Network Hijacker Steals $83,000 In Bitcoin

An anonymous reader writes with news that bogus BGP announcements can be used to hijack work done by cryptocurrency mining pools. Quoting El Reg: Researchers at Dell's SecureWorks Counter Threat Unit (CTU) have identified an exploit that can be used to steal cryptocurrency from mining pools — and they claim that at least one unknown miscreant has already used the technique to pilfer tens of thousands of dollars in digital cash. The heist was achieved by using bogus Border Gateway Protocol (BGP) broadcasts to hijack networks belonging to multiple large hosting companies, including Amazon, Digital Ocean, and OVH, among others. After sending the fake BGP updates miners unknowingly contributed work to the attackers' pools.

This is *NOT* hilarious !

[Taco+Cowboy]

The use of bogus BGP to treat networks into believing that it is connecting to a legitimate network instead of having its own network stream being hijacked can be used for much more than mere Bitcoin snatching

It can also be used to "branch out" legitimate net traffic to some listening posts (something NSA and all other spy agencies like to do) and thus, further compromise the legitimacy of the network itself - and the loss of privacy / data / whatever that the data stream happen to contain

This is a serious threat !