Hackers mined bitcoins using Iowa State University servers

The IT staff at Iowa State University discovered that its servers had been hacked and compromised the names, birthdates and social security numbers of approximately 30,000 students. Another nearly 20,000 students had their university identifications breached.

According to a letter (PDF) written by the university earlier this week, five department servers were compromised, which all had the personal information of students who took classes in computer science, materials science and engineering and world languages. Each of the machines was infected with bitcoin mining malware.

An investigation into the matter found that the attack took place on Feb. 3 and was only discovered by the university on Feb. 28. The breach was repaired on Mar. 3. Law enforcement authorities have been alerted on the matter. In the meantime, the university will utilize the protective services of AllClear ID for students’ identities for a year.

Iowa State UniversityIt was noted that the reason for the hacking was to be for bitcoin mining, a lucrative prospect that has engulfed the international bitcoin community. Bitcoin mining consists of solving intricate mathematical algorithms and it requires exponential computer power and a vast number of graphics cards.

“Iowa State has received no reports, nor do we have any evidence, that your information was actually viewed, accessed or used in any way,” university officials said in a statement. “No student financial information was in the data, and we do not believe that your personal information was a target of this server breach.”

This isn’t the first time that such an incident has occurred.

A mobile security firm warned Friday that fake wallpaper applications on Google Play turned mobile phones into bots for the power and its process computation to mine for bitcoins by using malware called BadLepricon.

With more and more smartphones becoming sophisticated and highly advanced, hackers using smartphones for bitcoin mining could become a lot more prevalent in the near future.

“These apps did fulfill their advertised purpose in that they provided live wallpaper apps, which vary in theme from anime girls to ‘epic smoke’ to attractive men,” Meghan Kelly, a Lookout security communications manager, wrote. “However, without alerting you in the terms of service, BadLepricon enters into an infinite loop where – every five seconds – it checks the battery level, connectivity, and whether the phone’s display was on.”

This is the second time in less than a month that bitcoin mining malware has been found on the Google Play store.
Google has yet to comment on the issue.

We reported earlier this month that a Dutch bitcoin miner was arrested for allegedly stealing electricity in order to power 21 computers for the purpose of mining for bitcoins. It was unclear as to how many bitcoins were actually mined in the farming operations.

In another case, it was discovered that hackers had breached standard security cameras with malware and then proceeded to utilize the cameras to mine for the virtual currency.

Late last year, a gaming company was fined $1 million for attempting to use players’ computers to mine for bitcoins. The company noted that it wanted to experiment with its software by adding bitcoin code to it.