Bitcoin Botnet Aims to Makes Money From Smart Devices

bitcoin botnet mirai mining IoT
Numerai were previously offering payouts in virtual currency Bitcoin (pictured), but more recently the hedge fund launched its own token, Numeraire (NMR). REUTERS/Benoit Tessier

Hackers may be hijacking internet-connected fridges, toasters and light bulbs in order to use their computing power to mine bitcoins, researchers have revealed.

IBM researchers discovered a bitcoin mining component in a new variant of Mirai—a form of malware that exploits security vulnerabilities to take control of devices connected to the so-called Internet of Things (IoT).

Security firm McAfee recently estimated that more than 2.5 million IoT devices were infected by the Mirai botnet in 2016, though it is not clear how many compromised devices may have been used to mine the virtual currency.

"We do not have any insight into whether or not bitcoins were actually mined during these attacks," Dave McMillen, a senior threat researcher at IBM, tells Newsweek. "It is also not known whether or not this is the actions of one group or many… This Mirai variant could be appealing to others in the future due to the potentially large volume of devices that could be involved."

hacking internet of things ddos mirai
Graphic shows the security risks the Internet of Things faces, and how hackers can launch a DDoS attack. Reuters Graphics

Security experts have previously warned that hackers could target smart devices in order to mine bitcoin. Mikko Hypponen, chief research officer at F-Secure prophesied in 2014 that cryptocurrencies offered a new method for criminals to profit from vulnerable devices.

"Attacks don't target the user but the computer itself," Hypponen said. "Internet of Things devices can be hacked to mine cryptocurrencies and make money."

Mining bitcoin—the process of confirming bitcoin transactions and adding their record to bitcoin's public ledger in order to generate new units of the currency—requires vast amounts of computing power. It would therefore require a huge network of IoT devices in order to have a successful mining operation.

Details of the Mirai variant were published by the IBM researchers in an online blog, in which they speculated hackers would be incentivized to mine for bitcoin in order to facilitate cybercriminal activities.

DDOS Dyn cyber atomic bomb
Experts warn that massive cyberattacks that knocked websites like Twitter and Reddit offline in October may be a precursor to a "cyber atomic bomb." Creative Commons/ Composite

According to a 2016 study by the security firm BullGuard, up to 185 million devices may be at risk of being compromised by Mirai. Hackers used the network of compromised devices in a series of attacks that caused several major websites to go offline, including Netflix, Reddit and Twitter.

Projections from technology research firm Gartner suggest the issue may escalate if security fixes are not implemented by device manufacturers. According to Gartner, there will be more than 20 billion IoT devices by 2020, while estimates from ABI Research put the figure closer to 30 billion. Cybersecurity experts warn that too many manufacturers treat security as an afterthought when producing internet-enabled devices.

Chris Boyd, an analyst at the security firm Malwarebytes, told Newsweek in an interview last year: "The problem here is that many IoT devices are horribly broken security-wise because it costs money to ensure a reasonable standard of protection on a product."

This lax approach will inevitably lead to much more devastating attacks, according to cybersecurity veteran John McAfee.

"The attacks are slowly escalating, similar to the way America developed the atomic bomb," McAfee, who created the eponymous antivirus computer software but is now longer connected to it, said in October. "Clearly there are weaknesses. Anticipate that these will be exploited in a big way."