back to article Crooks use Synology NAS boxen to mine Dogecoin, yells Dell

Dell says skilled attackers have made a staggering $620,000 in the Dogecoin crypto-currency by exploiting vulnerable Synology network attached storage (NAS) boxes. The clever hackers pulled off the largest heist of its kind by planting mining gear on the NAS boxes to borrow their computational might - many NAS now boast grunty …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Shop Early For Christmas

    "approached Synology for comment but the company is yet to reply." Good luck with that.

    My experience with trying to get any kind of response from Synology would suggest that we'll all be decking the halls before you can even expect a reply.

    1. Anonymous Coward
      Anonymous Coward

      Re: Shop Early For Christmas

      Never use Linux for anything internet facing. It just has soooo many security holes.

  2. Anonymous Coward
    Anonymous Coward


    Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft?

    People need to give themselves a shake and stop using MS products!

    Even I'm getting bored of this now.....

    1. Bonce

      Re: Surprise!

      This hack involved nothing even remotely related to Microsoft.

      Read the article again.

      -10 internet points for you, must try harder.

      1. FrankAlphaXII

        Re: Surprise!

        Its called a joke, son.

        I'm sure if AC didn't want to compromise themselves by being something other than AC (its performance art, he/she/it does this on nearly every security related story here that isn't a Snowdenspaff™) they'd use their actual username put a joke alert icon in.

        Explaining why a joke is funny kind of sucks, if you don't get it, then you just don't get it I guess.

        It wasn't too long ago that if you dared venture into the comments on any security article on El Reg you would find a chorus of reworded versions of the same comment that AC is saying over and over with a few actually helpful and insightful comments along the way from people who knew what they were talking about, some mandatory Linux user smugness, and every now and then a Mac user.

        1. Anonymous Coward
          Anonymous Coward

          Re: chorus of reworded versions of the same comment

          It's actually a verbatim copy of one of those very comments! Thanks for explaining it to the newbies!!

    2. PCS

      Re: Surprise!

      I suggest you reread the article and you will discover it is about NAS boxes that have been left open to the internet.

      Nothing to do with Microsoft.

    3. This post has been deleted by its author

  3. Steven Raith

    Note to self

    Change ports from 5000/5001 to an acceptable semi-random value.

    Never remember to do that.

    I'm assuming it affects x86 and ARM, but that DSM 5.x has squished it?

    Steven R

  4. Anonymous Coward
    Anonymous Coward


    Much skill

    very dodgy


  5. Moosh
    Thumb Up

    "We googled it"

    "This conclusion is based in part on prior investigations and research done by [Secureworks], as well as further searching of the internet."

  6. Anonymous Coward
    Anonymous Coward

    There ain't never been a horse that...

    ...can't be rode, nor a man that couldn't be throwed. The same sentimate is applicable to the field of cryptography. Put faith in neither princes nor computers. Neither produce a damned thing.

  7. Truth4u

    What if you don't open port 5000, you are 100% safe right?

    It's alright saying NAT can be broken but until you demonstrate it its just hot air.

    1. Tom 38

      If you don't open port 5000, then you also probably are unlikely to leave a link to your (closed) port to your NAS on a web forum where it can be picked up by a google search?

  8. Mephistro

    First, Bitcoin, now Dogecoin...

    It's as if, one week after the tulip market crash in the Netherlands everybody started investing massively in, say, daffodils. Human gullibility, when paired with greed, knows no limits.

  9. Anonymous Coward
    Anonymous Coward


    Put your NAS on the Internet? Get what you deserve, and think yourself lucky if all they steal is CPU time.

    1. Anonymous Coward
      Anonymous Coward

      Re: FAIL!

      Surely that is the main selling point of a NAS? You want you data, music, video etc when you're out of the house. Your own ... cough ... 'private cloud' (sorry, not my term).

      There's nothing wrong with doing that if it is secured and securing it isn't that hard (there's plenty of internet facing servers - websites for one). However all devices need to be kept up to date with the latest security patches.

    2. John Tserkezis

      Re: FAIL!

      "Put your NAS on the Internet?"

      I have plans to make part of it available to the outside world, but I'm still doing research on how to secure it. It's a lot more work than you would think it is - especially when the majority suggestions are "just don't do it". Which I suppose are somewhat justified, if not helpful.

  10. jason 7

    Are Dell...

    ...selling QNAP then?

    1. John Tserkezis

      Re: Are Dell...

      "Are Dell......selling QNAP then?"

      That's what I was wondering. What's Dell's interest in this? They're not exactly competitors - they're not flogging the same class of kit, but they're not exactly working with each other either.

  11. This post has been deleted by its author

  12. oilyfishhead


    I call bullshait!. Especially on the 500 million coins number. These NAS boxes run, mostly, dual core Atom processors. I've tested them. They might get a 5 KH/s rate mining Dogecoin. It would take 200 boxes to get to 1 MH/s. Back in January a 1 M hash rate might have gotten you 1500 Dogecoins per day. It would take 33,334 days to get 500 million coins at 1500 coins/day. Even if you hijacked the E3 Xeon Synology boxes, it would take a lot of boxes a long time to get to 500 Million coins.

    Such questions. Bad smells. WOW!

  13. Tim Walker

    ARM-based Synos - don't bother

    We have a four-year-old Synology box - it's one of the lower-range ARM-based models - and whilst it does what we need (mostly: an extra drive and a server for the Logitech Squeezebox in the lounge), to say it's hardly a speed-demon is like saying Antarctica is hardly a good location for a beach resort.

    If I'd seen this story last night, I might've thought our Syno had been p0wned (sp?) for Tulipbulbcoin-mining, it was running so slowly. Turned out it was "only" indexing some photos I'd uploaded - I really should look into setting it up so it does the indexing overnight, as the Syno is effectively unusable while it devotes its resources to that titanic task. (Remember the coffee-machine on the Heart Of Gold and the Vogons attacking? Yup: same effect.)

    So, prospective BitGold-miners looking to hijack our Syno for some wealth-generation on the QT: I suggest you look elsewhere. You'll be lucky to get the equivalent of a few coppers out of the old jalopy, and I'll get so honked-off at the box slowing to a crawl that I'll end up rebooting it at the first opportunity.

    I think the chap down the road might have an Atom-based one, though... ;-)

  14. Adrian Taylor

    i call bullshit on this report as well based on the lack of any useful processing power in the majority of synology kit

    you would need a lot of nas running to equal one gpu let alone mine these kind of figures

    dell is doing a funny

  15. Anonymous Coward
    Anonymous Coward

    Secure Works is no joke.

    These guys are the mossad of internet security.

  16. razorfishsl

    You would have to be fairly stupid to connect a NAS with direct access to the internet anyway.

    Mine is on a private network, but for updates I pop in a USB WiFi dongle, which is then routed to the internet.

This topic is closed for new posts.

Other stories you might like