Slashdot Mirror

← Back to Stories (view on slashdot.org)

Suspicious Event Hijacks Amazon Traffic For 2 hours, Steals Cryptocurrency (arstechnica.com)

Posted by msmash on from the security-woes dept.

Amazon lost control of some of its widely used cloud services for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that allowed them to redirect traffic to rogue destinations, according to media reports. ArsTechnica: The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users. They may have targeted other customers of Amazon's Route 53 service as well. The incident, which started around 6am California time, hijacked roughly 1,300 IP addresses, Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, a large Internet service provider that is referred to as autonomous system 10297. Once in place, the eNet announcement caused some of its peers to send traffic over the same unauthorized routes. [...] Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country, security researcher Kevin Beaumont said in a blog post. The redirection came by rerouting domain name system traffic and using a server hosted by Chicago-based Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site. Participants in this cryptocurrency forum appear to discuss the scam site. Further reading: Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000 (BleepingComputer).

5 of 67 comments (clear)

  1. $160k? Bzzt. Nope. Try again. by Zocalo · · Score: 4, Interesting

    Try following the "Out" transactions. Eventually (five or six hops) you're going to end up at this wallet, which currently contains over $17 MILLION USD of ETH. Not bad for a couple of hours work...

    --
    UNIX? They're not even circumcised! Savages!
  2. Re:Click-bait title? by Anonymous Coward · · Score: 3, Interesting


    No authentication, no validation. We need a new version of BGP that includes some way to authenticate updates and ensure the routes are for addresses the AS number is authoritative for in some way

    Authentication normally involves some form of authority. (They even use the same root word). How would you authorize routes when no authority exists?

    I think there has to be a better way to do this, but I suspect it's not through authentication or authorization.

  3. Re:Click-bait title? by jbmartin6 · · Score: 1, Interesting

    That's like saying Word for Windows has security because users aren't supposed to enable malicious macros.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  4. Re:Just stop the Russia-did-it bullshit by nuckfuts · · Score: 4, Interesting

    It's not the Russian government doing the stealing. It's the Russian government not giving a shit that Russian citizens are stealing.

  5. Re:Just stop the Russia-did-it bullshit by dinfinity · · Score: 4, Interesting

    Russian citizens? If you were a hacker (of any nationality), servers in which country would you use to hide your tracks?