Go to the Globe and Mail homepage

Jump to main navigationJump to main content

Bitcoin (virtual currency) coins are seen in an illustration picture taken at La Maison du Bitcoin in Paris July 11, 2014. A hacker with access to a Canadian Internet provider hijacked net traffic from large foreign networks to steal more than $83,000 (U.S.) in virtual currency over a four-month period, a cybersecurity company said Monday. (Benoit Tessier/Reuters)
Bitcoin (virtual currency) coins are seen in an illustration picture taken at La Maison du Bitcoin in Paris July 11, 2014. A hacker with access to a Canadian Internet provider hijacked net traffic from large foreign networks to steal more than $83,000 (U.S.) in virtual currency over a four-month period, a cybersecurity company said Monday. (Benoit Tessier/Reuters)

Hacker with Canadian ISP stole thousands in virtual currency Add to ...

A hacker with access to a Canadian Internet provider hijacked net traffic from large foreign networks to steal more than $83,000 (U.S.) in virtual currency over a four-month period, a cybersecurity company said Monday.

Researchers with the U.S.-based Dell SecureWorks said the hacker’s attack started last February and stopped in May, after the Canadian Internet service provider (ISP) was notified.

More Related to this Story

Joe Stewart, director of malware research at SecureWorks, said the hacker targeted firms that hosted servers generating virtual currencies such as bitcoin – including Amazon in the U.S. and OVH in France – and redirected some activity.

“We were able to track the origins to a Canadian ISP,” he told The Canadian Press from Las Vegas, where he was attending a computer security conference.

“Someone had access to a router at that ISP. It had to be someone who managed to hack into that router and gained administrative rights, or someone who already had access.”

Stewart said the hacker likely works alone, and could be a former or then-current employee of the ISP.

Pat Litke, another security researcher at SecureWorks, said the firm is “fairly confident” the attacks came from Canada, but the hacker may be based elsewhere.

“To execute the cyberattack, you literally can be anywhere in the world, as long as you have privileged access,” he said.

According to SecureWorks, a total of 51 networks from 19 other ISPs were “compromised” in the attack, which also netted the hacker a few dollars in another virtual currency, Dogecoin.

Bitcoins are produced through using programs to solve complex algorithms – dubbed “mining” – a process which also validates the currency’s transactions.

Stewart said he noticed the hacking in March when he realized his personal mining – done through one of the affected servers – had been hijacked, and notified the Canadian ISP in May, after which the “malicious activity” stopped.

SecureWorks did not go to the authorities, and it is not immediately known what further steps the ISP has taken.

A spokeswoman for SecurityWorks said the Canadian ISP will not be publicly identified, as is company policy.

Anthony Di Iorio, executive director of the Bitcoin Alliance of Canada, said those affected will likely never recover their bitcoins from the hacker.

“He’s pretty good at covering his tracks,” Di Iorio said. “The chance of prosecution is very low.”

He added that the incident indicates an issue with cybercrime in general, though not necessarily bitcoin itself.

“This was a security flaw with third-party services,” he said.

“People use cash every day and lose cash. There’s nothing you’re going to be able to do to get it back.”

South of the border, federal regulators warned consumers Monday about the risks of using virtual currencies.

The Consumer Financial Protection Bureau issued an advisory warning, saying the currencies are not backed by the government, have volatile exchanges rates and are targeted by hackers and scammers. And unlike bank accounts, bitcoin-based deposits are not federally insured.

Follow us on Twitter: @globeandmail

Top stories

Most popular video »

Highlights

Most Popular Stories