At the Research and Applied AI Summit in London, the director of technology at Darktrace spoke of a bank server that a European crime syndicate hijacked to mine Bitcoin. The incident contrasted the machine learning company’s findings for recent Bitcoin mining—he explained that the era of secretive Bitcoin mining had passed. Professional enterprises with dedicated servers dominated the sector due to the power requirements for lucrative Bitcoin mining, he explained.
Dave Palmer, Darktrace’s technology director, manages the cybersecurity firm’s mathematics departments and methodology. Darktrace utilizes machine learning and artificial intelligence to detect anomalies in computer systems. The firm purportedly developed the world’s first “Enterprise Immune System.” Their unique strategy allows clients to respond to “in-progress cyber-attacks.”
Palmer explained that the undisclosed Italian bank had called the firm in January 2015 for assistance. Darktrace immediately identified outgoing streams of data, but found the data atypical compared to the losses of a usual attack in the financial sector.
Instead of stealing customer data, the threat actors hijacked the servers to stealthily steal the bank’s massive power supply. The attackers sent data to a “fairly well known European botnet,” Palmer explained.
The cybersecurity/fintech firm detected the hijacked bank server almost instantly, he explained. Within an hour of the “fairly buggy” Bitcoin mining software’s infectious launch, Darktrace had shut it down. “I don’t think they made very much money out of it,” he said.
He said that 2014 was the year of secret Bitcoin mining. “It was super fashionable to have coin mining going on alongside sending spam from botnets.” (The bank example was uncommon; similar operations involved laptop and desktop computers.) Palmer said that over the last six months, out of the 24,000 sites monitored by Darktrace, only 24 similar [botnet mining] cases were registered.
The most common mining, “in those days,” generally occurred at a much smaller scale. And although the bank indecent had been unique for Darktrace, it was not alone in terms of unique methods of Bitcoin mining.
“We’ve seen normal employees running these services on their workstations overnight. No surprise; people do all sorts of things like peer-to-peer file sharing and hosting Tor nodes, so I bet there are a load of coin mining stories all over the place.”
At a corporate level, employees took advantage of corporate servers at their workplace, he said, still referring to 2014 and 2015. “We found employees had procured some servers, [and] had hidden them under the data center false flooring,” Palmer noted. “They were ‘off-the-record’ servers that no one recognized, mining coins 24/7.” This set-up appealed to miners because of a free and steady power supply, along with industrial server cooling systems. “Processing power devoted to bitcoin mining has risen by 770-fold since 2014, leaving little chance of profit for servers hidden in data centers or laptops churning away after work,” he said.
“I think we have seen the last of successful coin mining,” he concluded.