was something CPU intensive.

    The black-hats creating sophisticated malware (a worm, infecting vulnerable connected DVR, so they in turn can attack Synology NAS and launch mining software) aren't probably stupid enough to mine bitcoin, they probably know better, and the miner is for whatever is the current most CPU-worthy (i.e.: non SHA-256^2 baesd) cryptocurrency-coin.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  21. Probably *NOT* bitcoins by DrYak · · Score: 1

    As I've mentionned above, it's probably NOT bitcoins being mined.
    The last few article on /. mentioning mining malware, all said "bitcoin mining" when careful reading showed up that in fact the malware didn't mine bitcoins but another cryptocurrency better suited for CPU (one of the latest I remember was PTShares).
    Reporter just say "bitcoin mining" because that's the only thing they know and they vaguely remember that creating bitcoins was something CPU intensive.

    If the black-hats are smart enough to think this contrived way to infect the synology (infect first the "always on internet" DVR and only then, once you're on the other side of the firewall, start scanning the home intra-net for NAS hidden behind the firewall), perhaps they are also able to pick a CpU worthy (ie.: not SHA-256^2 based) cryptocurrency coin.

    Even free-as-in-stolen, you're telling me that the best use somebody can think of for a botnet of network attached storage devices is generating maybe as many hashes as one of those cheapo USB-stick ASICs, rather than, say, basking in juicy private data and massive stolen storage space?

    While you're at it, it's best to take as much opportunity as possible.
    - you can "safely" mine on a nas, because the clueless user won't notice a heavily degraded performance (unlike on their desktop).
    - you can pick-up a coin which won't be beaten by cheapo USB ASICs: math based coins (like PrimeCoin, RieCoin, etc.) are still mined on CPUs. SHA3 based coins (CopperLark, QuarkCoin, etc) don't have an efficient GPU implementation yet. SCrypt-based coins are some memory-intensive, that the jump between hardware generations doesn't yield such a strong difference in hash rate: even if the current mining is mostly done on GPU and some early experimental FPGA, high-end server CPU can still give Litecoin for their run. (so even if the ARM inside NAS isn't that powerful, a whole botnet mining Litecoin could still earn some money back).

    And last but not least:
    - that the worm download a payload for mining bitcoins, doesn't prevent the the worm to also download a payload for scanning credit-cards numbers, SSN, naked photos, etc.
    So don't despair, the massive stolen storage space will also be juiced for all it's worth.

    The coin-mining at least is low bandwidth, and it's possible for the blackhats to check if their plan is working just by looking at the income on the cryptocurrency address used for mining. Scanning the stolen storage space would be much more bandwidth intensive (the victim would notice that "their internet has become slow").

    On the other hand, getting that money out of the botnet and into the black-hat's pockets is going to be tough:
    cryptocurrency aren't anonymous. in fact they work based on the exact opposite: every single transaction is boardcaster to the whole network. While this provide good security against counterfeit wiithout needing a central authority (the whole point of the bitcoin protocole), that also means that anyone can follow the transaction following this mining.
    If the hackers indeed used a rare CPU-based coin, that means that they can't do much except exchange it on one of the few major exchange which accepts even very minor coins (like cryptsy). That means it's rather easy for law forces to collaborate with cryptsy to try and catch any transaction with coins coming from this mining- then it's just a question of matching this transaction with user profiles and/or follow the money trail further.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  22. Yes and no by DrYak · · Score: 1

    Is there a mechanism built into the bitcoin structure that allows for this and voids the coins?

    Is there a mechanism built into hard cash that allows to void the silvercoins/bank bills to be remotely voided? No.
    And basically any cryptocurrency works the same. There's by definition NO SINGLE ENTITY in control of the bitcoin protocol (that's the whole point of it).
    so nobody could remotely void any coin. (but at least that means that legally earned crypto-mony won't suddenly vanish neither... no fraudulous chargebacks on the bitcoin network)

    On the other hand, cryptocurrencies aren't anonymous. At all. In fact they are (again by definition) the exact opposite: every signle transaction is broadcasted to the whole network. That really helps the security (thus every single node on the network can check and verify all transaction) without needs for a central authority (see previous point). But that also means that anyone can follow transaction a follow money jumping from one public key to another.

