An Italian bank’s server was hijacked to mine bitcoin

Down in the bitcoin mines.
Down in the bitcoin mines.
Image: Reuters/Jemima Kelly
We may earn a commission from links on this page.

Ah, those were the days, when you could steal a bit of a company’s server power and mine some valuable bitcoin all for yourself.

During a presentation at a conference last week, British cybersecurity experts had some tales to tell of surreptitious and sometimes illegal bitcoin mining in the time before huge computing power was required to turn a profit at the activity. In January 2015 the British cybersecurity firm Darktrace was called to investigate a possible intrusion in the systems of an Italian bank. Darktrace uses artificial intelligence techniques to detect aberrations in computer systems.

The firm discovered streams of data were being transmitted from one of the bank’s servers to a European crime syndicate, Dave Palmer, director of technology at Darktrace, told the Research and Applied AI Summit in London June 30. “It was a fairly well known European criminal botnet,” said Palmer, director of technology at Darktrace. “The data was not customer data; it turned out to be a fairly buggy implementation of bitcoin mining software.”

The hijacked Italian bank server was discovered rapidly, Palmer told Quartz, and it was disabled within less than an hour of it beginning to mine bitcoin. “I don’t think they made very much money out of it,” he says.

2014 was the heyday of criminal bitcoin mining activity. “It was super fashionable to have coin mining going on alongside sending spam from botnets,” he says. The case of the banking server was rare because it was usually laptops or desktop computers that were hit by this type of malware, Palmer said.

Darktrace didn’t have data for the number of bitcoin mining malware cases from that period, but Palmer says it “felt like it was a daily occurrence.” By contrast, the firm has only detected 24 such cases in the last six months, across the 24,000 sites it monitors. “It has really dropped off,” he says.

While sophisticated cyber criminals did steal computing power for bitcoin mining in those days, it was far less common than employees casually mining from their standard-issue corporate laptops. “We’ve seen normal employees running these services on their workstations overnight,” Palmer says. “No surprise; people do all sorts of things like peer-to-peer file sharing and hosting Tor nodes [infrastructure for the anonymized network that’s part of the dark web], so I bet there are a load of coin mining stories all over the place.”

But some employees took their cryptocurrency enthusiasm a step too far. Darktrace has found servers concealed by staff in corporate data centers mining bitcoin non-stop. The servers benefit from the special cooling systems and reliable power supply at the data centers. “We found employees had procured some servers, [and] had hidden them under the data center false flooring,” Palmer says. “They were ‘off-the-record’ servers that no one recognized, mining coins 24/7.”

The days of such secret bitcoin mining are now over. Too much computing power is required to profitably mine bitcoins; the scene is now dominated by professional outfits with thousands of servers stored in giant, purpose-built warehouses. Processing power devoted to bitcoin mining has risen by 770-fold since 2014, leaving little chance of profit for servers hidden in data centers or laptops churning away after work. “I think we have seen the last of successful coin mining,” Palmer says.

Correction: An earlier version of this post mistakenly said Darktrace investigated the Italian bank’s server in 2014.