SEO Scout dibinātājs Džonijs Platts kļuva par hakeru upuri un saņēma rēķinu no AWS par $45k
SEO Scout dibinātājs Džonijs Platts kļuva par hakeru upuri, kas mainoja Monero kriptovalūtu Amazon mākoņservisos.
Nezināmi uzlauzuši viņa kontu Amazon Web Services (AWS) un vairākas nedēļas izmantojuši to mainingam. Rezultātā kompānija izrakstīja Platam rēķinu par $45 000.
Kā noskaidrots, ļaundari bija palaiduši mainera skriptu AWS Lambda. Ik pēc trim minūtēm tas palaida sevi dažādās Lambda ierīcēs un maksimāli pieļaujamās 15 minūtes mainoja kriptovalūtu. Hakeri ieguva 6 XMR (ap $800).
🎄 Excited to announce I just received my Christmas present from @awscloud!
😱 Horrified to see it's $45,000 in charges due to some scammer hacking my account + mining Crypto for the last few weeks
⏰ Had no sleep last night. It's now 23 hrs since my support ticket & no reply.
— Jonny Platt (@jonnyplatt) December 14, 2021
How did the scammer run up such a huge bill, so quickly?
This was not a sophisticated scam. Just a bash script on Lambda that downloads and runs a miner.
Every 3 minutes, for the max 15 mins each time.
In every AWS region on the globe. pic.twitter.com/g4zfT5Bz0T
— Jonny Platt (@jonnyplatt) December 14, 2021
So right now I'm footing the bill for $45k of server time, and some crypto scammer is rolling in the cash in the Bahamas, right?
Nope! The scammer's key is public. You can look it up on the mining site.
For my $45k they made roughly 6 XMR (Monero)That's $800.
What a waste.
— Jonny Platt (@jonnyplatt) December 14, 2021
But:
– Is it unreasonable to expect an email when monthly costs escalate by 150,000%?
– Or to expect less than 23 hrs response time after an insane credit card bill?
– Or to expect the biggest tech company in the world to do more to protect their customers from fraud?
— Jonny Platt (@jonnyplatt) December 14, 2021
AWS makes up ~52% of Amazon's operating income. It's a massive profit center for the business, generating $12.7bn for the company last year.
— Jonny Platt (@jonnyplatt) December 14, 2021
If you host with AWS, I urge you to check your security settings, and set up cost anomaly detection:https://t.co/iHgJntFGz7
If you don't? Then I urge you to consider if AWS is right for you, your scale and resources, however tempting their credits may be.
— Jonny Platt (@jonnyplatt) December 14, 2021
Pagarš bēdu stāsts, bet der ņemt vērā jebkuram, kurš lieto AWS.
© 2021 The Bitcoin Foundation Latvia
