GuardiCore, a cloud-based security provider, has uncovered a large-scale attack on vulnerable servers. Codenamed Operation Prowli, the attack leverages various exploits to redirect web traffic, and to install cryptocurrency mining software on its targets.

Operation Prowli

Operation Prowli attacks targets with various exploits tailored to specific vulnerabilities. From SSH brute forcing to Mirai-like attacks on consumer modems. Post-infection actions taken include installing cryptocurrency miners and redirecting web traffic. Both post-infection actions performed by Operation Prowli are intended to provide a revenue stream back to those running the attack. At the time of writing, it was reported that over 40,000 computers have fallen victim.

A more in-depth look at the methodology and attacks used by Operation Prowli can be seen in GaurdiCore’s release.

Cryptojacking

Cryptojacking, or stealing computing power from others, allows those behind Operation Prowli to leverage many compromised computers to mine cryptocurrency. As in the last few reports on cryptojacking, the currency of choice for the attackers is Monero, undoubtedly chosen for its commitment to being minable on consumer CPUs and untraceable nature.

Traffic redirection

Once Operation Prowli has managed to gain access to a server, it will attempt to redirect web traffic towards malicious sites. An example used in GaurdiCore’s release is tech support scams.

Prevention and staying secure

For consumers, the best way to stay secure is to verify that the site you have visited is the one you intended. And otherwise to only follow links you trust.

Providers that are not already infected, ensuring your servers are secure can be done in various ways. With the simplest being to use strong passwords, and to only expose to the internet what you absolutely have to. For this reason, firewalls to close ports that do not need to be accessed externally are a must. Otherwise, ensuring that the software you use is up to date, and does not have any longstanding security issues will go a long way.

Otherwise, for providers that are already infected, changing all passwords and doing a security audit is a good first step. After which, stop all currently running malicious processes and remove their binaries (hashes provided below). Or in the case of the traffic redirection attack, check all relevant files for malicious lines.

Filename Hash (sourced from GaurdiCore’s release)
r2r2 128582a05985d80af0c0370df565aec52627ab70dad3672702ffe9bd872f65d8
r2r2-a 09fa626ac488bca48d94c9774d6ae37d9d1d52256c807b6341f0a08bdd722abf
r2r2-m 908a91a707a3a47f9d4514ecdb9e43de861ffa79c40202f0f72b4866fb6c23a6
r345 51f9b87efd00d3c12e4d73524e9626bfeed0f4948781a6f38a7301b102b8dbbd
r345-a cfb8f536c7019d4d04fb90b7dce8d7eefaa6a862a85c523d869912a1fbaf946a
r345-m 88d03f514b2c36e06fd3b7ed6e53c7525a8e8370c4df036b3b96a6da82c8b45b
xm111 b070d06a3615f3db67ad3beab43d6d21f3c88026aa2b4726a93df47145cd30ec
cl1 7e6cadbfad7147d78fae0716cadb9dcb1de7c4a392d8d72551c5301abe11f2b2
z.exe a0a52dc6cf98ad9c9cb244d810a22aa9f36710f21286b5b9a9162c850212b160
pro-wget a09248f3a4d7e58368a1847f235f0ceb52508f29067ad27a36a590dc13df4b42
pro-s2 3e5b3a11276e39821e166b5dbf6414003c1e2ecae3bdca61ab673f23db74734b

 

coin renders

Use our news to inform cryptocurrency trading decisions, stay up-to-date on happenings in the industry, and more!

DNotes Global Announces Its DNotes Digital Currency Is Now Listed For Trading On stocks.exchange
The recently upgraded version of DNotes will join major cryptocurrencies like Bitcoin, Ether, and Litecoin, as well as a host of altcoins that are actively traded on the exchange. “With DNotes 2.0, we’ve accelerated our push to achieve real adoption of digital currency on a global scale” says DNotes co-founder Alan Yong. “As part of that effort, DNotes has added a new blockchain transaction invoice system that attaches an invoice number to any DNotes transaction – something that was specifically designed to simplify digital currency adoption for merchants who might otherwise be forced to use third-party solutions to manage crypto transactions. We’ve also improved our CRISP savings program and will be adding other new features in the near future.”

Denmark Joins EU Blockchain Partnership
Denmark plans to implement blockchain in shipping. Brian Mikkelsen, the Danish Minister for Industry, Business and Financial Affairs, said Denmark will be “the first country in the world [to] use blockchain technology to register ships in the Danish ship registers.”

Slovenia Opens First Bitcoin City
Coingeek is featuring a story on the first ‘Bitcoin City. It’s located just outside of the Slovenian capital in Ljubljana. “The huge former shopping destination stretches over a massive 475,000 square metres and has over 500 retail stores. The complex dubbed ‘BTC City’ also received a boost of late when the country’s outgoing Prime Minister, Miro Cerar visited the site. He added a certain common touch to proceedings by buying a cup of coffee using a cryptocurrency payment gateway.”

GMO Unveils Japan’s First-Ever Bitcoin Mining Rig
CCN reports Tokyo-based tech services company GMO Internet has this week unveiled the first bitcoin mining rig wholly-developed by a Japanese company.

Image courtesy of Carty Sewill, http://cartyisme.com/

Reddit and GitHub user iminehard noticed their cellphone experienced interference while near their impressive GPU mining farm. Following this, iminehard investigated the issue and found that there was a definite increase in noise around a specific LTE range. iminehard’s testing methodology and results are covered in more detail below.

