Forgot your password?
typodupeerror
Security Bitcoin

DVRs Used To Attack Synology Disk Stations and Mine Bitcoin 75

Posted by Unknown Lamer
from the dvr-burned-the-house-down dept.
UnderAttack (311872) writes "The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device."
This discussion has been archived. No new comments can be posted.

DVRs Used To Attack Synology Disk Stations and Mine Bitcoin

Comments Filter:
  • by TWX (665546) on Tuesday April 01, 2014 @12:05AM (#46627955)
    ...by this?

    I'm more surprised that we haven't seen reports of infected DVD and Blu-ray players whose only purpose is to seek out more powerful devices (PCs, smartphones) on peoples' networks to compromise and turn into bitcoin zombies. After all, it only takes a few people to come up with the exploits in the first place, and then 5kr1p7 k1dd13s can use the tools others have created.
    • by fuzzyfuzzyfungus (1223518) on Tuesday April 01, 2014 @02:42AM (#46628379) Journal

      ...by this? I'm more surprised that we haven't seen reports of infected DVD and Blu-ray players whose only purpose is to seek out more powerful devices (PCs, smartphones) on peoples' networks to compromise and turn into bitcoin zombies. After all, it only takes a few people to come up with the exploits in the first place, and then 5kr1p7 k1dd13s can use the tools others have created.

      The main surprise is just that it's worth the trouble. Synology's high end has a few systems built around notably undistinguished Xeons(more for ECC support than anything else, they don't use very speedy ones); but if this attack is built for ARM, you are talking the relative cheap seats. Probably kilohashes to low megahashes per second, depending on how much capacity you reserve for the intended function of the device.

      Even free-as-in-stolen, you're telling me that the best use somebody can think of for a botnet of network attached storage devices is generating maybe as many hashes as one of those cheapo USB-stick ASICs, rather than, say, basking in juicy private data and massive stolen storage space?

      • Maybe they also installed a bitcoin botnet to cover up their real "work".

        • by Anonymous Coward

          This is logical, I can completely see this —why not throw a bitcoin miner in there for fun? At worst, you earn nothing on top of what you're really up to.

          • Completely agree, the bitcoin miner is just the headline. The rest of it is to scan the contents of the NAS, I wonder which government owns them?

      • by dbIII (701233)

        you're telling me that the best use somebody can think of for a botnet of network attached storage devices

        If criminals were bright enough to think of those other applications they would probably be able to think of the consequences if they get caught.
        Unless you are already doing it how many people would have a clue where to fence stolen credit card numbers let alone any other "juicy private data".
        With bittorrent etc I don't know it "massive stolen storage space" has any value.

        Last word - what the fuck are

        • 'Cheap and nasty' = 'purchased and installed by amateurs trying to save money'. Down that path lies nothing good. Extra demerits are, of course, awarded to any vendor whose shitty 'cloud monitoring' service uPnPs like a madman trying to punch through whatever feeble pretense of security your equally crap router might have provided in order to be 'user friendly' and allow you to watch your house be burglarized from your smartphone or whatnot.
          • by dbIII (701233)

            any vendor whose shitty 'cloud monitoring' service

            Ah - that's the truly special level of stupidity I had not considered.

        • by gl4ss (559668)

          the cheap and nasty nas drive isn't visible to internet but has access to internet.. that's a quite common setup. but the dvr's themselves are connected to the internet(so that their owners can see the video feeds on their ipads...).

      • by AmiMoJo (196126) *

        This suggests that this malware has been around for a long time, dating from back when it was worth mining Bitcoins with a low end CPU. Three or four years maybe.

        We can hope that Bitcoin mining was just a module someone added to it, or was in there from way-back-when and the malware has slowly evolved and added new infection vectors that were only recently discovered. Otherwise it must have been floating around undetected for years, and in the early days might have actually generated some cash.

        • by tlhIngan (30335)

          This suggests that this malware has been around for a long time, dating from back when it was worth mining Bitcoins with a low end CPU. Three or four years maybe.

          Uh, why is CPU mining pointless today? Because the returns are so low?

          Yes, the returns are very low. However, they're non-zero. So if you can find a pile of computing devices that you can use for FREE, even if you only earn 0.001 BTC a day, that's still a positive ROI for you.

