Bitcoin Forum

There is a cybersecurity firm that published a blog post (https://www.cyberbit.com/blog/endpoint-security/cryptocurrency-miners-exploit-airport-resources/) claiming they figured over 50% of the airport’s workstations were riddled with a crypto mining software despite the fact the workstations have 'industry-standard' antivirus and were not able to detect it.

They don"t know since how many times the malware was in place because they just started to work with the airport, so possibly for months. The airport didn't notice anything before.



I wonder how many others are actually targeted like this one.

This would explain why all those airport totems are so slow!
However, I believe that someone would notice the peak in energy consumption, or the temperature of those devices.

They are probably mining XMR
There's a LOT of places with crypto mining softwares installed without permission, like Schools, big companies, datacenters, research facilities etc

This is not good for our crypto world, it's illegal

I wonder how they got the software on the computers. I reckon someone came into the airport with USBs that had malware and automatic installed data on the computers.

It is confusing though. Not sure why the airport wouldn't do routine weekly, or even monthly checks on their computers for malware.

There's a couple places I think would be prone to these sorta events, such as internet cafes, etc, anywhere where there are an excess of computers that are always in use.

Great link.

You may can't imagine but the most curious thing that I have ever seen was window of command prompt run on bank's ATM screen and also on bill payment machine screens (while I was paying bills, somehow it started lagging and screen was in stuck, then cmd window came with words where one was written monero).
IT's are trying to get easy money by using their knowledge and some power which they have on these machines. To be fair it sucks and such employees deserve to be kicked from their job because when you run mining software on any device, it starts lag and making processes slower which is the worst thing especially when we are in touch with airport computers where security and flexibility is really must to have.

Wow , so it come up to this nowadays ...people installing mining software in airports in order to mine. I think the same , they definitely mining XMR as that is the easiest way to install a software to mine XMR. I remember in my country that people from IRON GATES mined in 2016 with hydro power and they actually mined a lot of months until someone caught them ... .

Regarding the security , even if they make a quick check the software should be hidden in pc in order just to generate CPU power so they thought they are having a temperature problem no wonder why they discover it so lately.

Illegal and also inevitable in the context of CPU mining. Botnets were mining Bitcoin in the early days too! The only reason they don't now is because of the progression of specialized/ASIC mining.

If Monero didn't implement regular hard forks to stave off ASIC mining, this phenomenon would be mitigated. I guess that's the price we pay for ASIC resistance! :)

There is a desperate need for companies and governments to develop software that can instantly detect these problems.

You could make a lot of money and do a lot of good with a piece of software that basically scanned your computer for mining software and stopped it. We need to evolve with the times.

Also had a suspicious they where used to mine some sort of crypto-currency. Seems like an easy target.

Many, many ATMs use x86 PCs with windows, color me surprised. They are often installed and forgotten from an IT standpoint, unless they break completely. Same with PoS, or the various computers they use both public facing and internally. They get infected with all kinds of malware, which probably includes the monero mining ones.

Perhaps they had some antivirus, they can't bother updating frequently from fear of breaking something else, until the malware breaks them, of course. But some malware is smart enough to not break its host. If you are on windows, try to learn from the experience. Its not like this is "news" whatsoever, its been like that for decades, people just never learn.

We have talked about it here before, if you abandon Windows, OSX, Android and iOS, you are 80% there. But even within the IT people there are many who don't ever bother learning using anything else, since these always break operating systems bring food to the table. But if you read this, you already know better, now its your turn: Start with Linux (https://distrowatch.com/), its good for you. Don't ever change, and your turn will come.

And if they do, some just ignore them, since it does not threatened the system on how those operator sees it.  Computer operators are just there to operate the software installed on a unit and not knowledgeable on anything more than their task.  Maintenance just checked the operation of the system and never bothers anything unless something bad happens or an error occur.  This is the reason why these miners are running undetected.

You really do not need to physically install them using a USB, if the servers are not protect anyone can install all these with ease and the standard antivirus and malware protection software they were using was not detecting these breaches but the funny thing is that the network engineer did not identify the surge which tells you how their selection process was when they were hiring network engineers ::).

Shows the quality of staff they hired  :P.
 

This is really sickening na disheartening, doesn't speak for the future of cryptocurrencies. Incidents like this make the government want to crack down on cryptocurrencies as soo as possible. CryptoJacking is a very serious issue in our contemporary society right now. Those big cooperation should endavour to check up on their systems periodically, no one is really safe.

What does it have to do with bitcoin, i seriously does not care about the shit load of altcoins. Government should crack down illegal miners and malware like these and companies have to take serious steps to counter these illegal activities in their network and it looks like the airport has done nothing to ensure these basic safety procedures.

This kind of illegal activity can't be stopped unless they got arrested. But surely, other people would also do the same. What's really sad is that they're damaging the image of crypto. It's a big damage to crypto since they're targeting big company and industry. Companies should always be careful with this kind of things since just like what the airport worries, it can cause physical damage to the people in the airport if they would access to their system. That's why companies have their ITs to help them with this things and other digital issues.

We can't help it, the more cryptocurrency is getting recognition, the more people are taking it for granted even if it means oppressing others.

That's worse then. I didn't think those PC's where so easy to stop and breach that a hacker would just be able to download software and then run the programs on the computers.

They must have hired some really cheap, or clueless staff for this to go un-noticed. Don't think it would take that much work anyway...

Another interesting stat I'd like to know, how much have they actually made off mining? Are these stats public?

Hackers are targeting it's employees, simply as that. Those bad actors are going to send phishing emails to those employees. And if the employee are not aware of it, 100% the whole company are going to be infected very quickly.

Not just airport are the target of hackers now but almost all industries.

Chinese hackers are ramping up attacks on US companies (https://edition.cnn.com/2019/02/20/tech/crowdstrike-china-hackers-us/index.html), state sponsored attacks are beginning the norm today.

Yes, it's about the xmrig monero miner. How did those malicious malware entered the airport's computer system? Unless there is an insibe job who does all the job inserting such malware program to the computer. I wonder how much Europe's airport spent huge electric bill for unconsciouly knowing there is a mining of xmr for a couple of months.

Going unnoticed is the cunning of hackers, who are always working to find ways to attack the systems and obtain profits illegally. In the world of cryptocurrencies we must be very careful with the platforms we use.

It would be better if the data is published and how they detect it. It's like saying you know everything but nobody else should know it.

I am sure that there many more facilities serving the public whose computer system are infected with mining malware taking advantage of free infrastructure and free power to gain something. This is akin to producing money out of thin air as the mining malware is just piggy-backing the existing workstations. Now, there a need for a more sophisticated detection system so that nay attempt to do free mining can be monitored and thwarted. This is definitely unacceptable and can pose some security risks.


Yes, this thing should not be tolerated. I think all facilities public and private should now start monitoring and tracking their own system for possible infection of the mining malware. The big problem is when it is an inside job and there is no one looking closely at the IT department. This is why there should be a good software that can easily recognized this malady.


CPU mining can actually be a good opportunity for us to participate with as long as we are not doing illegally by just using those computers we legally own and connected with. However, for the sake of solving this problem, I agree that Monera must update via forks their platform. We can not allow this thing to continue.

Yea, we had the "W32/CoinMiner.g" at work for a while and the latest anti-virus software with updates did not want to remove it. We send the virus to the AV Software company and they engineered a solution and it was gone within a day or two.  ;D

I sometimes wonder how many of these mining "bots" are running out there and how much the owner of these bots are actually getting from this. AV Software companies are catching up on this new trend and they are focusing some more effort on stopping this now.  ;)

This is a lesson for I.T personnels - to ensure that optimal defenses of their mission critical systems are always in place! Had that malware not been discovered earlier or otherwise it had another nasty malicious payload to wreak havoc on those systems, the damage could stop airport operations because such a security breach could halt flight schedules worldwide thereby causing a ripple effect on international flights schedules.

I guess its the job of the system administrator to maintain the security of those workstations and I think he/she should take the blame for it. Moreover, this also shows the importance of having regular security audits to endure these types of malware cannot breach computer systems.

