Pinterest Stumbleupon Whatsapp
Ads by Google

What motivates people to hack computers?

If you guessed “money”, you’re spot on. But how on earth do you monetize a compromised server? It turns out that criminals are a smart bunch, and have came up with a number of unusual ways to make their misdeeds pay. Here are three.

Mine Bitcoin

Cryptocurrencies are big business. The Current State of Cryptocurrency The Current State of Cryptocurrency It's been a wild ride for cryptocurrency since Bitcoin (BTC) became the first decentralized digital currency in 2009. Read More One of the biggest is BitCoin What Is Bitcoin: The MakeUseOf BitCoin Guide What Is Bitcoin: The MakeUseOf BitCoin Guide Whether you just want to find out more about BitCoin or to actually use the currency, you'll want to check out "Virtual Currency: The BitCoin Guide", the latest manual from author Lachlan Roy. Read More , which has a market cap (at the time of writing) of almost $3.6 billion dollars. Unlike a traditional currency, which is printed by a central bank, anyone can “mine” BitCoin 5 Ways You Can Make And Mine Bitcoin Currency 5 Ways You Can Make And Mine Bitcoin Currency The revolutionary and controversial method of payment has been making headlines. There are plenty of reasons why you might want to start performing transactions using Bitcoins. But first, you have to earn some for yourself. Read More . All you need is a computer, and a freely available piece of software, and you can start mining.

server-bitcoin

You can use any computer, from a low-power Raspberry Pi Raspberry Pi - A Credit-Card Sized ARM Computer - Yours For Only $25 Raspberry Pi - A Credit-Card Sized ARM Computer - Yours For Only $25 Something big has been brewing in the university town of Cambridge, UK. For the past year a team of academics, businessmen, lecturers and programmers have been making final amendments to a very exciting project indeed.... Read More (although, this isn’t recommended), all the way to a high-powered virtual private server (VPS). And what’s more, the server doesn’t even need to be your own. This is something Portuguese software developer Pedro Rio discovered last January, when he was the victim of a Bitcoin-driven hack attack.

When Pedro registered a new VPS, he immediately took efforts to ‘harden’ it. Despite being a programer by trade, he knew this wasn’t his area of expertise. Writing on his blog, he says “I’m not really a system administrator nor do I have much experience on the matter”.

Ads by Google

He configured his server to be as difficult as possible to compromise, and to send out email alerts at the first scent of any suspicious behavior. On January 17th, he received an email alert informing him his CPU had been running at 90% usage for the past two hours. Pedro logged on, and started to investigate.

“I logged in my VPS and used the top command to find that a single process was using all CPU. … with a bit of googling I traced it to bitcoin mining.”

Someone had managed to compromise his system and install a Bitcoin miner. Had Pedro not been so vigilant, it would have continued to consume his system resources, silently printing money for his attacker. Pedro has since rebuilt his system from scratch, and learned his lesson.

Some people aren’t so lucky.

Joe Moreno’s monthly Amazon EC2 bill is usually no more than $6. But last April, he got a nasty surprise when he discovered his monthly bill was over $5,000. Someone had gotten into his account and launched high-powered server instances across the world. In Tokyo, Sydney, Sao Paulo and Singapore, powerful servers were quietly mining Bitcoin, and Joe was footing the bill.

server-farm

The attackers had compromised his account through credentials he mistakenly uploaded to Github. A repository he created a few years earlier had contained his Amazon EC2 API keys, which was all the hacker needed to spawn and gain control of newly created server.

Fortunately for Joe, Amazon were gracious enough to forgive his massive debt, and today Joe is a lot more careful with where he leaves his credentials.

Launch Online Attacks

The criminal penalties for computer offenses can be quite steep, with offenders often being put away for decades. Albert Gonzales, for example, was sentenced to 20 years in jail for the the theft of 170 million credit card numbers from clothes retailer TJ Maxx. With that in mind, it makes sense that any prospective hacker would want to cover his tracks, and how better than through your server.

server-tjmaxx

Of course, servers are just like any other computer. You can launch virtually any attack from a compromised VPS, although it’s quite common for them to be used in DDoS attacks.

