Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nearly 3,000 Bitcoin Miners Exposed Online Via Telnet Ports, Without Passwords (bleepingcomputer.com)

Posted by BeauHD on from the de-anonymization dept.

An anonymous reader quotes a report from Bleeping Computer: Dutch security researcher Victor Gevers has discovered 2,893 Bitcoin miners left exposed on the internet with no passwords on their Telnet port. Gevers told Bleeping Computer in a private conversation that all miners process Bitcoin transactions in the same mining pool and appear to belong to the same organization. "The owner of these devices is most likely a state sponsored/controlled organization part of the Chinese government, " Gevers says, basing his claims on information found on the exposed miners and IP addresses assigned to each device. "At the speed they were taken offline, it means there must be serious money involved," Gevers added. "A few miners is not a big deal, but 2,893 [miners] working in a pool can generate a pretty sum." According to a Twitter user, the entire network of 2,893 miners Gevers discovered could generate an income of just over $1 million per day, if mining Litecoin.

43 comments

  1. TELNET???? by NoNonAlphaCharsHere · · Score: 0

    Crap, I hope nobody port scans the Kermit server I'm running.

    1. Re:TELNET???? by networkBoy · · Score: 0

      I use telnet extensively in my internal network.
      Dead simple interface, capable of moving complex data as JSON or MIME64 strings.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    2. Re:TELNET???? by Anonymous Coward · · Score: -1

      Telnet is still used quite a bit.

    3. Re:TELNET???? by NoNonAlphaCharsHere · · Score: 1

      NAUGHTY!
      Bad networkBoy! Bad!
      Even on a local network, rsh and friends aren't quite as pants-around-your-ankles as telnet is; but there's really no excuse for having an Internet-facing machine running telnet in this day and age. ssh exists for a reason, and even that has issues, as we've seen. If you're gonna run old-coot UUCP-era technology, you're gonna get pwned.

    4. Re: TELNET???? by Anonymous Coward · · Score: -1

      When will people realize bitcoins are the biggest joke. Then carbon credits. Making money out of thin air evaporates.

    5. Re: TELNET???? by Anonymous Coward · · Score: 2, Interesting

      Uh, hate to break this to you but ALL modern non-commodity currencies are "made up of thin air" if you THINK about it.

      Do you think a few pieces of green paper are really a fair trade for a hamburger without that "magic" quality?

      Why should bitcoin be any different than the ephemeral value of the fanciful and invented concept of the "dollar"?

    6. Re: TELNET???? by MightyMartian · · Score: 2

      All currencies are effectively made up out of thin air. Gold has no greater intrinsic value than, say, iron or salt. People have simply ascribed a great deal of value to it due to relative scarcity, but it isn't as if gold was historically so important that civilization would have fallen if it had been rarer. It would certainly make many modern processes and products more expensive, of course, but we extract one helluva lot of gold nowadays in comparison to what mining was able to do prior to the Industrial Revolution.

      The value of currencies over time has largely been arbitrary at their root. The gold standard could just as easily been the salt standard. What counted wasn't the intrinsic value of gold, it was that large numbers of people throughout the known world essentially agreed at both the macro and micro economic levels that it was a good way to store and exchange value.

      And really, what does a stockpile of gold really mean? A currency simply based on how many precious metals you have in a vault is pretty darned unrepresentative of the overall activity of an economy. A fiat currency isn't perfect, but by pegging the value of the currency in some way to actual economic activity, rather than simply to how much gold or silver or other precious metal a particular government can accumulate, seems far better.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    7. Re: TELNET???? by Anonymous Coward · · Score: 0

      Screw telnet use netcat and just send the kitchen sink

    8. Re:TELNET???? by Anonymous Coward · · Score: 0

      Is Twitter an idiot? How do you mine Litecoin with Bitcoin miners? Scrypt vs SHA?

    9. Re:TELNET???? by Anonymous Coward · · Score: 0

      They're 25MH scrypt units. The article is just ridiculously bad

    10. Re: TELNET???? by Anonymous Coward · · Score: 0

      Gold: Limited supply. Find it, dig it up, lock it up, trade it and/or shiny.

      Bitcoin takes something to make it: Power, cpu, networking, time, hardware, some oversight.

    11. Re:TELNET???? by networkBoy · · Score: 1

      who said internet facing? ;)

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  2. Telnet passwords by nuckfuts · · Score: 1

    aren't secure anyway, being transmitted in plain text. That's why we have SSH.

    1. Re:Telnet passwords by Anonymous Coward · · Score: 1

      Just because the password can be overheard doesn't mean there shouldn't be one.

    2. Re:Telnet passwords by Anonymous Coward · · Score: 0

      we always used challenge response over telnet.

    3. Re: Telnet passwords by Anonymous Coward · · Score: 0

      Do you mean like 'are you over 18?'

