Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry

Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry

Campaign that flew under the radar used hacked
computers to mine
Monero currency.

  

On Friday, ransomware called WannaCry used leaked hacking tools

stolen from the National Security Agency to attack an estimated 200,000 computers in 150 countries. On Monday, researchers said the same weapons-grade attack kit was used in a much-earlier and possibly larger-scale hack that made infected computers part of a botnet that mined cryptocurrency. Like WannaCry, this earlier, previously unknown attack used an exploit codenamed EternalBlue and a backdoor called DoublePulsar, both of which were NSA-developed hacking tools leaked in mid-April by a group calling itself Shadow Brokers. But instead of installing ransomware, the campaign pushed cryptocurrency mining software known as Adylkuzz. WannaCry, which gets its name from a password hard-coded into the exploit, is also known as WCry.

Kafeine, a well-known researcher at security firm Proofpoint, said the attack started no later than May 2 and may have begun as early as April 24. He said the campaign was surprisingly effective at compromising Internet-connected computers that have yet to install updates Microsoft released in early March to patch the critical vulnerabilities in the Windows implementation of the Server Message Block protocol. In a blog post published Monday afternoon, Kafeine wrote:

In the course of researching the WannaCry campaign, we exposed a lab machine vulnerable to the EternalBlue attack. While we expected to see WannaCry, the lab machine was actually infected with an unexpected and less noisy guest: the cryptocurrency miner Adylkuzz. We repeated the operation several times with the same result: within 20 minutes of exposing a vulnerable machine to the open web, it was enrolled in an Adylkuzz mining botnet.

Upon successful exploitation via EternalBlue, machines are infected with DoublePulsar. The DoublePulsar backdoor then downloads and runs Adylkuzz from another host. Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download[s] the mining instructions, cryptominer, and cleanup tools.It appears that at any given time there are multiple Adylkuzz command and control (C&C) servers hosting the cryptominer binaries and mining instructions.

Symptoms of the attack include a loss of access to networked resources and system sluggishness. Kafeine said that some people who thought their systems were infected in the WannaCry outbreak were in fact hit by the Adylkuzz attack. The researcher went on to say this overlooked attack may have limited the spread of WannaCry by shutting down SMB networking to prevent the compromised machines from falling into the hands of competing botnets. Proofpoint researchers have identified more than 20 hosts set up to scan the Internet and infect vulnerable machines they find. The researchers are aware of more than a dozen active Adylkuzz control servers. The botnet then mined Monero, a cryptocurrency that bills itself as being fully anonymous, as opposed to Bitcoin, in which all transactions are traceable.

Monday's report came the same day that a security researcher who works for Google found digital fingerprints tying a version of WCry from February to Lazarus Group, a hacking operation with links to North Korea. In a report published last month, Kaspersky Lab researchers said Bluenoroff, a Lazarus Group offshoot responsible for financial profit, installed cryptocurrency-mining software on computers it hacked to generate Monero coins. "The software so intensely consumed system resources that the system became unresponsive and froze," Kaspersky Lab researchers wrote.

Assembling a botnet the size of the one that managed WannaCry and keeping it under wraps for two to three weeks is a major coup. Monday's revelation raises the possibility that other botnets have been built on the shoulders of the NSA but have yet to be identified.

Promoted Comments

  • Everyone infected with Adylkuzz can regard himself as highly fortunate.
    Because Adylkuzz closed the infection route to prevent reinfection as a side effect it also closed the infection route against WCry. And compared to a deadly WCry infection the Adylkuzz infection is just a mere cold.
    Without the prior Adylkuzz bot, the impact of WCry would have been even worse.
    119 posts | registered 10/28/2008
  • We got a 64 core Linux server (with Xeon Phi processor) hacked on April 15 to mine Monero coins. The hack went through a cups (< 2.03) bug, unpatched in the latest patched CentOS 7.3 distro, allowing to install without any remote login a vmware image. Then a user "support" was created, using the monero binary over the 64 cores (they missed to use 256 possible threads actually) over the Easter week end, and communicating with chinese ip addresses. Every 5 min the crontab file was ensuring the hack would restart in case of interruption.

