Nearly 3,000 Bitcoin Miners Exposed Online Via Telnet Ports, Without Passwords

An anonymous reader quotes a report from Bleeping Computer: Dutch security researcher Victor Gevers has discovered 2,893 Bitcoin miners left exposed on the internet with no passwords on their Telnet port. Gevers told Bleeping Computer in a private conversation that all miners process Bitcoin transactions in the same mining pool and appear to belong to the same organization. "The owner of these devices is most likely a state sponsored/controlled organization part of the Chinese government, " Gevers says, basing his claims on information found on the exposed miners and IP addresses assigned to each device. "At the speed they were taken offline, it means there must be serious money involved," Gevers added. "A few miners is not a big deal, but 2,893 [miners] working in a pool can generate a pretty sum." According to a Twitter user, the entire network of 2,893 miners Gevers discovered could generate an income of just over $1 million per day, if mining Litecoin.

Telnet in 2017

[manu0601]

It is weird to see new devices with telnet enabled. SSH is reliable technology for quite some time.

Re: TELNET????

Uh, hate to break this to you but ALL modern non-commodity currencies are "made up of thin air" if you THINK about it.

Do you think a few pieces of green paper are really a fair trade for a hamburger without that "magic" quality?

Why should bitcoin be any different than the ephemeral value of the fanciful and invented concept of the "dollar"?

Re:Telnet can be more secure than SSH

[Kaenneth]

2.5 billion dollars of bitcoin changed hands in the last 24hrs, and 1.7 billion in Litecoin.

Moving a single million is not difficult.

Re: TELNET????

[MightyMartian]

All currencies are effectively made up out of thin air. Gold has no greater intrinsic value than, say, iron or salt. People have simply ascribed a great deal of value to it due to relative scarcity, but it isn't as if gold was historically so important that civilization would have fallen if it had been rarer. It would certainly make many modern processes and products more expensive, of course, but we extract one helluva lot of gold nowadays in comparison to what mining was able to do prior to the Industrial Revolution.

The value of currencies over time has largely been arbitrary at their root. The gold standard could just as easily been the salt standard. What counted wasn't the intrinsic value of gold, it was that large numbers of people throughout the known world essentially agreed at both the macro and micro economic levels that it was a good way to store and exchange value.

And really, what does a stockpile of gold really mean? A currency simply based on how many precious metals you have in a vault is pretty darned unrepresentative of the overall activity of an economy. A fiat currency isn't perfect, but by pegging the value of the currency in some way to actual economic activity, rather than simply to how much gold or silver or other precious metal a particular government can accumulate, seems far better.

Re:Telnet can be more secure than SSH

[MightyMartian]

Christ, Telnet is completely unencrypted, so it is completely vulnerable to anyone who can intercept the packets. While it's true that you could transmit encrypted traffic over Telnet, one would presume you would be using the same encryption libraries that are being used by, say, SSH or a VPN host or client, and it is by and large in those libraries that the vulnerabilities lie.

I stopped using Telnet a long time ago, and it is disabled on any production machine, and the firewalls outright block the port, just in case I miss disabling it on some external-facing host.