    4. Re:Telnet passwords by Anonymous Coward · · Score: 0

      aren't secure anyway, being transmitted in plain text. That's why we have SSH.

      No, we have SSH because securing telnet is too obscure and complicated (Hint: kerberos integration). It needs infrastructure set up and SSH works out of the box if you don't mind the host keys verification.

  3. Telnet in 2017 by manu0601 · · Score: 4, Informative

    It is weird to see new devices with telnet enabled. SSH is reliable technology for quite some time.

    1. Re:Telnet in 2017 by Anonymous Coward · · Score: 0

      In the communist NK, older technology is newer.

    2. Re:Telnet in 2017 by Anonymous Coward · · Score: 0

      SSH increases code complexity, which might add a few cents to the cost of each device, and (gasp) we can't have that.

  4. Telnet can be more secure than SSH by Anonymous Coward · · Score: -1

    If done right, telnet can be more secure than SSH. For example, when's the last time you heard about a remote root vulnerability in the telnet executable? When's the last time there was a vulnerability in [Open]SSH? Remember as well that you can run your telnet connection through a VPN or whatever encrypted tunnel.

    Now this story is obviously someone being lazy. At least put a password on it so that a random passer-by couldn't get in.

    $1mil per day, though, dang!

    1. Re:Telnet can be more secure than SSH by Anonymous Coward · · Score: 0

      $1mil per day: assuming you can find someone who wants to buy $1m worth of bit/lite/chigga-wigga-whatevercoin per day.

    2. Re: Telnet can be more secure than SSH by Anonymous Coward · · Score: 0

      Which you cant.
      The Chinese government mozt likely is simply trying to amass enough coins and miners to where they can effectively control the new currencies.

    3. Re:Telnet can be more secure than SSH by Kaenneth · · Score: 3, Insightful

      2.5 billion dollars of bitcoin changed hands in the last 24hrs, and 1.7 billion in Litecoin.

      Moving a single million is not difficult.

    4. Re:Telnet can be more secure than SSH by sheramil · · Score: 0

      I wish people would stop saying bitcoins and litecoins are worth millions, if they can't be exchanged for anything of worth.

      Coming into the possession of an ancient lead coffin - after discarding the contents - I have formed a number of leaden lozenges. These, stamped with appropriate seals and runes, I declare to be worth five hundred thousand dollars each.

      Funny thing is, nobody wants to buy them.

    5. Re:Telnet can be more secure than SSH by MightyMartian · · Score: 2

      Christ, Telnet is completely unencrypted, so it is completely vulnerable to anyone who can intercept the packets. While it's true that you could transmit encrypted traffic over Telnet, one would presume you would be using the same encryption libraries that are being used by, say, SSH or a VPN host or client, and it is by and large in those libraries that the vulnerabilities lie.

      I stopped using Telnet a long time ago, and it is disabled on any production machine, and the firewalls outright block the port, just in case I miss disabling it on some external-facing host.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    6. Re:Telnet can be more secure than SSH by Anonymous Coward · · Score: 1

      You... You are not well informed.

      The sum here ($1M) is trivial in the bitcoin world, more than 2000x that was traded in the last day.

      As for value, my miners mine the most profitable scrypt coin available at the time, then automatically trade it on the exchanges, then deposit the coins in a coinbase account, which could automatically convert them to fiat (that's dollars, btw). My miners bring in about $700/day, sometimes a little more, sometimes a little less. It costs me $608 to power them for a month. The value is very definitely observable to me, it's having a second income but not having to do anything to get it.

      That said, the summary is confusing - bitcoin miners generally don't mine litecoin, so it's not clear where the $1M/day comes from

    7. Re: Telnet can be more secure than SSH by Anonymous Coward · · Score: 0

      By miners how many and what specs? PC or ASIC setups? Just curious as I plan to build a small server farm.

      likewhoa

    8. Re:Telnet can be more secure than SSH by goose-incarnated · · Score: 1

      assuming you can find someone who wants to buy $1m worth of bit/lite/chigga-wigga-whatevercoin per day.

      2.5 billion dollars of bitcoin changed hands in the last 24hrs, and 1.7 billion in Litecoin.

      Moving a single million is not difficult.

      Parent didn't ask about moving bitcoin, parent asked about selling them (a subset of moving them). It's perfectly possible to move 2.5b worth of Bitcoin around without a single one of them getting changed for dollars.

      --
      I'm a minority race. Save your vitriol for white people.
    9. Re: Telnet can be more secure than SSH by Megol · · Score: 1

      Why would they? They are more interested in making real money.

    10. Re:Telnet can be more secure than SSH by Anonymous Coward · · Score: 0

      Out of interest.. what soft of setup allows you to mine $700/day? What would a setup like that cost (setup cost not electricity cost) ?

