They siphon cryptocurrency without the knowledge of their victims: the FBI in pursuit of Chinese fugitives

Caught Hand in the Bag – The number of misdeeds involving cryptocurrency has been lost. On September 16, 2020, the US Department of Justice (DoJ) published a report indicting 7 hackers, accused of breaking into the computers of more than 100 companies, with the aim of mining cryptocurrency.

An attack of rare precision

This time, the attack is described as “crypto-jacking” . The interest is to enter illegally on several computers and business servers (generally powerful), to install a „silent miner“ .

Thus, each computer will use its personal computing power to mine cryptocurrencies for the benefit of hackers and to the detriment of victims. This process is particularly effective since the mining is to discreetly and can prove very lucrative . A scheme also deemed „very sophisticated“ by the FBI, which details the workings of this attack:

“Hackers have compromised vendors to facilitate further intrusions against software vendor customers. “

This is not the first time that suppliers or secondary providers have been victims of hacking. In April 2015, TV5 Monde had also suffered a similar attack , where the pirates had appealed to a provider of the TV channel for their mischief.

The report, published by the FBI, also mentions the use of „dead drops“ , blank web pages, classic appearance, but which send coded instructions to their software. Finally, certain “exploits” and public tools were also used.

The perfect crime does not exist

Although very organized, the actors of this attack nevertheless left several traces behind them, which the FBI investigators were able to exploit. By focusing on certain keywords, the engineers were able to trace the source code of the software, which revealed certain sensitive information , especially on the companies hacked.

The 7 profiles were quickly identified , which included 2 Malaysians and 5 Chinese . On September 14, 2020, following an arrest request from the United States with a view to their extradition, Malaysian authorities arrested the 2 businessmen in Sitiawan.

On the side of China, on the other hand, it is radio silence . Deputy Attorney General Jeffrey A. Rosen says:

“Unfortunately, the Chinese Communist Party has taken a different path to make China safe for cybercriminals as long as they attack computers outside of China and steal intellectual property useful to China. “

This new episode shines a light on Chinese striking power. In a globalized world, states will now have to protect themselves against attacks from foreign powers. In these conditions, it is legitimate to wonder if this piracy does not constitute, above all, a demonstration of power by the PRC over the United States.