    The server has been reinstalled with a more recent Linux distro and no printer service.Using a botnet to mine cryptocurrency is also especially ill-conceived in the first place since the average CPU/GPU configuration is not particularly powerful… In fact, the majority of computers are likely to use iGPUs, so even across so many computers, the mining output of such a botnet is actually not that productive compared to dedicated GPU mining operations.

    Monero is known for being much more friendly to CPU miners due to the use of a different Proof-of-work algorithm that is AES heavy and uses a 2MB scratch. This makes it optimal for mid-high end desktop PCs that have multiple cores with large cache sizes. To date, there are no known ASICs for monero, and most GPUs only get about 10x over decent CPUs. Scale that to a large botnet, and you could collect double-digit chunks of the hash rate.

    Chuck Reynolds
    Contributor
    Please click either Link to Learn more about –
    TCC-Bitcoin.

Alan Zibluk Markethive Founding Member

Even the world’s largest bitcoin exchange couldn’t handle this week’s cryptocurrency boom

Even the world’s largest bitcoin exchange couldn’t handle this week’s cryptocurrency boom  

For those operating a bitcoin exchange

— where people can buy Cryptocoins — you’d imagine that the current surge in value for bitcoin and others like Ethereum’s ether coin is a dream come true. The answer is yes and no. Coinbase, the world’s most funded Bitcoin exchange, was dragged offline by the massive increase in interest in the space. Users have reported issues with various aspects of the service this week, and things reached a head on Thursday when the Coinbase website and mobile apps were unavailable to users for hours due to “unprecedented” levels of trading and traffic, the company said.

Bitcoin crossed the $2,000 mark for the first time this past weekend, and the charge continued this week until yesterday when, after reaching a new high of $2,805 on the Coinbase exchange, the valuation fell to $2,307. The currency has since stabilized, but its current value of $2,475.23 represents a $116.41 drop over the last 24 hours.

“The market cap of digital currencies has increased ~50 percent to $91 billion in the past week. As a result, Coinbase has seen a dramatic increase in traffic and trading volume,” the company told TechCrunch in a statement. “The Coinbase engineering and support teams have been working round the clock to keep up with this unprecedented volume. However, Coinbase.com has suffered a few outages, including degraded performance and deposit/withdrawal delays for some users. We are actively working on resolving these issues and restoring our site to normal performance,” it added.

Things seem more stable today, with the Coinbase website and app functioning as usual. Having said that, at the time of writing, there are some minor issues with certain debit and credit cards, according to the company’s own status report. According to Crunchbase, Coinbase has raised more than $117 million from investors that include Bank Of Tokyo – Mitsubishi UFJ, the New York Stock Exchange, Union Square Ventures, Draper Fisher Jurvetson and Andreessen Horowitz. Its $75 million Series C in 2015 was a record funding round for any bitcoin-focused startup.

Chuck Reynolds
Contributor
Please click either Link to Learn more about –
TCC-Bitcoin.

Alan Zibluk Markethive Founding Member

Why Bitcoin Just Dropped 30%

Why Bitcoin Just Dropped 30%

  

Since hitting a record high of over $2700

on Thursday, the digital currency Bitcoin has gone into a sharp correction, losing nearly 30% of its value in just two days, according to numbers from CoinMarketCap. A broad range of cryptocurrencies, including Ethereum, Ripple, Litecoin, Dash, and Monero also declined, in most cases dropping even more steeply. Some analysts have described this as profit-taking, which would suggest the declines will level off. But technical analysts speaking to CNBC say the losses could go as deep as 46.5%, pushing Bitcoin down to $1,470.

A look at history suggests even that might not be the floor. The cryptocurrency rally of the last six months is strongly reminiscent of a Bitcoin bump that unfolded from October to December of 2013 when the price skyrocketed from under $130 to over $1100. That was followed not just by a correction, but by a long, slow decline that had prices pared back to just over $200 within a year, followed by two years of steady, but slow, growth.