    11. Re:Telnet can be more secure than SSH by Troed · · Score: 1

      Of course bitcoin can be exchanged for anything of worth. This is obvious to anyone who does a few minutes of research into the subject.

      The question then naturally becomes, why do you claim differently when you obviously haven't done that research? What purpose does your post serve?

      (20% of all remittance between South Korea and the Philippines is done via Bitcoin. Overstock are extremely happy with their sales in bitcoin. Those were two examples of actual use - I'll let you find all the rest yourself)

      --
      it's in my head
    12. Re:Telnet can be more secure than SSH by Anonymous Coward · · Score: 0

      assuming you can find someone who wants to buy $1m worth of bit/lite/chigga-wigga-whatevercoin per day.

      2.5 billion dollars of bitcoin changed hands in the last 24hrs, and 1.7 billion in Litecoin.

      Moving a single million is not difficult.

      Parent didn't ask about moving bitcoin, parent asked about selling them (a subset of moving them). It's perfectly possible to move 2.5b worth of Bitcoin around without a single one of them getting changed for dollars.

      And it is also perfectly possible to move the dollar amounts in question ($1m) as well.

      I was in a thread recently where several people were fighting this point, I don't really understand where the sentiment comes from, the data, volume and order books are right on the exchanges. Is there some documentary or something that says otherwise?

  5. the news here.. by Anonymous Coward · · Score: 0

    which shouldn't be a surprise to anyone.. the chinese government (and you know it's them that's controlling this farm if it's located there) is mining the fuck out of currencies. for this one farm that was 'found', there's no doubt many more; probably hundreds at least as large as this one.

  6. Wrong Title by Anonymous Coward · · Score: 0

    Wrong title from source, the article specifies the model of Litecoin (Scrypt) miners with a respectable but below average 30 mega hash per second. Not 3000 Bitcoin miners.

  7. Targets? by Anonymous Coward · · Score: 0

    So should I not have changed their target wallet to my own, then?

  8. According to a Twitter user... by Anonymous Coward · · Score: 0

    or an income of just over 6 million yuanbao per day if mining dogecoin.

  9. News by Ebsolas · · Score: 1

    Wow TELNET has been in the news a lot lately.

    1. Re:News by Anonymous Coward · · Score: 0

      Telnet is the new bitcoin

  10. Re:According to some ignorant twit... by Zontar+The+Mindless · · Score: 1

    or an income of just over 6 million yuanbao per day...

    Now that's a funny mental image...

    Oh. You've absolutely no idea what a yuanbao is, do you? And neither does your Twitter buddy, evidently.

    Anyhow, thanks for the chuckle.

    --
    Il n'y a pas de Planet B.
  11. "can generate a pretty sum" - No! by Anonymous Coward · · Score: 0

    "2,893 [miners] working in a pool can generate a pretty sum"
    Can convert a large amount of electricity to a pretty sum. Its not generated , its just a very poor conversion of money into another kind of money. The only way to really make money is to steal the power... which most of them do.

  12. pedophile alert by Anonymous Coward · · Score: 0

    in gravatai morada do vale 1 rio grande do sul brazil there's a criminal organization that uses bitcoin to operate, they work with drug smuggling and child prostitution, the local police force is involved, crooked politicians are also involved, like yeda dilma and maria do rosario

  13. Fake exaggerated news by Anonymous Coward · · Score: 0

    This article and all the reposted/rewritten variants now spreading around just make it painfully obvious that the writers (and editors if they exist) have an extremely limited grasp of how cryptocurrency actually works. It also shows a complete lack of verification of the article - just whack some text together based on a handful of Twitter posts, click publish and bam! You've now become a leading edge cryptocurrency reporter!

    Getting down to the facts the units mentioned in the article are *NOT* Bitcoin miners (sha256), but rather Litecoin miners (scrypt). They are old first/second gen 25MH units, so not very efficient but that's not much of a concern with subsidized power. Crunching the numbers correctly shows a different picture:

    2893 * 25MH = 72.32GH

    72.32GH on a Litecoin pool directly:
    24 hours 54.44504517 LTC 4411.68 USD
    7 days 381.11531616 LTC 30881.77 USD
    30 days 1633.35135498 LTC 132350.46 USD

    72.32GH on Nicehash selling scrypt power is much more profitable though:
    Past 24 hours 1.33988376 BTC (6237.16 USD)
    Past 7 days 9.23010895 BTC (42966.16 USD)
    Past 30 days 48.79039546 BTC (227119.29 USD)

    Correct me if I'm wrong but $6,237/day is a little bit less than a million dollars per day. Of course, an article about the chance to steal $1mil/day is much more likely to receive traffic than an article about stealing $6k/day.