74
suprano
6y

You think a junior dev pushing his code onto a production server is bad? Wait till you have that admin who is illegally mining Bitcoin on your production server. πŸ˜‚

I went for a Cyber Security conference today with one of managers and this was one of the life experiences some of the speakers shared.

Comments
  • 7
    Illegally mining? Not if the bitcoin belongs to the company. πŸ˜‚
  • 5
    @enoon lol that's what makes it even more funny. That's what the speaker said.. Illegally mining Bitcoin.
  • 5
    @suprano how did they find out? Would it have ended differently if he only mined at night? I might or might not be planning something and would like to know.
  • 1
    @YouAreAPIRate might or might not. πŸ‘€πŸ˜‚

    People always revert to their innate, quantum state(s) when committing things that may or may not be considered acceptable.
  • 1
    Got to be ethereum, the hashing ability on normal server is pretty low, mining Bitcoin is too obvious πŸ˜’
  • 0
    @YouAreAPIRate Unsless the Hardware is yours, you are only allowed to use it as agreed on.
  • 0
    @YouAreAPIRate so the company so shared this information monitors Network for suspicious activity like phishing, false alerts and all that kind of stuff. Apparently, this guy didn't know the company had hired such people so they reported the activity to the company then fired the guy mining Bitcoin on the production server.
  • 1
    Thinking about this: a server's (or any computer's) life span decreases with load, but what causes this? Is it purely the heat of the processing units, or are there other factors that contribute to the degradation under load? And why is this heat bad? Does it ultimately melt connections on a microscopic scale and cause short circuits that then fry the entire unit, or...?
  • 1
    @sunfishcc even Ethereum isn't profitable to mine on a cpu, he was probably mining Monero (or some other Cryptonight or X11 coin).
  • 0
    @endor True, co-workers start talking about mining injection. I know it's real, but highly doubt is profitable😳
  • 0
    @sunfishcc Depends on the hardware. Previous company I worked (pharma) had servers with large CUDA arrays, a few thousand GPUs in total.

    And if you use an iaas service like AWS or Google Cloud, and an attacker has access to the dashboard, they can just keep spinning up new accelerated computing instances.
  • 1
    @sunfishcc Even CPU mining on raspberries is profitable, if:

    1. You're not paying the electricity bill
    2. The scale is large enough

    Profitable, but not ethical.
  • 0
    @bittersweet but is it too abvious if mining on company's server? Unless there's only one admin πŸ€” and nobody noticed the performance issue
  • 2
    When your servers are slow but it is not because of MySQL
  • 1
    @theseeker because of some really bad query I wrote 🀦‍♂️
  • 1
    @sunfishcc not everybody knows what to look for, and anyone other than a stupid script kiddie will figure out a way to make the mining program more hidden.

    Note that the Cryptonight algorithm is *designed* to work well both on cpus and gpus. Big, beefy server cpus with large amounts of fast cache are quite well-suited for mining coins that adopt that algorithm.
    This makes botnets quite profitable, especially if you consider that their operational costs are virtually 0, and they scale linearly with the number of hosts infected (assuming all cpus are equal - which they aren't).
  • 1
    @endor I will take notes on this. πŸ˜‰
  • 0
    @enoon simply because you can't admit the first and won't admit the second.
    Next time i should ask because of black hat reasons, that's way less suspicious (not that i'm planning something *cough cough*)
Add Comment