It’s unlikely that the same precise pattern will repeat itself, mostly because the ecosystem of startups and services surrounding cryptocurrency is vastly more robust now than it was four years ago. But a vital lesson still holds: cryptocurrency prices are volatile because very few speculators actually understand the technology or its potential, leaving it vulnerable to reactive, emotion-driven swings.

For proof, just look at how closely various cryptocurrency tokens' prices are tracking each other, regardless of their often very different realities on the ground. Bitcoin is the first and most basic form of cryptocurrency, with a lot of adoption and stability, but relatively few features. Ethereum is a robust ‘smart’ system that is already being widely adopted for building complex data-sharing applications. And Ripple is a mostly privately-held solution focused on interbank transfers. Yet the three tokens' charts for the last few months are remarkably similar. That suggests very little close analysis by those buying into cryptocurrency (and likely a lot of purely algorithmic trading).

The fundamental reason for these massive price swings is that the promise of blockchain tech is simultaneously so profound and yet so far from fruition. Even if one accepts the idea that blockchains will someday underly everything from health records to insurance, the road to overhauling those systems will be long and winding. We’ll see many more rallies and retreats along the way.

Chuck Reynolds
Contributor
Please click either Link to Learn more about –
TCC-Bitcoin.

 

Alan Zibluk Markethive Founding Member

Peach Airline to Accept Bitcoin After Japan Recognizes Cryptocurrency

Peach Airline to Accept Bitcoin After Japan Recognizes Cryptocurrency

  

Peach Aviation will be the first Japanese airline to accept bitcoins

as payment for plane tickets, according to a statement made by the budget carrier’s CEO Shinichi Inoue on May 22. Peach also plans to install bitcoin ATMs in Japanese airports as part of its bid to attract more tourism from Asia. Peach operates domestic flights as well as flights to China, Korea, and Thailand, and passengers should be able to purchase tickets with Bitcoin by the end of the year, Inoue said. Although Peach is not the first carrier to embrace the cryptocurrency, the decision is still significant.

Three years ago, airBaltic became the very first airline to accept bitcoin payments. In 2015, the Universal Air Travel Plan (UATP), a payment network owned by a consortium of major international airlines, partnered with Bitnet to accept cryptocurrency payments for its more than 260 member airlines. UATP’s membership represents approximately 95 percent of global airline capacity, and the industry group had earlier added support for other alternative payment options like PayPal and Alipay.

Although paying for airline tickets with bitcoin on most major airlines is technically possible, it’s still up to individual airlines to decide if they will support the practice. As of yet, only a handful have elected to do so, despite the anti-fraud benefits of bitcoin transactions. Third-party online travel booking sites like CheapAir and Expedia accept bitcoin payments, but precious few airlines feature a simple “Pay With Bitcoin” button that UATP’s integration supports.

Peach’s announcement comes hot on the heels of a landmark regulatory decision: Japan’s official recognition of bitcoin as a legal payment method, thanks to an act of parliament that took effect on April 1. The law came as the result of more than a year of debate in Japan about how to handle the cryptocurrency. The Japanese parliament first called for the regulation of bitcoin and bitcoin exchanges by the country’s Financial Services Agency, the country’s financial regulatory watchdog, in May of last year.

The new law also brings Japan’s bitcoin exchanges, which handle nearly half of global trading volume, under the same know-your-customer and anti-money laundering rules that apply to banks and other financial institutions. Bitcoin exchanges in Japan must now meet minimum capital requirements, follow operational and cyber security best practices and submit to annual audits by the Financial Services Agency. More than twenty exchanges have applied for FSA licenses since the new law took effect.

Even before the Japanese government officially recognized bitcoin, merchants were already rushing to accept payment with the cryptocurrency. Merchant adoption of bitcoin quadrupled last year, from about 900 merchants at the start of 2016 to more than 4600 today, according to a survey by NHK. The rush of acceptance of the new payment method comes as consumer spending in Japan has stagnated in recent years. Earlier ideas to boost consumer spending included “helicopter money” or simply mailing checks to Japanese citizens, but now both merchants and the government are hoping that a new payment method will encourage consumers to get out and spend.

