A 41-year-old airport computer technician at Italy’s Lamezia Terme International Airport has reportedly been arrested by local police after allegedly being caught using airport computer networks and power to mine Ethereum.
According to Rai News, the unnamed technician was in charge of the airport’s computerized infrastructure, giving him access to networked assets.
The mid-sized airport, located in Italy’s southwestern Calabria region, serves the busy tourist area and is also home to the Italian military’s 2nd “Sirio” Air Regiment. According to reports, he took advantage of his unrestricted access to control areas and installed Ethereum mining software on the airport’s systems, compromising their security in the process.
“Alarmed by Anomalies”
The staff at Italian company Sacal, which manages Calabria’s seven airports and airfields, first noticed that something was amiss due to unusual network activity and high power consumption. They reported the matter to the Postal Police of Reggio Calabria and Catanzaro, which took up the investigation.
In addition to dramatically increasing electricity usage and taking up system resources, such malware also shortens the operational lifespan of infected computer hardware and in some cases has been known to result in operating system failure. This created the potential of a potential service outage that would affect the communication systems at the crucial regional airport.
Police investigators working with airport authorities performed an IT audit of the airport’s facilities, reportedly discovering an improvised mining farm spread out across two technical rooms. The farm was made up of 5 GPUs rigged into a setup optimized for mining Ethereum.
Full-Service Stealth Mining
The setup was connected to the internet via systems that were to be exclusively reserved for airport management services, and it was connected to the airport’s 24-hour power supply. The miner was allegedly mining Ethereum around the clock at no risk to himself and at the airport’s expense.
Investigators working with the Lamezia Terme Public Prosecutor’s Office were able to establish that the setup was being used to mine Ethereum. They were also able to use the IP addresses linked to the mining processors to determine the location of the Ethermine pool the miner was working with. After a period of observation that included the use of secret cameras and stalking, the employee allegedly responsible for the breach was identified and taken in for questioning.
The story highlights the continued threat of so-called ‘crypto-jacking’ and stealth mining to network managers. In 2014, Harvard University’s supercomputer cluster dubbed Odyssey was hit with crypto-mining malware that hijacked its capabilities to illegally mine Dogecoin. In November 2019, BeInCrypto reported that Dexphot, a sophisticated crypto mining malware was found to have infected more than 80,000 computers.