Someone in a publicly-funded institution in Romania was mining Monero from its computers. Ștefan Tănase, a cybersecurity researcher at Ixia, discovered the mining activity at a Măgurele facility from the Institute of Nuclear Physics and posted a screenshot showing the 6-GPU setup on Twitter.
Nicolae Zamfir, the director of the project, confirmed to HotNews that from the outset, the mining activity appears to be coming from an IP within the institution, adding that the system doesn’t belong to the much-publicized Extreme Light Infrastructure Nuclear Physics (ELI-NP) laser project. Zamfir also confirmed that an investigation has begun to uncover which systems are mining cryptocurrencies and the individuals responsible.
Tănase said that it’s highly likely that an employee within the institute connected a mining rig to the institute’s network to mine the Monero, using the Internet and electrical resources of the organization. The employee doesn’t need to be present during the mining phase and only needs to monitor the activity remotely.
“This case best illustrates one of the most sophisticated threats that large organizations face with regards to the digital world: an employee who comprises a network through his actions, either by installing a program on his computer or bringing a terminal that he may connect to the organization’s network. It’s very difficult to use technology to protect oneself against rogue insiders,” Tănase explained.
A little over a month ago, a Florida employee at the Citrus Department was doing something similar, mining cryptocurrencies at the government’s expense. That time, the employee even used a purchasing card from the government to buy $22,000 in equipment, including 24 GPUs.