Crypto-mining botnet found on Department of Defense web server

Last month, a security researcher discovered a cryptocurrency mining system on a web server run by the US Department of Defense.

Indian security researcher Nitesh Surana revealed the DoD exploit bug bounty page January 4. He discovered that it was possible to access the server without a password.

“The major impact of this vulnerability is [that] an attacker can exploit and gain access to critical server internals,” Surana wrote in his report to DOD. As a result, an attacker can execute commands remotely on the server through the Java programming language, downloading any file of his choice.

In the event that an attacker uploads a file that attacks the server and gives them full control, “This can then lead to critical information leakage, lateral movement, and other catastrophic events, as the instance can be manipulated by the striker’s skills,” Surana said.

He looks like someone did exploit the vulnerability to install a botnet to exploit the privacy coin, Monero. It’s unclear how much they earned, but, after Surana released evidence to support his claims, the DoD quickly vetted the system and had close it before January 21.

This is not the first time someone has used a state apparatus to mine cryptocurrency. Last year, employees of a Russian nuclear warhead facility were fined for illegally using the the department’s supercomputer to be mined for Bitcoin. His computer is powered by a petaflop, equal to one thousand trillion transactions per second.

Want to be a crypto expert? Get the best of Decrypt straight to your inbox.

Get the biggest crypto news + weekly digests and more!

Comments are closed.