A hacker with access to a Canadian Internet provider hijacked net traffic from large foreign networks to steal more than US$83,000 in virtual currency over a four-month period, a cyber security company said Monday.
Researchers with the U.S.-based Dell SecureWorks said the hacker’s attack started last February and stopped in May, after the Canadian Internet service provider (ISP) was notified.
Joe Stewart, director of malware research at SecureWorks, said the hacker targeted firms that hosted servers generating virtual currencies such as Bitcoin — including Amazon in the U.S. and OVH in France — and redirected some activity.
“We were able to track the origins to a Canadian ISP,” he told The Canadian Press from Las Vegas, where he was attending a computer security conference.
“Someone had access to a router at that ISP. It had to be someone who managed to hack into that router and gained administrative rights, or someone who already had access.”
Stewart said the hacker likely works alone, and could be a former or then-current employee of the ISP.
Pat Litke, another security researcher at SecureWorks, said the firm is “fairly confident” the attacks came from Canada, but the hacker may be based elsewhere.
“To execute the cyberattack, you literally can be anywhere in the world, as long as you have privileged access,” he said.
According to SecureWorks, a total of 51 networks from 19 other ISPs were “compromised” in the attack, which also netted the hacker a few dollars in another virtual currency, Dogecoin.
Bitcoins are produced through using programs to solve complex algorithms — dubbed “mining” — a process which also validates the currency’s transactions.
Stewart said he noticed the hacking in March when he realized his personal mining — done through one of the affected servers — had been hijacked, and notified the Canadian ISP in May, after which the “malicious activity” stopped.
SecureWorks did not go to the authorities, and it is not immediately known what further steps the ISP has taken.
A spokeswoman for SecurityWorks said the Canadian ISP will not be publicly identified, as is company policy.
Anthony Di Iorio, executive director of the Bitcoin Alliance of Canada, said those affected will likely never recover their bitcoins from the hacker.
“He’s pretty good at covering his tracks,” Di Iorio said. “The chance of prosecution is very low.”
He added that the incident indicates an issue with cyber crime in general, though not necessarily Bitcoin itself.
“This was a security flaw with third-party services,” he said.
“People use cash every day and lose cash. There’s nothing you’re going to be able to do to get it back.”
South of the border, federal regulators warned consumers Monday about the risks of using virtual currencies.
The Consumer Financial Protection Bureau issued an advisory warning, saying the currencies are not backed by the government, have volatile exchanges rates and are targeted by hackers and scammers. And unlike bank accounts, Bitcoin-based deposits are not federally insured.