    As the blackhats aren't probably mining actual bitcoins, but some minor alt-coins which is much more mine-able on CPUs, at some point, they'll need to exchange it for something more easily spendable. So they need to send them to one of the (few) exchanges accepting less known coins (Probably cryptsy).
    Law forces could collaborate with exchanges and try to catch transaction whose coins can all be traced back to the initial mining by this botnet.
    Then it's a matter of matching transaction with profiles registered at the exchange or further following the money trail.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  23. Pointless? by countach · · Score: 1

    At the current bit coin difficulty, I would have thought even a large botnet of conventional CPUs would be pretty pointless.

  24. Anonymous Coward by Anonymous Coward · · Score: 0

    Unfortunately it is all too believable...

  25. DVR passwords are often numbers only! by Anonymous Coward · · Score: 0

    The reason why is the DVR devices often only include buttons on the front for basic playback controls and numbers for selecting which camera to view. Naturally, the numbers are used for the admin/user logins!

    It's the same issue with most Samsung DVR's. I have a Samsung DVR (SHR-4000 series). It has an embedded linux on a bootflash disk attached to an IDE interface. Even though there is a PC application (SmartViewer), you can only use numeric passwords. Might as well use 1-2-3-4 folks! Since it has nothing to stop repeated invalid attempts!

    I started to notice a ton of UDP 123 (NTP) traffic going to "zero.bora.net". Curiously, this host is in Korea but does not appear to be related to Samsung Electronics. The volume of traffic is very high and is definitely not NTP traffic. I suspect that the DVR is attempting to stream my "video" off my cameras to this host. The traffic is all hashed and not recognized by wireshark as proper NTP traffic.

    if you have a Samsung DVR folks, watch your network carefully for "zero.bora.net". Even though I have configured mine to use a local NTP server, it still sends high volume of traffic to that host. (all blocked at my firewall)

    Needless to say, I am not buying another Samsung security product.

  26. probably mining an alt coin by markass530 · · Score: 1

    impossible to make any cash mining bitcoin this way, probably mining primecoin or one of the other CPU based alt coins

  27. I hear tell... by swschrad · · Score: 1

    that if you DVR fishing shows, you spread worms, too

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  28. Re:But did you not already know that this is the w by Anonymous Coward · · Score: 0

    rubbish!

    Grease is the word, not only is it the word, it's also the time and the place, and indeed the motion!

  29. ARM Chips?? by Anonymous Coward · · Score: 0

    I'm wondering what the overall hashing rate of their 'botnet' is?

    Combine the low hashing rate with the latency inherent in scattered devices on a network and... I see there needing to be a huge supply of them to produce any decent amounts of accepted shares on a pool. Heck, I'm running the new ccminer on 2 Nvidia 650Ti's and getting almost 11mh/s mining HeavyCoins. That may sound like a lot to some people, but the BitCoin difficulty is in the BILLIONS... yeah, 5 billion and climbing.

    I'm actually making .5% a day on a different venture that doesn't mine bitcoins, yet pays bitcoins every 10 minutes. Heck, the last 3 days have been averaging almost .7% a day in profits. Come check it out at thecleangame[.]net/multicoin So far we have a great group of folks in the beta program and the site is about to go live.

    Massive things are happening in the mining world these days... come join the fun! :D

  30. Synology user, got hit with this by Anonymous Coward · · Score: 0

    I use mine for TV shows and as a VPN (travel a lot) and I got hit with this. I found out when it was slow as a dog, rebooted it, and the services never came up (malware screwed up the boot). SSH worked, and then I found the indications of infection... I was away so I had to ask someone to stop by my house and unplug the power.

    Luckily I mostly keep media files on it, and anything sensitive is in an encrypted container.

    I'm pissed that Synology knew about these bugs for months and only patched them after they were exploited. I will probably make my own NAS running some flavor of Linux and then just put the Synology as one only available on my local network.