Story 2014-06-20 3PA Synology NAS Remotely Hacked To Mine $620K In DogeCoin

Synology NAS Remotely Hacked To Mine $620K In DogeCoin

by
Anonymous Coward
in security on (#3PA)
story imageFrom ThreatPost via Soylent-not-a-food-trademark-infringing-site, a single criminal hacker planted trojans on Synology NAS units around the world and managed to use the little boxes to mine $620,000 worth of "DogeCoin", the cuter version of the BitCoin "virtual currency".

This, much more than the SuperMicro vulnerability, tells me I'm living in strange new times indeed. A home network-storage appliance used over the Internet to create wealth out of nothing but electricity running some decryption code. These are concepts that just didn't even exist a short time ago.

Had the hacker been just a little more conservative in resource utilization, the scheme may have gone undiscovered for much longer. The jig was up only after Synology users complained about performance to tech support! (Clearly, no one, anywhere, ever checks their router and firewall logs for unusual destinations).

I find this interesting as I had just been reading Ars Technica's new writeup of DIY NAS solutions as alternatives to the expensive fixed purpose NAS devices (some interesting alternatives mentioned in the comments there).
Reply 13 comments

makes ya think.... (Score: 1)

by pete@pipedot.org on 2014-06-20 22:43 (#27C)

[...] tells me I'm living in strange new times indeed. A home network-storage appliance used over the Internet to create wealth out of nothing but electricity running some decryption code. These are concepts that just didn't even exist a short time ago.
this comment makes me think of the discussion earlier on AI, foreboding that AI will be able to create weapons we've never thought of or understand - although this was an individual hacker, its not a far reach that someday, AI could figure out that it could make money via these methods; or worse crowd-source it's own intellegence behind developers/scientists backs (exponential growth)...

going to be an interesting future when you need to code defensively against humans and machines (who, btw speak the native language....oh shit...)

Nice level (Score: 2, Interesting)

by bryan@pipedot.org on 2014-06-20 23:02 (#27D)

So, if you "borow" other people's computers for cryptocoin mining, make sure to set the processes to run at a lower priority as to not affect the system's legitimate users.

Now if you could only hide their electric bill and somehow silence the squealing little fans that come on most of those little NAS boxes...

GoFlex (Score: 0)

by Anonymous Coward on 2014-06-21 05:13 (#27J)

This would explain why the Seagate GoFlex is so crap..

But Why Not Just Windows? (Score: 0)

by Anonymous Coward on 2014-06-21 12:19 (#27K)

Couldn't he have made far more using malware on traditional Windows PCs? Easy to infect, goes undetected for long periods, stupider users, etc.? NASes seem a pretty obscure and limited target.

I see a lot of Windows infections but haven'tnoticed any that do mining. Most still seem to be spam botnets and password stealers.

Re: But Why Not Just Windows? (Score: 3, Informative)

by pete@pipedot.org on 2014-06-21 14:19 (#27M)

my guess is that its a better target than windows due to lack of scrutiny - windows gets much attention on the virus/malware front, and thus the likelyhood of it being found sooner (plus heuristics - it only has to look like its mining or being sketchy to get flagged, even if it hasnt been seen or previously identified in the wild.) Perfect example being that nobody noticed anything except slow device speed - this could have gone undetected for years if the hacker were more careful. security through obscurity, right?

theres also a chance they bet that the synology team were not capable of noticing, diagnosing or fixing the malware. many devices these days get rare-to-nil firmware updates, even fewer people ensure they are actually applied, and its a beautiful hole to your internal network for other uses.

Re: But Why Not Just Windows? (Score: 3, Insightful)

by genx@pipedot.org on 2014-06-21 22:16 (#27P)

Also, NASes are more likely to run 24/24 than normal Windows PCs that the user will often switch off periodically (or will crash periodically :->).

Re: But Why Not Just Windows? (Score: 0)

by Anonymous Coward on 2014-06-21 15:33 (#27N)

Easy to hack
They open several common ports
and some do not update

Free ride!


How can the average user tell what their nas exposes on the net?

Great article (Score: 1)

by zafiro17@pipedot.org on 2014-06-22 12:21 (#27S)

Thanks for linking to that Ars article comparing the two NAS systems. I hadn't seen it and it's a good article. I just bought and set up a FreeNAS on ixSystems hardware. It was expensive but I don't regret it - the machine has tons of RAM and high bandwidth network cards and it runs at less than 35W, which is good enough for me. I'm still figuring out all the goodness of ZFS and the different plugins but despite my learning curve, it's at its heart a solid FreeBSD system I have full, root access to, and no worries that some crazy script is mining bitcoin on my hardware.

Re: Great article (Score: 0)

by Anonymous Coward on 2014-06-23 02:56 (#27Z)

That review had quite an axe to grind against the new FreeNAS interface, among other things. Have you found it annoying or troublesome?

Their descriptions of difficulties in doing relatively simple things (AD/LDAP) had me thinking that the OpenMediaVault, mentioned in the commments, might be a better way to go. Only tradeoff might be going from ZFS to BTRFS.

Re: Great article (Score: 1)

by zafiro17@pipedot.org on 2014-06-23 11:51 (#283)

He's definitely right that the interface isn't as clear or user friendly as it could be, but I'm also new to ZFS, RAIDZ, and the like, so I'm learning too. I wouldn't feel comfortable recommending this to a non-tech person. But I'd rather have a not-fully-baked GUI on top of a powerful BSD system with ZFS, snapshots, rsync backups, and the like, over a great GUI for a NAS that doesn't have as much functionality. The FreeNAS plug-in architecture (it's run by ixsystems, the guys who do PC-BSD, which has the same architecture) is really pretty awesome. In two or three clicks you can install a jail and a sickbeard, plex, or bittorrent plug in and have it up and running. I've also got volumes exported under NFS and Appleshare and more. You get FTP access, full Root access, and more. I think it's the way to go. Just for now, you've got to do some reading and learning - the interface is definitely headed in the right direction but not quite there yet.

These are concepts that *DID* exist decades ago (Score: 1)

by fatphil@pipedot.org on 2014-06-23 18:20 (#28C)

Micropayment systems, things like hashcash, and some anti-spam proposals, always depended on these kinds of computations being done. They weren't new 20+ years ago when I first heard of them, so they definitely aren't new now.

And the concept of subversively getting large numbers of unknowing volunteers to contribute to the efforts is even older - it was originally called the "chinese television" (the idea being that there are hundreds of millions of them, so great for embarassingly parallel tasks).

So git orf moi larn!

Re: These are concepts that *DID* exist decades ago (Score: -1, Flamebait)

by Anonymous Coward on 2014-06-23 19:06 (#28D)

Your dimwitted and nearsighted interpretation of "a short time ago" is disturbing and sad. Yet again you contribute nothing of interest or substance to a Pipedot thread. :(

Re: These are concepts that *DID* exist decades ago (Score: 1)

by fatphil@pipedot.org on 2014-06-23 23:30 (#28M)

Joy, I have an anonymous stalker who contributes less than zero to every thread I post to.