Distributed Denial of Service Attacks (DDoS) What Is a DDoS Attack? [MakeUseOf Explains] What Is a DDoS Attack? [MakeUseOf Explains] The term DDoS whistles past whenever cyber-activism rears up its head en-masse. These kind of attacks make international headlines because of multiple reasons. The issues that jumpstart those DDoS attacks are often controversial or highly... Read More are when a large pool of zombified systems are assembled and used to attack a single target. Usually, they send vast quantities of data to try and overwhelm the target, with the aim of preventing any legitimate usage of it.

Compromised servers come in all shapes and sizes, as Sucuri found out in 2014 when they were victim of a DDoS attack. The attack involved a botnet of almost 2000 web servers, m as many as 5,000 HTTP requests per seconds. Their investigation found servers running both Windows and Linux were used, and they ran a diverse range of software packages. In short, there’s no “standard issue” zombie server.

As you can imagine, DDoS attacks are incredibly lucrative, with people spending thousands to disrupt a target over a long period of time. A 2012 blog post from FSecure discovered a burgeoning marketplace in compromised servers, with one retailer charging $2 per hour for a DDoS attack. Surreally, some retailers even have video adverts.

Reselling

It was not an unusual hack. First, Andrew Morris‘s SSH credentials were brute-forced. Once the hacker had gained control of his system, they then installed a backdoor program that would allow them to remotely-access his system at their very whim.

But what they didn’t realize was that Andrew was watching. The hacker had actually found what’s known as a ‘honeypot’ – a system left intentionally secure to attract hackers, so a researcher can observe their behavior.

It was through this honeypot that Andrew discovered Huthos – an East-Asian provider of VPS services which he alleges is reselling stolen servers.

server-huthos

Although not totally conclusive, the evidence is pretty damning. Not only is the malware distributed from their website, and uses resources stored on their web server, but it also references their (since deleted) Facebook account. The malware also sets the timezone of the compromised system to that of Jakarta, where Huthos are based.

Apparently people can be this dumb.

If you’re tempted, A stolen VPS can be yours for as little as 59,500 Indonesian Rupiah, payable via bank transfer. That’s just short of $5, or how much it costs to provision a Digital Ocean droplet DigitalOcean: The Best VPS Host For Newbies DigitalOcean: The Best VPS Host For Newbies Read More .

Lessons Learned

Far from merely being ‘for the lulz’, there’s an impressively lucrative cottage industry around stealing VPS servers. So, what can you do? Well, firstly, consider asking yourself whether you actually need a server. Quite often, managed services, especially for hosting simple websites and blogs are more than enough. If you’re a developer, consider using a managed PaaS service like Heroku or Google App Engine.

If you absolutely need to run your own server, take care to harden it, and to set up stringent security checks and alerts.

Ever had a server hacked? What did the attackers do, and what did it cost you? I want to hear about it. Drop me a comment below, and we’ll chat.

Photo Credits: tap with money Via Shutterstock, hacker Via Shutterstock, server room Via Shutterstock, Bitcoin (Zach Copley)Server room (Torkild Retvedt), TJ Maxx (Mike Mozart)

  1. InfoSecDude
    April 26, 2015 at 6:04 pm

    So true, most people do not need a server. Home media servers are a big expense and a security risk. Unless you are an avid geek, servers are a pain. Think about it, why spend $700 to $1600 on a 12TB media server, when you can just buy some external hard drives for way less... And yes, I got hacked twice. Once it was on a honeypot so it was no matter. The other time it was ransomware on my gaming PC. It was able to encrypt one drive, but my security stopped it from spreading and I had a backup. I later found out that it came in via some BitCoin mining software I had installed and was a zeus rootkit variant of some sort. It had been on the PC for well over a year before it/they decided to try to get me with the ransomware, as I never did any banking or purchases on that box.

  2. InfoSecDude
    April 26, 2015 at 5:34 pm

    Also, I have a few Wi-Fi routers hooked to a honeypot, just to waste their time.

  3. InfoSecDude
    April 26, 2015 at 5:30 pm

    You forgot ransomware. And now some low-level hackers are targeting just one home at a time. They break into a vulnerable Wi-Fi network and infect what they can with ransomware. They don't make much money, but being that they never hack via the web, they are hard to catch. Best to just not use Wi-Fi, go wired.

Leave a Reply

Your email address will not be published. Required fields are marked *