Hackers turn security camera DVRs into bitcoin miners

3 Apr, 2014 01:57 / Updated 11 years ago

A computer security instructor says he's discovered that hackers have been able to infiltrate standard security cameras and then use that hardware to mine for bitcoin, the anonymous digital cryptocurrency.

Johannes Ullrich, a teacher at the computer security SANS Technology Institute, announced last Friday that he found malicious software on Hikvision digital video recorders (DVRs), which are used to record video from surveillance cameras. The virus seems to spread from device to device onto each machine it connects with on the network in question. Along with replicating, though, it also uses the closed-circuit television operators to mine for bitcoin, sending those profits back to the virus’ creator.

Analysis of the malware is still ongoing, and any help is appreciated,” Ullrich wrote. “Here are some initial findings: The malware is an ARM Binary, indicating that it is targeting devices, not your typical x86 Linux server. The malware scans for Synology devices exposed on port 500.”

This hack is atypical because malware is generally aimed at Linux and Windows systems, whereas the Hikvision hack victimizes DVRs and even some internet routers. Wired reported that Ullrich has since found the malware running on routers, an indication that the programmers likely wrote a specific worm for operating systems.

Though this is a novel method, it’s hardly the first time hackers have tried to bust their way into other people’s hardware in order to make some bitcoin, the popular digital currency,” Wired’s Robert McMillan wrote on Tuesday. “The bitcoin system is run by independent machines spread across the globe, and if you contribute processing power to the system, you receive some bitcoin in return. This is called mining, and hackers often seek to mine using any machines they can gain control of – including security camera DVRs.”

However, some cybersecurity experts have wondered why the hackers targeted Hikvision DVRs, which are not equipped with a system capable of working with the specialist graphic cards required to mine for bitcoin, according to Virus Bulletin anti-spam test director Martijn Grooten.

Kudos to camera DVRs hackers for finding something worse (i.e. very ineffective cryptocurrency mining) to use them for than surveillance.

— Martijn Grooten (@martijn_grooten) April 1, 2014

It has recently been called into question whether acquiring bitcoin is worth any sort of effort. Since December 31, 2013, bitcoin’s value against the US dollar has plummeted by 38 percent - a more dramatic decline than copper, the Russian stock market, and the Argentine peso. This assessment comes after the Japanese bitcoin exchange Mt. Gox imploded, leading to the disappearance of US$450 million worth of bitcoins.

The US Internal Revenue Service also announced that bitcoin would be regulated as property, not currency. Gina Sanchez, the founder of Chantico Global, told CNBC that the IRS’ designation is a “terrible thing” for bitcoin and means the mysterious cryptocurrency will only continue to lose its market value.

Bitcoin as a currency doesn’t make any sense,” she said. “You basically have a whole bunch of cyber geeks trying to tout themselves as a monetary authority. That’s just not going to fly.”