Slashdot Mirror

← Back to Stories (view on slashdot.org)

Suspicious Event Hijacks Amazon Traffic For 2 hours, Steals Cryptocurrency (arstechnica.com)

Posted by msmash on from the security-woes dept.

Amazon lost control of some of its widely used cloud services for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that allowed them to redirect traffic to rogue destinations, according to media reports. ArsTechnica: The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users. They may have targeted other customers of Amazon's Route 53 service as well. The incident, which started around 6am California time, hijacked roughly 1,300 IP addresses, Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, a large Internet service provider that is referred to as autonomous system 10297. Once in place, the eNet announcement caused some of its peers to send traffic over the same unauthorized routes. [...] Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country, security researcher Kevin Beaumont said in a blog post. The redirection came by rerouting domain name system traffic and using a server hosted by Chicago-based Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site. Participants in this cryptocurrency forum appear to discuss the scam site. Further reading: Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000 (BleepingComputer).

3 of 67 comments (clear)

  1. Re:Click-bait title? by lgw · · Score: 5, Insightful

    That's not "security", that's "good intentions".

    --
    Socialism: a lie told by totalitarians and believed by fools.
  2. Just stop the Russia-did-it bullshit by Anonymous Coward · · Score: 3, Insightful

    Why the hell would the Russian government steal a few millions of crypto currency? It's the scale equivalent of a millionaire setting up a sophisticated shop and scheme to heist a few pennies, it just makes no sense.

  3. Re:Wait a minute by lastman71 · · Score: 2, Insightful

    From the fine article:

    "the phishing site used a fake HTTPS certificate that would have required end users to click through a browser warning."

    So: yes it's protected from https... if the user is smart enough to do not accept a fake certificate.