Hackers hijacked traffic through Amazon servers for two hours, undetected

The event, which only lasted about two hours on Tuesday, April 24, saw traffic to Amazon’s cloud web hosting servers redirected to malicious websites. Not all of the traffic, just a small slice of it, about 1,300 IP addresses, according to Oracle. The attack saw traffic to MyEtherWallet redirected a malicious version of itself, where the attackers could siphon cryptocurrency off of users who thought they were logging into their cryptocurrency wallets.

One such site, MyEtherWallet, was cloned by attackers but likely didn’t result in the kind of massive theft we’re used to seeing when cryptocurrency wallets or exchanges are attacked. According to Ars Technica, the cryptocurrency wallet into which the fake MyEtherWallet site was dumping its cryptocurrency already had about $27 million worth of cryptocurrency in it.

Details like this have led some to believe the attack could have been state-sponsored, potentially with ties to Russia.

“So far the only known website to have traffic redirected was to MyEtherWallet.com, a cryptocurrency website. This traffic was redirected to a server hosted in Russia, which served the website using a fake certificate — they also stole the cryptocoins of customers,” wrote security researcher Kevin Beaumont. “The attacks only gained a relatively small amount of currency from MyEtherWallet.com — however their wallets in total already contained over [20 million pounds] of currency. Whoever the attackers were are not poor.”

It may not have been the first time these hackers have staged such an attack either, according to Ars. There were a couple suspiciously similar attacks in 2013 when hackers hijacked internet traffic to a number of U.S. companies, routing the traffic through Russian ISPs. Affected companies included Visa, MasterCard, Apple, and Symantec. Eight months later, another set of U.S. companies saw their traffic hijacked with the same kind of exploit.

These 2013 attacks used the same “border gateway protocol” exploit as today’s attack. Beaumont elaborated that today’s attack requires access to sophisticated equipment, which leads him to believe MyEtherWallet was not likely the only target — just the one we happened to notice.

“Mounting an attack of this scale requires access to BGP routers are major ISPs and real computing resource to deal with so much DNS traffic. It seems unlikely MyEtherWallet.com was the only target, when they had such levels of access,” Beaumont wrote. “Additionally, the attackers failed to obtain an SSL certificate while man-in-the-middle attacking the traffic — a very easy process — which alerted people to the issue at scale.”

Product Review

The Ferrari Portofino is the super stallion you’ll want to drive every day

With the introduction of the Portofino, Ferrari addresses the California T’s stylistic shortcomings while improving comfort, convenience, and performance. There’s little “entry-level” about this super stallion.
Emerging Tech

Researchers gave alligators headphones and ketamine, and all for a good cause

Researchers in Germany and the United States recently gave ketamine and earphones to alligators to monitor how they process sounds. Here's what it reveals about alligator evolution.
Cars

Vivint’s Car Guard keeps tabs on your vehicle when you’re not in it

A simple plug-in that you can place in just about any vehicle, Vivint's new Car Guard will automatically detect if your car is bumped, towed, or stolen and will alert you about it.
Mobile

The Black Shark 2’s Ludicrous Mode promises the smoothest mobile gaming

Xiaomi-backed Black Shark has a follow-up to last year's Black Shark gaming phone, complete with high specs and a low price. Here's everything we know about the Black Shark 2 gaming phone.
Computing

How the Google Stadia could lead to a new era of multi-GPU gaming

Google's Stadia could use more than one graphics card to deliver the high-performance visuals it's promised. If that leads to better developer support for multi-GPUs, could that mean gaming with two or more graphics cards could finally be…
Computing

Intel gives a peek at what its Arctic Sound GPU could look like

A new set of concept images shown at GDC 2019 is providing a peek at what Intel's upcoming modern discrete GPU, code-named. Arctic Sound, could end up looking like when released in 2020.
Deals

Here are the best Chromebook deals available in March 2019

Whether you want a compact laptop to enjoy some entertainment on the go, or you need a no-nonsense machine for school or work, we've smoked out the best cheap Chromebook deals -- from full-sized laptops to 2-in-1 convertibles -- that won't…
Deals

From Chromebooks to MacBooks, here are the best laptop deals for March 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Computing

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

Get the most out of your high-resolution display by tweaking its DPI scaling

Windows 10 has gotten much better than earlier versions at supporting today's high-resolution displays. If you want to get the best out of your monitor, then check out our guide on how to adjust high-DPI scaling in Windows 10.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.
Deals

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…
Computing

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti.