Synology NAS Remotely Hacked To Mine $620K In DogeCoin

by
Anonymous Coward
in security on (#3PA)
story imageFrom ThreatPost via Soylent-not-a-food-trademark-infringing-site, a single criminal hacker planted trojans on Synology NAS units around the world and managed to use the little boxes to mine $620,000 worth of "DogeCoin", the cuter version of the BitCoin "virtual currency".

This, much more than the SuperMicro vulnerability, tells me I'm living in strange new times indeed. A home network-storage appliance used over the Internet to create wealth out of nothing but electricity running some decryption code. These are concepts that just didn't even exist a short time ago.

Had the hacker been just a little more conservative in resource utilization, the scheme may have gone undiscovered for much longer. The jig was up only after Synology users complained about performance to tech support! (Clearly, no one, anywhere, ever checks their router and firewall logs for unusual destinations).

I find this interesting as I had just been reading Ars Technica's new writeup of DIY NAS solutions as alternatives to the expensive fixed purpose NAS devices (some interesting alternatives mentioned in the comments there).

Re: Great article (Score: 1)

by zafiro17@pipedot.org on 2014-06-23 11:51 (#283)

He's definitely right that the interface isn't as clear or user friendly as it could be, but I'm also new to ZFS, RAIDZ, and the like, so I'm learning too. I wouldn't feel comfortable recommending this to a non-tech person. But I'd rather have a not-fully-baked GUI on top of a powerful BSD system with ZFS, snapshots, rsync backups, and the like, over a great GUI for a NAS that doesn't have as much functionality. The FreeNAS plug-in architecture (it's run by ixsystems, the guys who do PC-BSD, which has the same architecture) is really pretty awesome. In two or three clicks you can install a jail and a sickbeard, plex, or bittorrent plug in and have it up and running. I've also got volumes exported under NFS and Appleshare and more. You get FTP access, full Root access, and more. I think it's the way to go. Just for now, you've got to do some reading and learning - the interface is definitely headed in the right direction but not quite there yet.
Post Comment
Subject
Comment
Captcha
31, 28 and 17: the 3rd number is?