“TL;DR – Large number of GPUs in open air crypto currency mining “rigs” emit substantial spurious emissions/noise on portions of the LTE spectrum used in the United States.”-GitHub and Reddit user iminehard

Testing for interference

iminehard documented their testing methodology along with their results. Testing made use of a Laptop, an RTL-SDL tuner, and an omnidirectional antenna for said tuner. SDL, or Software Defined Radio, allows you to use a computer to capture and produce RF signals, using its CPU to process the signals. This is different from regular radio, which uses specialized hardware to process the signal. Iminehard used this to capture the frequencies on which LTE operates.

Chart comparing parts of the RF spectrum between tests
Mining in blue, idle in green

The first pair of tests iminehard performed was a single GPU inside a case, first at idle, but overclocked and with fans on, and the second with the mining software bminer running. No perceptible difference can be seen on the charts comparing the LTE spectrum between the two tests. The lack of difference between the charts could mean a few things. Namely, it could mean that the case used blocked or grounded out the interference. Otherwise, it could mean that the interference generated by a single GPU is undetectably negligible.

Moving forward, iminehard tested their mining farm, with interesting results:

 

iminehard's GPU mining farm
iminehard’s GPU mining farm

iminehard used the same testing method that was used above on their farm. And unlike the previous test, there was a significant change in what iminehard called “range 1” of the LTE spectrum used by the United States (617-746 MHz).

Chart of RF spectrum showing the difference between tests
Mining in blue, idle in green. Sourced from iminehard’s investigation on GitHub

Results of interference

As shown above, there is some definite interference caused by large-scale GPU farms. This interference may cause service disruptions for those trying to use cell phones within the field. Due to the fact that this may cause service interruption, the farms may break federal laws regarding intentional interference. Or may cause the FCC to come knocking on your door asking you to knock it off.

Shielding to prevent interference

The above tests were performed on ‘open’ GPUs. ‘Open’ referring to the fact that the GPUs were not mounted in a metal case. A metal case may provide some shielding for the interference that the GPUs release, either due to grounding or construction. Aside from being sure to mount all GPUs in a real case, one could build a Faraday cage around the entire farm. A correctly built faraday cage should contain all the interference within the cage. One major downside to using a Faraday cage is that Faraday cages are conductive. If it collapses, it could damage equipment.

coin renders

Use our news to inform cryptocurrency trading decisions, stay up-to-date on happenings in the industry, and more!

Bitcoin Price Could Be In For A Boost As World Cup Fans Descend On Russia
Hotels in the Russia city of Kaliningrad — which will be playing host to some of the World Cup’s games — are accepting Bitcoin as payment. Forbes reports some airlines and travel agents, as well as bars will also be taking the cryptocurrency.

Bittrex Strikes Agreement With Bank To Offer USD Deposits and Trading Pairs
BlockExplorer’s own Tony Spilotro reports “The Seattle-based cryptocurrency exchange Bittrex has revealed that the firm has struck an agreement with a United States bank to allow some of its customers to trade cryptocurrencies in USD, along with making USD deposits to the exchange’s wallets.”

The Humanitarian Side of Bitcoin
International Policy Digest has a thoughtful piece on how Bitcoin can help a socioeconomic crisis such as the one in Venezuela, a country actually going out of their way to ban Bitcoin. “Bitcoin, Blockchain and the whole host of other cryptocurrencies and related media have a real shot at not simply being the ‘next big thing’ as their acolytes incessantly seem to preach. They actually can help change lives for the better through circumventing oppressive state bureaucracies and structures in inspired acts of cryptocurrency-based agorism.”

Litecoin Founder Charlie Lee: LTC Network Extremely Secure, Mining Healthy
CryptoSlate says “Litecoin founder Charlie Lee has taken to Twitter to address community concerns regarding the Litecoin network sparked by a cryptocurrency security site that tracks the cost of launching a 51% attack against proof of work cryptocurrencies.”

Image courtesy of Carty Sewill, http://cartyisme.com/

coin renders

Use our news to inform cryptocurrency trading decisions, stay up-to-date on happenings in the industry, and more!

Hospital Launches Cryptocurrency Addiction Rehab Clinic
A Scottish hospital has launched a crypto rehab unit and by all accounts, the calls are flooding in. “Cryptocurrency users can get hooked by the volatile fluctuation of prices online which creates a ‘high’ when they buy or trade a winning currency,” said Castle Craig Hospital in a press release. “This can be exciting but also addictive and, like gambling addiction, can be financially disastrous.” MarketWatch features a 10 question survey for you to determine if you’re a pathological cryptocurrency addict.

Venezuela Bans Crypto Mining Rigs From Entering the Country
Despite the Venezuelan government embracing cryptocurrency with open arms, reports BlockExplorer’s Tony Spilotro, the country has taken a stand against cryptocurrency mining, going as far as to ban related computer equipment from entering the country.

Trading App Startup Taylor Says All Funds Have Been Stolen In Cyberattack
Taylor, a smart cryptocurrency trading assistant, was robbed of all of their funds, ZDNet reports.
The attack is said to have taken place on Tuesday of last week. In a Medium blog post, the Taylor team said “all of our funds have been stolen. Not only the balance in ETH (2,578.98 ETH) but also the TAY tokens from the Team and Bounty pools.”

Blockchain NW, Seattle’s First Crypto Conference, Begins Next Week
Seattle’s first blockchain conference begins Tuesday, June 5. The event will feature 50+ speakers who specialize in blockchain business and technology. Special to this event is a Blockchain career fair set up to match Pacific Northwest employers and employees. And if there was any doubt, tickets can be purchased with cryptocurrency.

Image courtesy of Carty Sewill, http://cartyisme.com/