Bitcoin miners breached Land Information NZ cloud service

Credit: Toitū Te Whenua Land Information New Zealand

A Land Information NZ cloud service has been hacked into the headquarters of a rogue bitcoin mining operation, the New Zealand land registry operator told parliament.

LINZ IT staff detected an increase in usage of an underlying public cloud service during the year ended June 30, 2021, the agency told the senior production committee as part of its annual review.

“Within 24 hours of the breach beginning, an investigation found a compromise in a third-party application configuration that had allowed an external party access,” LINZ reported.

“No data breach occurred because the unauthorized access was running a bitcoin mining process to use infrastructure capacity (CPU and memory) and not access data that was on the server. ”

The “Cryptojacking” operation was stopped within 24 hours of its detection and the system configuration was changed to block access.

LINZ reported the breach to the National Cyber ​​Security Center (NCSC) and a report was commissioned from a third-party computer security expert.

In November, Google issued a warning that hackers were using compromised cloud accounts to mine cryptocurrency. The company said that 86% of compromised Google Cloud instances were used to perform cryptocurrency mining, which requires massive computing resources.

Three-quarters of cloud hacks took advantage of poor customer security or vulnerable third-party software, Google reported, recommending cloud customers use two-factor authentication in addition to a username and password. ‘a password.

In the same month, US computer security firm Zscaler warned that there is a strong incentive to steal compute time due to the compute-intensive nature of mining.

“Our ThreatLabz researchers have detailed how malicious actors use end-user devices to mine cryptocurrencies,” wrote Rob Bolton, engineer at Zscaler. “One method is to use in-browser JavaScript to perform the extraction, most often without the user’s knowledge or consent.

However, there are other avenues for exploiting cloud services, Bolton warned.

“The rapid adoption and explosion of the suite of services and associated configuration options has led to insecure cloud deployments, and malicious actors have taken notice.”

A cryptomining worm from the TeamTNT group has been detected spreading through AWS, for example. The worm harvested credentials and then deployed software to mine the Monero cryptocurrency.

This is not the first time bitcoin miners have used LINZ resources. A note in his report stated that in a previous fiscal year, an unauthorized mining script was discovered running on a non-production database, used for user acceptance testing. and had been arrested.

Also in 2021, a LINZ server, used to host public datasets, experienced a high number of username and password attempts.

“Not a rare occurrence, but an attempt was successful in accessing the server,” the agency reported.

“Due to the small amount of data transferred during this breach (

LINZ shut down the server within 24 hours, preventing any further breaches, and notified authorities.

LINZ is also working on a five-year program to modernize and rebuild Landonline, the technological system that underpins private property rights by providing a record of land ownership and property boundaries.

New features are being introduced as the rebuild progresses, with an initial focus on customer service improvements, LINZ told the committee. In February 2021, for example, a public search function went live at a total cost of $2.8 million.

LINZ also launched two new real estate transaction notification services at a cost of $7.6 million: Notice of Change of Ownership and Notice to Mortgagee.

Total capital expenditures for the program as of June 30, 2021 were $33.4 million out of a total budgeted cost of $128 million. In late 2018, it emerged that LINZ had chosen AWS as its primary cloud platform.

Reseller news asked for the report commissioned by LINZ on the cryptojacking breach.

Join the newsletter!

Error: Please verify your email address.

Tags Googlemicrosoft azureBitcoinAWSland information new zealandLINZCryptojackinggovernmentcybersecurityCloudsecurity