Among all the scams and thievery in the bitcoin economy, one recent hack sets a new bar for brazenness: Stealing an entire chunk of raw internet traffic from more than a dozen internet service providers, then shaking it down for as many bitcoins as possible.Researchers at Dell’s SecureWorks security division say they’ve uncovered a series of incidents in which a bitcoin thief redirected a portion of online traffic from no less than 19 Internet service providers, including data from the networks of Amazon and other hosting services like DigitalOcean and OVH, with the goal of stealing cryptocurrency from a group of bitcoin users.Though each redirection lasted just 30 second or so, the thief was able to perform the attack 22 times, each time hijacking and gaining control of the processing power of a group of bitcoin miners, the users who expend processing power to add new coins to the currency’s network.The attacker specifically targeted a collection of bitcoin mining "pools"–bitcoin-producing cooperatives in which users contribute their computers' processing power and are rewarded with a cut of the resulting cryptocurrency the pool produces.

The redirection technique tricked the pools' participants into continuing to devote their processors to bitcoin mining while allowing the hacker to keep the proceeds.At its peak, according to the researchers’ measurements, the hacker’s scam was pocketing a flow of bitcoins and other digital currencies including dogecoin and worldcoin worth close to $9,000 a day.bitcoin indicators“With this kind of hijacking, you can quite easily grab a large collection of clients,” says Pat Litke, one of the Dell researchers.ibm bitcoin alternative“It takes less than a minute, and you end up with a lot of mining traffic under your control.”The Dell researchers believe the bitcoin thief used a technique called BGP hijacking, which exploits the so-called border gateway protocol, the routing instructions that direct traffic at the connection points between the Internet’s largest networks.bitcoin hull

The hacker took advantage of a staff user account at a Canadian internet service provider to periodically broadcast a spoofed command that redirected traffic from other ISPs, starting in February and continuing through May of of this year.The Dell researchers won’t name that ISP, and they’re not sure how the hacker gained access to the account or whether he or she might have in fact been a rogue staffer.That BGP hijack allowed the hacker to redirect the miners’ computers to a malicious server controlled by the hijacker.bitcoin inne walutyFrom that server, the hacker sent the mining machines a “reconnect” command that changed the mining computers’ configuration to contribute their processing power to a pool that stockpiled the bitcoins they produced rather paying them out to the mining pool’s participants.bitcoin isn't anonymous

“Some people are more attentive to their mining rigs than others,” says Joe Stewart, a Dell researcher whose own computers were caught up in one victimized mining pool.“Many users didn’t check their setups for weeks, and they were doing all this work on behalf of the hijacker.”In total, Stewart and Litke were able to measure $83,000 worth of cryptocurrency stolen in the BGP attack.bitcoin karty graficzneBut the total haul could be larger; The researchers stopped collecting data for several weeks of the attack because Stewart broke his ankle in the midst of the study.BGP hijacking has been discussed as a potential threat to internet security since as early as 1998, when a group of hackers known as the L0pht testified to congress that they could use the attack to take down the entire internet in 30 minutes.pared to those large-scale digital hijackings, the latest bitcoin heist was a much smaller and targeted traffic-stealing operation.

And given that it required inside access to an ISP, Dell's researchers don't expect Bitcoin thieves to repeat the attack any time soon.In fact, the BGP bitcoin-stealing exploits represent less of a new vulnerability in bitcoin than the persistent fragility of the internet itself, Dell's researchers say.If one Canadian ISP can be used to redirect large flows of the Internet to steal a pile of cryptocurrency, other attackers could just as easily steal massive drifts of Internet data for espionage or pure disruption.The Dell researchers suggest that companies set up monitoring through a service like BGPmon, which can detect BGP hijacking attacks.But they shouldn't expect to be able to actually prevent those attacks any time soon."We’regoing to see other events like this," says Dell's Stewart."It’s ripe for exploitation."Researchers investigated after their own Bitcoin mining pool was tapped, though how hackers accessed ISP infrastructure is still not known Hackers accessed ISP infrastructure to tap Bitcoin mining pools.

Photograph: Alamy Researchers investigated after their own Bitcoin mining pool was tapped, though how hackers accessed ISP infrastructure is still not known A hacker generated $84,000 worth of the Bitcoin cryptocurrency by gaining access to a Canadian internet provider and diverting the computing power of private Bitcoin “mines”.The malicious activity was discovered by researchers at Dell SecureWorks, a cyber intelligence company, after noticing that some of their own mining power stolen.The team traced the activity back to an internet service provider (ISP) in Canada, which remains anonymous.It remains unclear exactly how the hacker managed to gain access to the ISP’s infrastructure to reroute users’ mining power to their own pool.Speaking to the Guardian at the BlackHat security conference in Las Vegas, Pat Litke from SecureWorks suggested they may have been a current or former employee at the ISP, or an external hacker who had breached the company.By gaining administrative access to a router at the ISP, they abused a service known as the Border Gateway Protocol (BGP) that is designed to connect different networks on the internet together.

By compromising BGP functions at the ISP, the hacker was able to send traffic destined for a legitimate mining pool to his own pool.The hijacker actually set up two malicious pools.One was used to send miners to a second pool.“By convincing the miners to connect to this second malicious pool rather than the original malicious pool, the hijacker filters out traffic that has already been hijacked so it is not hijacked again,” the researchers’ paper read.Users originally complained about the illicit activity on internet forums in March, but Litke and his colleague Joe Stewart said the attacks dated back to February.The hacker also stole mining power to release other cryptocurrencies, including Dogecoin, HoboNickels and WorldCoin.As many as 8,000 Dogecoins, equivalent to $1.42, were lost at one small-time miner as a result of the hack.To prevent similar attacks in the future, Litke and Stewart recommended pool servers use the Secure Sockets Layer (SSL) encryption protocol.If the affected pool had done so here, it would have prevented the theft, they said.