This has not only affected the airport operations, but also the perception of crypto to people. The innocent ones would think crypto as a medium to carry virus to workstations, which is wrong and could decrease the trust of the public to crypto-space in general.

Their virus definitions should be always up-to-date to counteract and prevent malwares such as this. Their antivirus providers, also must be reliable because they may be the problem. This mining malwares impose great risk to public places, such as airports, since system slowdown may affect communications and other operations, which are critical to public safety.

I think this a pretty infectious malware rattling around in a lot of computers. The main problem is that this malware doesn't has any GUI it just continues to run in your task manager services and that is the only place from where you can shut it down. I highly doubt that a lot of computers have been infected by this virus. But airport's workstations are really designed to be much more secure than normal Personal computes if those are infected at such a large scale I highly doubt that it's even stinking around in my PC Too. I heard that even Piratebay and such torrent sites mine crypto using your pcs secretly.

Just to be specific on the scope, and unspecific as to the location, the blog article does reference that the findings occurred at a (nameless) international airport in Europe.
That does not mitigate the issue, but the context of their findings aren't generalized, but rather confined to a single airport. Having said that, it wouldn’t strike me as odd for it to be pretty extended, but the reported scope is restricted here.

It might be hidden in the task manager but you can still tell it is there. The computers will slow down a lot. Unless they were clever and only used a certain amount of the pc's power to mine so that it lasts longer without detection. If you have hardware monitoring software you can definitely figure out what's going on. I wonder how much these people actually made. I know they have botnets. I thought you might need a botnet to have enough hash power.

If this is true it most likely they are used for mining Altcoins (and not really Bitcoin), especially those with low mining difficulty unless the virus is mining on many global computers. It also depends on how powerful the airport computers are, which could make mining Bitcoin profitable.
  It's possible that hackers create new Altcoins and get as many global computers as possible to mine them.?

Alright, but I don't think those airport workstations have any significant mining power. Or maybe they have some top notch GPUs that I don't know about.. However the airport's IT team should have done a better job. It is part of the sys admin's job to oversee and scan the infrastructure for any threats and perform scheduled maintenance procedures. This is why control staff is needed and operational managers need middle-line managers as well. Organizations don't work autonomously unfortunately and a simple antivirus can't face all the cybersecurity threats that exist nowadays.

Another red mark for crypto space associated with bitcoin; The malware was suspected to be a Bitcoin miner because of its behavior of executing multiple processes over a short timeframe, even though it was confirmed as a the xmrig Monero miner. For layman it was a cybercrime which might be infected many places, not just one airport.

This has been a problem that is found all around. Now this is being found within a high security premises. Almost every airport used to have high security, beyond that it is hard to enter. This surely should have taken place with the support of an employee. Such kind of mining softwares were found to be installed illegally on different computers. Often we can find news that states about illegal mining.

This kind of activities were to overcome the increased electricity consumption that takes away the profiting out of mining. Came across an article that gives some detailed data on mining practices Mining Cryptocurrency using Company Hardware and Electricity. (https://www.securitynow.com/author.asp?section_id=613&doc_id=740382)

This is another case of a cryptojacking virus. A kind of trojan virus that hijacks your computer and mines a certain cryptocurrency. In the previous years the cryptocurrency that is being mined by this cryptojacking virus is monero. I am not sure if the airport computer were also mining monero because of the virus but it is the same kind of hacking that will use your computer without your knowledge to mine a certain cryptocurrency. Usually to remove the virus we just need to run a anti-malware software but if it is not working in the airport then that is a custom made virus probably an insider did that.

The main reason I think why airport is the target for these malware is that, their computers are widely awake and open almost 24 hours for the services that it provides. In this case, I highly have a feeling that their systems are overheating due to hidden process that run on its background. This is not good, flight and safety could be compromised by these such activities in cryptocurrency space.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    

I think the airport station hacker group works with someone who works at the airport because if we think that the hacker himself without the help of someone who works at the airport maybe he certainly will not be able to get into the airport system because the airport system I believe is very strong at protecting their systems from hackers so as not to endanger lives during flights and we cannot confirm that airport hackers are a bitcoin mining group because they do not have solid evidence.