Crypto mining botnet found on Defense Department web server

A security researcher last month discovered a cryptocurrency-mining scheme on a web server run by the US Department of Defense.

Indian security researcher Nitesh Surana disclosed the exploit on the DoD’s bug bounty page on January 4. He found out that it was possible to access the server without a password.

“The major impact of this vulnerability is [that] an attacker can exploit and gain access to critical internals of the server,” wrote Surana in his report to the DOD. As a result, an attacker can run remote commands on the server through the Java programming language, uploading any file they want. 

In the case that an attacker uploaded a file that attacked the server and gave them complete control, “This can later lead to critical information leakage, lateral movement and other catastrophic events as the instance can be manipulated by the skills of the attacker,” said Surana.

It looks like someone did exploit the vulnerability to install botnet to mine the privacy coin, Monero. It’s unclear how much they made, but, after Surana posted evidence to support his claims, the DoD quickly controlled the system and had shut it down by January 21.

This isn’t the first time someone’s used state apparatus to mine cryptocurrency. Last year, employees of a Rusian nuclear warhead facility were fined for illegally using the department’s supercomputer to mine for Bitcoin. Its computer is powered by one petaflop, equal to a thousand trillion transactions per second.