Hello, welcome to the Friday, April 28th, 2017 edition of the San Santernet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

BGP, the Border Gateway Protocol that organizes routing across different networks on the internet is in the news again and that's

usually not a good thing in this particular case a net block that's assigned to visa the credit

card company was rerouted to a russian ISP not 100% sure why this happened, could be a mistake, could be an attack, but the sad part

is that it's still possible even with a very visible netblock like this to reroute it

at will.

Now in this case, BGP Mon, which is a company that's actually part of Open DNS, did catch

the event.

That's their business.

They're monitoring for odd BGP traffic like that, and they wrote up a nice blog about

what they saw.

Now, one thing an attacker could do with a BGP hijacking attack like this is take advantage

of a vulnerability in the popular Bitcoin mining gear and miner.

Andminer apparently is responsible for something like 70% of the internet's

Bitcoin mining power. Not sure if the number is correct, but it is certainly substantial.

The problem with ant miner is that it does check in anywhere between every one and 11 minutes with its manufacturer.

So if you bought one of these devices and installed it in your network every five minutes or so,

it will connect back to the manufacturer.

And if the manufacturer sends the right signal back, since you just fail for this check-in request,

then the ant miner will shut down. There appears to be no authentication used for this particular

check-in and in addition to checking whether or not it should continue mining Bitcoin, the

...