Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Suspicious Event Hijacks Amazon Traffic For 2 hours, Steals Cryptocurrency (arstechnica.com) 67

Amazon lost control of some of its widely used cloud services for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that allowed them to redirect traffic to rogue destinations, according to media reports. ArsTechnica: The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users. They may have targeted other customers of Amazon's Route 53 service as well. The incident, which started around 6am California time, hijacked roughly 1,300 IP addresses, Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, a large Internet service provider that is referred to as autonomous system 10297. Once in place, the eNet announcement caused some of its peers to send traffic over the same unauthorized routes. [...] Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country, security researcher Kevin Beaumont said in a blog post. The redirection came by rerouting domain name system traffic and using a server hosted by Chicago-based Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site. Participants in this cryptocurrency forum appear to discuss the scam site. Further reading: Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000 (BleepingComputer).
This discussion has been archived. No new comments can be posted.

Suspicious Event Hijacks Amazon Traffic For 2 hours, Steals Cryptocurrency

Comments Filter:
  • by Zocalo ( 252965 ) on Tuesday April 24, 2018 @03:23PM (#56496529) Homepage
    Try following the "Out" transactions. Eventually (five or six hops) you're going to end up at this wallet [etherscan.io], which currently contains over $17 MILLION USD of ETH. Not bad for a couple of hours work...
    • by Anonymous Coward

      If you look at the largest majority of the In transactions in that wallet you'll see that they are all automatted transfers from different mining applications. The guy is a major mining outfit, probably not the scammer.

      • by Zocalo ( 252965 )
        The fact that all the Out transactions from a demonstrable BGP hijaack and well implemented spoof site scam end up in this account isn't enough to convince you that it's shady as hell and the owner is just a (fairly serious) miner? Try taking a look at the transaction patterns, yes there are a lot of of them, but the patterns are pretty clear to spot; lots of transfers in a short timeframe, a pause, then another batch and so on. Yeah, I'm pretty sure this wallet's owner is almost certainly involved in min
  • by Anonymous Coward on Tuesday April 24, 2018 @03:32PM (#56496585)

    Why the hell would the Russian government steal a few millions of crypto currency? It's the scale equivalent of a millionaire setting up a sophisticated shop and scheme to heist a few pennies, it just makes no sense.

    • by nuckfuts ( 690967 ) on Tuesday April 24, 2018 @03:39PM (#56496627)
      It's not the Russian government doing the stealing. It's the Russian government not giving a shit that Russian citizens are stealing.
      • by dinfinity ( 2300094 ) on Tuesday April 24, 2018 @04:22PM (#56496857)

        Russian citizens? If you were a hacker (of any nationality), servers in which country would you use to hide your tracks?

        • OK, let's say "people operating from hosts in Russia". Either way, I don't think the Russian government cares.
          • by rtb61 ( 674572 )

            Appear to operate from a hose in Russia, well at least the last detected, point. Just highjack a server anywhere temporarily. Russian servers are good because the US is so desperate to play spy vs spy shit, they can not sit down with the Russian government and sort out some cross border computer crime investigation treaties. So by the time anything is done about the server, the hackers are long gone.

            Of course any espionage agency, from anywhere in the world, could have been involved in this. Not directly,

          • Agreed, which is exactly why routing your malicious traffic through Russian servers is a great idea.

      • by Anonymous Coward

        It's not the Russian government doing the stealing. It's the Russian government not giving a shit that Russian citizens are stealing.

        Would you expect the US government to lift a finger against a US citizens stealing vaporcoins from Russians?

Keep your boss's boss off your boss's back.

Working...