NAS device botnet mined $600,000 in Dogecoin over two months

NAS device botnet mined $600,000 in Dogecoin over two months

Summary: Insecure NAS boxes have landed a hacker a small fortune in cryptocurrency.

TOPICS: Storage, Security

A vulnerability in a network attached storage (NAS) system allowed hackers to establish what's thought to be the most profitable illegal cryptocurrency mining operation to date.

Why sweat your own hardware to mine cryptocurrencies when you can hijack someone else's hardware to get the job done? That's what one crafty hacker did earlier this year to generate 500 million Dogecoin — one of many Bitcoin alternatives

One of the reasons it's become a popular currency for botnet mining operations is the relative ease with which the currency can be mined, compared to Bitcoin, which requires purpose-built ASICs for mining.

It's not the first time that nefarious mining operations have been set up: scammers behind Android malware that Google yanked from the Play store earlier this year used hijacked smartphones to mine "thousands" of Dogecoin. But the Android effort was nothing compared to NAS mining network, according to a security researcher at Dell's SecureWorks, who said this illegitimately acquired mining operation is the "single most profitable" to date, earning its operator an estimated $600,000 over two months earlier this year.

The key to the entire operation were four security vulnerabilities in the Linux-based OS running on a NAS box by Taiwanese manufacturer Synology. As SecureWorks' researcher Pat Litke notes, the flaws were made public in September 2013, but while Synology issued patches for them shortly after their disclosure, the bulk of the currency was mined between January and February this year.

Synology in February released a further patch addressing issues stemming from the vulnerabilities, shortly after one user complained on Facebook about finding "PWNED processes using up all CPU" on his device.

After digging into the malware samples found in the "PWNED" folder, Litke found a miner called CPUMiner that had been compiled for Synology devices. CPUminer is a legitimate miner but it's been co-opted numerous times by hackers in illegitimate distributed mining operations.

While the hacker's identity isn't known, the researcher was able to calculate the operation's earnings after acquiring the Dogecoin wallet and finding that they've run other mining operations previously.

"By exploring the Dogecoin block chain for this address (as well as one other), we were able to tally a total mined value of over 500 million Doge, or roughly $620,496 USD (the bulk of which was earned in January and February of this year)," wrote Litke.

"Tracking a threat actor is frequently a wild goose chase that leads down many rabbit holes. In this case, we started our investigation by looking at the username found in the configuration file 'foilo.root3'. Scouring Google brought back several interesting results, namely the threat actor's Github and BitBucket account. In browsing through some of the hacker's publicly available code, it becomes quite clear that 'Foilo' is not new to the world of exploitation and malware."

Read more on security

Topics: Storage, Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Wow.

    Such magic monnies.
    Don't caring.
    Many nonsense.
  • It would appear that the initial patches released by Synology in late 2013

    did not completely address the reported vulnerabilities:

    "... the flaws were made public in September 2013, but while Synology issued patches for them shortly after their disclosure, the bulk of the currency was mined between January and February this year.

    Synology in February released a further patch addressing issues stemming from the vulnerabilities, shortly after one user complained on Facebook about finding "PWNED processes using up all CPU" on his device."

    See? It's not just Microsoft that messes up patching.
    Rabid Howler Monkey
  • "Mining coins" - total nonsense

    I really wonder if people writing about this stuff ever pause to contemplate the stupidity of virtual currency.

    Even if you get past the argument about how a make-believe currency can have any value if it isn't tied to some kind of tangible economic engine, most if not all countries limit, or have the authority to limit, any "currency" that isn't sanctioned. Whether by tax rules or outright prohibition, any value that this stuff may ever have can disappear instantly.
    • "Mining coins" - "roughly $620,496 USD"

      Mining coins is no better (it's actually worse) than financial derivatives.
      Rabid Howler Monkey
      • I meant to state that financial derivatives are worse than bitcoin mining

        Although there have been highly-publicized cases of Bitcoin investors losing lots of money and Bitcoin holders having their Bitcoin stolen, these events pale relative to the damage that financial derivatives have done to the world economy. Not to mention the Bernie Madoff ponzi scheme.
        Rabid Howler Monkey
        • I understood your meaning

          Your comment is accurate. Any kind of financial instrument that has no tangible underpinning is essentially a shell game.
          • Uh...

            You are aware that ALL currencies rely on belief systems, I hope. As such, they are all underpinned by shell games.
            Dave S2
          • True to a point

            But a nation state with landmass, gold reserves, natural resources, and economic activity (goods being produced and exchanged for something) is that underpinning. Sure, we have a belief that the piece of paper in our hand will continue to hold value, but we can make the connection between factories making stuff and that paper having value. Conversely if we see factories shut down, then we begin to have concerns. In the case of virtual currency, there is no equivalent framework.

            I'll note that using this criteria, the US dollar is basically no better than a virtual currency.
          • money money money

            Bitcoins are still tied to that nation state and resources etc. Because they're used to buy things from stores, including tangible products.

            No different than an electronic debit card system imo and in comparison much more secure than the debit card system of 'pins.'

            All currencies today, or basically all of them, are tied to NOTHING they are just the same as bitcoin is...
      • Is it?

        As long as you're not paying for extra equipment or software, then you really haven't lost anything (except time and perhaps some dignity). One has to pay to buy derivatives.
        John L. Ries
    • Real vs fake

      Even real currency is 'make believe', there is nothing behind it either - just a belief that you will be able to use it. As for taxation, yeah, good luck with that you can't really tax what you can't even find - let alone calculate.

      Bitcoin is an example of what money will probably be like in a generation or so.
      • Taxing

        You might be able to get away with anonymity for "services", but not for physical goods. The minute you try and convert it to a turnip from a turnip farm, you'll be in trouble. Even more so if that turnip farm is a publicly traded company. They'll have to account for their sales to pay *their* taxes, and if hundreds of tons of turnips are disappearing into a bitcoin black hole, you can bet the taxing authority will be right on top of that.
      • Money of the future

        Money of the future will probably be like this:

        The serial number on the paper bill will be more like a software keycode (like a Windows 7 keycode or similar, but longer and more sophisticated). These keycodes will be stored in a central registry. Some keycodes will correspond immediately to printed money and not have any registered "owner" per-se, and others will exist as keycodes only so that can be moved around electronically (or more accurately have their ownership change electronically). If the holders of such codes decide to withdraw and get "paper cash", then either a paper bill will be printed on demand with that keycode, or the keycodes will get exchanged for ones that correspond to "paper ones".

        I am not debating the merit of a virtual extra-territorial currency. However, it is pure utopia. The propensity for government to create a bureaucracy means it is more likely they'll virtualize their *existing* currency to maintain control of things.