The Dell computer corporation's SecureWorks Counter Threat Unit recently discovered an unknown hacker quietly "hijacking networks belonging to Amazon, Digital Ocean, OVH, and other large hosting companies between February and May 2014." During that period of time, the hijacker used a complicated but time-tested "redirection" technique to steal $83,000 of profits from the currency miners. ("Cryptocurrency" refers to virtual online currency, the most famous example being Bitcoin. The miners were basically using automated programs to engage in sophisticated high-speed currency speculation.)
As noted in an article by MIT cyber-security student Josephine Wolff at Slate, what's alarming about this little heist is that the redirection tools used by the hacker have been around for nearly two decades, and security professionals have no idea how to stop them, because they're perverting one of the core features of the Internet:
When we go online we take for granted that we’ll be able to reach content and communicate with people regardless of the Internet service provider they use. My home Internet connection comes via Comcast, but I can use that connection to email friends with Verizon or Time Warner, or any other service provider. Eventually, that email will have to make its way from my provider, where it originated, to the recipient’s. This is what the Border Gateway Protocol, or BGP, is for—to help autonomous networks like Comcast and Verizon connect and direct traffic between each other.
Using BGP routers, service providers announce which IP addresses they can easily deliver traffic to, so that other providers know which traffic to send them. If multiple providers advertise that they can deliver traffic to the same IP address, then whichever one serves a smaller set of addresses will receive traffic intended for that address. So networks are constantly updating and broadcasting these announcements to one another via BGP routers, letting their peers know which addresses they can deliver traffic to, and allowing the rest of us to ignore the question of which service providers everyone else is using.
Without BGP, there is no Internet as we know it. But that doesn’t mean it can’t cause problems—our reliance on the accuracy of the information provided by BGP routers means that anyone who can gain access to one can redirect some portion of online traffic by advertising a sufficiently small set of addresses whose traffic it wants to target. In other words, if you want access to some piece of online traffic directed to someone else, you can use BGP to announce that you will deliver it to its intended recipients—in the same way that Comcast announces it can deliver traffic to me—and the rest of the Internet will believe you. So this is probably what happened in the bitcoin theft incidents investigated by SecureWorks—the thief used the credentials of someone who worked at a Canadian ISP to send out false routing announcements. Using those announcements, the thief redirected the traffic of groups dedicated to bitcoin mining and was able to retain the bitcoins harvested by those groups’ machines rather than paying them out to the owners of the mining computers.