Amazon loses control of cloud services in MyEtherWallet-linked hijack
Amazon has lost it. At least it did for a couple of hours Tuesday morning. An unidentified hacker was able to exploit a known bug in Internet routing protocols to compromise Amazon’s cloud servers, ultimately stealing about $150,000 in Ether (ETH), the cryptocurrency backed by Ethereum.
The hack took advantage of a weakness of a part of the Internet’s Domain Naming Service (DNS) protocols and allowed the hackers to mimic the cryptocurrency website MyEtherWallet.com. The attack began at around 6:00 AM PST and approximately 1,300 IP (Internet Protocol) addresses were targeted. The addresses reportedly belong to Amazon’s DNS, Route 53.
Amazon refuted the claims. In a statement obtained by Ars Technica, the e-commerce company said, “Neither AWS nor Amazon Route 53 were hacked or compromised. An upstream Internet Service Provider (ISP) was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered. These peered networks, unaware of this issue, accepted these announcements and incorrectly directed a small percentage of traffic for a single customer’s domain to the malicious copy of that domain.”
The hack centers on the Border Gateway Protocol (BGP), part of the DNS system that correlates website names to IP address destinations. The BGP allows network operators the ability to send large amounts of Internet traffic from one location to another. Although it is considered to be a critical component of the Internet, it relies on open DNS systems that rely on a “trust factor” whereby entities are assumed to be who they say they are. The bug has been around for years, but no patch has yet to be created.
Last year there were two BGP-based attacks. The first occurred in April and involved traffic from Symantec, MasterCard and Visa. The second took place in December, and impacted Facebook, Apple, Microsoft and Google.
This latest attack was traced to a server in Russia by security researchers. $150,000 is a substantial amount to lose, it’s nothing compared to what was revealed to be held in the destination wallet. The researchers determined that the hacker’s wallet contained $17 million worth of digital currency.
To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.