BGP hijacking for cryptocurrency profit

by Mirko Zorz - Editor in Chief - Tuesday, 19 August 2014. In cryptocurrency, "mining" is the act of validating transactions listed in the public ledger (also known as the block chain). When a transaction is initiated, it is placed in a queue where it is prioritized based on the date and time of submission, and the size of the affixed transaction "fee."

Working from the top of the queue, miners cryptographically attempt to "find a block," which entails crunching numbers to satisfy a particular formula while simultaneously agreeing as network that the calculated results are valid. Mining is a generic activity; the mining pool dictates which cryptocurrency is mined.

In this podcast recorded at Black Hat USA 2014, Joe Stewart, Director of Malware Research at Dell SecureWorks, talks about his team's discovery of suspicious activity occurring on mining systems connected to the wafflepool.com mining pool.

Several users in this forum and other cryptocurrency forums noticed similar activity mining systems mysteriously redirected to an unknown IP address that answered with the Stratum protocol. Once connected to this IP address, miners continued to receive work but no longer received block rewards for their mining efforts. Hijackers harnessed miners' hashing power by redirecting legitimate mining traffic destined for well-known pools to a malicious server masquerading as the legitimate pool:

Continued here:
BGP hijacking for cryptocurrency profit