          Now couple that with millions of PCs, routers, DVRs, etc., and suddenly 0

      • As I've mentionned above, it's probably NOT bitcoins being mined.
        The last few article on /. mentioning mining malware, all said "bitcoin mining" when careful reading showed up that in fact the malware didn't mine bitcoins but another cryptocurrency better suited for CPU (one of the latest I remember was PTShares).
        Reporter just say "bitcoin mining" because that's the only thing they know and they vaguely remember that creating bitcoins was something CPU intensive.

        If the black-hats are smart enough to think t

    • by Lumpy (12016)

      Because only complete and utter morons put their DVD player directly on the internet. While a security DVR is required to be in the internet or accessible via the internet for remote viewing.

      It's why I simply point and laugh at the fools that all herald ipv6 where they can have a public IP for every device. Only idiots want that, those of us that are sane only want public facing IP for the devices that need it.

      • by Anonymous Coward

        >> Because only complete and utter morons put their DVD player directly on the internet

        Welcome to DVD player.

        Choose WIFI network. [click]

        Input WIFI password [click]

        Thank you, enjoy.

      • by cusco (717999)

        I work in the security industry, and you would be absolutely shocked at some of the work being done out there. The residential and retail markets are absolutely the worst, since there's no money to be made there unless you're pumping out dozens of slipshod installations per week per installer. For most of those guys their level of technical expertise is that they can find porn and Facebook on the Internet.

        a security DVR is required to be in the internet or accessible

        Huh? Not just 'NO' but 'NO FUCKING WA

  • by viperidaenz (2515578) on Tuesday April 01, 2014 @12:41AM (#46628085)

    Interestingly, all of this malware is compiled for ARM CPUs

    How else does malware running on ARM based systems work?

    • It's JVMs all the way down. Except for the one that's actually Dalvik and willing to go head-to-head with Oracle to prove it.
  • by AuMatar (183847) on Tuesday April 01, 2014 @12:55AM (#46628135)

    This april fools is believable.

  • Counterfeit (Score:2, Interesting)

    by Oligonicella (659917)
    These should be considered counterfeit. True, they are probably good bitcoins in the accuracy department, but by no stretch of the imagination could they be considered legitimately mined. Is there a mechanism built into the bitcoin structure that allows for this and voids the coins?
    • by Anonymous Coward

      There is not, unless 51% of the network refuses to continue work on any chain containing a transaction that spent these balances.

      Bitcoin was designed this way with no central control because many in the community see the ability for others to arbitrarily decide someone's money is worthless to be a bug, not a feature.

    • Trying to determine whether a series of hashing operations resulting in a mathematically valid bitcoin is like trying to determine whether or not a file is copyright-infringing by examining it with a hex editor.

      Sure, I'd cry approximately -6 tears if the person behind this were to be caught and hauled off, and if he actually managed to mine anything(which would surprise me) I'd have no problem with the notion of his being forced to disburse the minings to his victims; but attempting to determine, from th
    • by rtb61 (674572)

      Of course we all know of a security agency that just positively loves video feeds for it's extortion program anything else just a cover. The interesting part of the story, how honeypots are much better at establishing internet security than engaging in global criminal activity, of course one is about law and order and the other is about criminal extortion with a political basis.

    • Is there a mechanism built into the bitcoin structure that allows for this and voids the coins?

      Is there a mechanism built into hard cash that allows to void the silvercoins/bank bills to be remotely voided? No.
      And basically any cryptocurrency works the same. There's by definition NO SINGLE ENTITY in control of the bitcoin protocol (that's the whole point of it).
      so nobody could remotely void any coin. (but at least that means that legally earned crypto-mony won't suddenly vanish neither... no fraudulous chargebacks on the bitcoin network)

      On the other hand, cryptocurrencies aren't anonymous. At all. In

  • Since part of the world has the date of April 1 we've got a couple of days of trying to tell which stories are bogus and which not.
    Please bring back the ponies instead of making us guess.
  • Well the laundry thought they may as well make SCORPION STARE self-funding by mining bitcoins. Its fortunate the researchers did not activate the primary function
  • by doas777 (1138627) on Tuesday April 01, 2014 @08:00AM (#46629123)

    TFA has very little info on the supposed Synology management interface vulnerability.

    I believe this article covers some some of the general info on the vulnerabilities: http://www.symantec.com/connec... [symantec.com]

  • At the current bit coin difficulty, I would have thought even a large botnet of conventional CPUs would be pretty pointless.

  • impossible to make any cash mining bitcoin this way, probably mining primecoin or one of the other CPU based alt coins
  • that if you DVR fishing shows, you spread worms, too

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...