Iowa State University Hit by Bitcoin Mining Malware

iowa-state-university
23 April 2014

The Iowa State University has suffered a massive security breach which compromised the security of student data and attempted to mine bitcoin.

The University says the compromised servers contained social security numbers of 29,780 students enrolled between 1995 and 2012.

However, there is no indication that any of the files were accessed. No financial information was stored in the student records and further investigation led the university to conclude that personal information was not the target.

“The servers were hacked by an unknown person or persons seeking to generate enough computing power to create a type of digital money known as bitcoins,” the university said in a statement.

No threat to students

Although university officials do not believe personal information was the intended target, they are urging students and former students to monitor their financial reports, just in case.

The university has reached out to students whose personal information was compromised by the breach; law enforcement was notified of the breach as soon as it was discovered.

Iowa State is also advising caution, as some of the data could be used to stage further attacks, including phishing scams. The compromised servers have been taken offline and destroyed, while other servers of the same type have been taken off the internet as a precaution.

Bitcoin botnets remain a concern

Although many bitcoin miners have dumped x86 platforms with powerful GPUs in favour of bitcoin mining ASICs, hackers are still trying to turn networks into mining zombies. However, this effort does not generate as much money as it used to, as Bitcoin’s difficulty has gone up dramatically over the past year.

As a result, bitcoin mining botnets are about to become a footnote in cryptocurrency mining history.

Security firms warn that mining botnets and other bitcoin-related security threats are on the rise, but botnets make a lot more sense if they are used for certain types of ASIC-proof altcoins with a limited market.

However, since hackers who operate bitcoin botnets don’t have to pay the electric bill or the hardware involved in the process, they are still going after regular PCs and servers.

Iowa State has not disclosed any details on the actual amount of bitcoins mined by the attackers. Since it appears that only a handful of servers were affected, it is highly unlikely that they generated many coins.

This was not always the case. Last year German police arrested a couple of botnet miners suspected of mining €700,000 worth of bitcoin.

Image credit: Iowa State University