Chuck Reynolds
Contributor
Please click either Link to Learn more about –
TCC-Bitcoin.

Alan Zibluk Markethive Founding Member

Top Cryptocurrencies in Korea

Top Cryptocurrencies in Korea

Korea is quickly becoming a very important trading market for popular cryptocurrencies.

Several exchanges in the region are generating a fair amount of volume over the past few weeks. It looks like certain currencies are more popular compared to others, which is not entirely surprising. Below are the rankings for cryptocurrency trading pairs based on their KRW volume.

Dash

                                                   

Although very few cryptocurrencies are actively traded against the Korean Won right now, Dash is one of them. Unfortunately, it does not appear like this market is all that successful. Bithumb is the only major exchange listing DASH/KRW trading, and it seems there is less than US$1m in volume over the past 24 hours. It is good to see this currency make inroads in Korea, though.

 Litecoin

                                                  

The silver to Bitcoin’s gold is not making too much headway in Korea either right now. That is not surprising, considering very few markets seem to lean toward LTC as of right now. It is unclear why Litecoin has so little trading volume – and associated price gains – these past few weeks, though. Korea will not shake up things according to the current volume, but things may change for the better in the future. The past 24 hours saw just under US$4.5m worth of Korean Won in trading volume.

XRP

                                             

It is anything but surprising to learn Korean traders favor XRP over Litecoin and Dash. The recent wave of XRP news has attracted a lot of attention. Moreover, a few banks in the country are using the Ripple Consensus ledger for blockchain experiments as of right now. XRP is quite popular in Japan as well, and it looks as if Korean cryptocurrency traders follow those trends quite closely. XRP Generated around US$15.7m in trading volume over the past 24 hours. 

Bitcoin

                                                 

The world’s leading cryptocurrency is not leading any trading volume charts across major Korean exchanges as of right now. While the trading volume is quite substantial, it doesn’t even come close to the market leaders. Bitcoin can be traded on all major exchanges, though, yet it seems people are more interested in picking up alternative currencies right now. A very interesting situation to keep an eye on for sure. The Bitcoin trading volume sits at around US$100m over the past 24 hours.

Ethereum

                                                  

It has to be said, Korean cryptocurrency traders have high hopes for Ethereum as of right now. Demand for Ether is absolutely exploding across all major exchanges, although it is not enough to make Ethereum the most-traded currency. The past 24 hours saw nearly US$200m worth of trading volume in Korean Won. That is absolutely amazing, but there is one currency which is even more successful.

Ethereum Classic

                                                

It is quite intriguing to see Ethereum Classic top Ethereum based on KRW trading volume. This is rather surprising to some people, although Ethereum Classic is solidifying its position in the market. It is also the original Ethereum blockchain without the DAO bailout fork, which means a lot to die-hard community members. All major exchanges list Ethereum Classic trading pairs, resulting in over US$220m worth of 24-hour trading volume. The race between ETC and ETH is in full effect in Korea, that much is evident.

Chuck Reynolds
Contributor
Please click either Link to Learn more about –
TCC-Bitcoin.

Alan Zibluk Markethive Founding Member

The Cryptocurrency Market Is Growing Exponentially

The Cryptocurrency Market Is Growing Exponentially

The Cryptocurrency Market Is Growing Exponentially

Bitcoin dominates over other digital currencies today, but the data suggests its market share will drop significantly in the next few years.
When it comes to the future of money, there is a growing consensus that cryptocurrencies are set to play a major role. One cryptocurrency, in particular, has entered the public lexicon as the go-to digital asset: Bitcoin.

But the cryptocurrency market is significantly more complex than the public lexicon might suggest. And while there have been plenty of studies examining the role and future of Bitcoin, there have been few that explore the broader cryptocurrency market and how it is evolving.

Today that changes thanks to the work of Abeer ElBahrawy at City University in London and a few pals who have examined the cryptocurrency market as a whole and say that it is significantly more complex and mature than many had thought. The evolution of this market even bears a remarkable similarity to the evolution of ecosystems in many other areas, providing some insight into the way the cryptocurrency market might change in the future.

First some background. The big challenge with digital currency is to prevent unauthorized copying. Cryptocurrencies use two mechanisms to prevent this. The first is to publish every transaction in a public record and to store numerous copies of this ledger online in a way that allows them all to be automatically compared and updated. This prevents double spending—using the same bitcoin to buy two different things.

The second mechanism is to protect the ledger cryptographically. Every update collects together a range of new transactions and adds them to the existing ledger. But to do this, the earlier version of the ledger is first frozen and encrypted.

The new version of the ledger—called a block—includes the encrypted copy of the earlier ledger. Anybody can use this encrypted data to generate a number that can be used to check the veracity of the block. However, it is extremely hard to generate this number computationally in an attempt to game the system. It is this feature—that the blocks are easy to check but extremely hard to copy—that secures the system.

Of course, as the ledger continues to be updated, new blocks must be created, piggybacking on the old ones and creating an unbroken chain of blocks. Hence, the term blockchain technology.

Bitcoin is by far the most famous of these cryptocurrencies. It is also among the oldest, having first emerged in 2009. But it is by no means the only cryptocurrency. So an interesting question is how the cryptocurrency market is evolving.

To find out, ElBahrawy and co analyzed the behavior of 1,500 cryptocurrencies that have emerged since 2013 and say that some 600 of them are actively traded today. They say this market has recently entered a period of exponential growth and is currently worth $54 billion. (By comparison, the total amount of money in the world is about $60 trillion.) 

But while this cryptocurrency market is growing rapidly, ElBahrawy and co show that certain aspects of it are stable. For example, the number of active cryptocurrencies has remained about the same since 2013 as has the market share distribution, which follows a well-known power law.

The team also shows how this distribution can be reproduced using a standard model of evolution in which they plug in figures for the rate at which currencies emerge and die away.

This power law distribution occurs in a wide range of systems. For example, the same law describes the size of religions, of languages and even of wars (by number of deaths). In none of these systems is there are any favored religion or language or war. But all things being equal, they all form this type of distribution.

The fact that size distribution of cryptocurrencies follows the same law is significant. It implies that as far as the market is concerned, all currencies are essentially the same. “The fit with the data shows that there is no detectable population-level consensus on what is the ‘best’ currency or that different currencies are advantageous for different uses,” say ElBahrawy and co.

Whether that is true is up for debate. Various critics have pointed out a number of technical limitations associated with Bitcoin, and this has inspired a new generation of cryptocurrencies, such as Ethereum. Whether this will influence the market remains to be seen.

While this exponential growth is ongoing, Bitcoin’s market share is falling. The top five biggest currencies—Ethereum, Ripple, Litecoin, Dash, and Monero—now account for 20 percent of the market. And the trend for Bitcoin is clear. “This would predict Bitcoin market share to fluctuate around 50 percent by 2025,” say the team.

Another factor in the market is that cryptocurrencies aren’t used only as currency. Bitcoin is also widely used for speculation and can also be used for nonmonetary uses such as timestamping.

For many of these applications there is a clear benefit to having a single currency that everyone agrees on. “While the use of cryptocurrencies as speculative assets should promote diversification, their adoption as payment method (i.e., the conventional use of a shared medium of payment) should incentivize a winner-take-all regime,” say Bickell and co.

But experience with other ecosystems suggest that this is by no means certain to happen. For example, a single computer operating system has never been able to outcompete all others, regardless of the ruthlessness of its deployment. Neither has any human language or religion or fashion wiped out all others.  

That’s not to say it can’t happen. But unless there is significant external manipulation of this market, the likelihood is that there will be significant diversity in the cryptocurrency market for the foreseeable future.

David Ogden
Entrepreneur

Alan Zibluk Markethive Founding Member