A cc2.8xlarge is reported to mine at 85 kh/s, so 20 of them would give you 1700 kh/s. That's roughly equivalent to a couple of high-end AMD GPUs (say a couple of overclocked 290x). This hashing power gives you a little over 0.5 LTC per day. It mined for two days, so it gained a little over 1 LTC. Let's call it $40.
That's right, the idiot behind this cost the OP $3000+ for $40 profit. A smarter criminal would have spawn GPU instances on EC2.
If you wanna CPU mine, you gotta download a specific CPU miner.
Source: I mine Litecoins.
A smarter criminal would have opted for g2.2xlarge instances as well as mining for a currently more profitable coin. Granted he'd need to be careful not to leave a trail, he could essentially trade these coins for LTC and still obtain more litecoins.
I'll boinc on my desktop for science and goodwill but will not waste any more time on Ripple's program or indeed on Ripple itself, as brilliant as the idea is. Ripple's founders are hanging on to their 60%+ outstanding Ripples so tightly that I suspect the project will never truly get off the ground.
As much as people criticize it, I think some variation of Bitcoin's seignorage mining is the only realistic way to bootstrap a successful virtual currency, at least at this point.
See https://www.multipool.us/ for reference. Although it fluctuates a lot, LTC has been around 4th-5th in profitability among scrypt coins. Often 5th. And wait for Doge to feature in these pools :-)
Then the GPU instances will be available in the list.
Ran into the same thing myself ;)
If you're hacked the most likely problem you'll get is a spike in data transfer costs. You can up the alarms to, for example, email you if the bandwidth usage goes above x (cost) over y time period.
I had a perl DOS bot get into a server, took about 2 hours to trigger the alarm. Shame I was fast asleep at the time, but the idea was there...
Though Amazon still has services that "don't support IAM" ... I'm looking squarely at Payments. That particular master key always makes me nervous.
If he originally received this note from amazon, it makes me also wonder if amazon knew about the fraud while it was happening. I sense that they probably monitor the launch of many of the XXL servers more closely than others.
Almost certainly not. I've seen AWS reverse charges even when it's unequivocally the user's fault rather than someone hacking in.
As an example, I launched two reserved instances outside of a VPC when I meant to launch inside a VPC. At the time, this couldn't be changed, and the docs were very clear on that. After filing a support ticket, they reversed the reservations... and gave me a $100 AWS credit. For my fuck-up.
I had an issue with a 9 month on SD card splitting, not expecting much I emailed them and they immediately sent out a replacement and told me to return the old one. I've had a couple of things go wrong with orders (sometimes just delayed in post) and they've always been very quick and helpful. Not all companies, online ot brick & mortar, understand this well enough.
I for sure would go to your billing report on the AWS console and setup alerts. You can have AWS notify you automatically if your bill goes above any threshold you want to define.
They did refund the money.
Sorry to the OP, hope that Amazon reverses those charges once you tell them what happened.
What we need is not to say "don't it", because no shit we shouldn't be doing that. instead we need defense mechanism. It would be helpful and interesting if git or hg has a plugin that detects when some credentials is leaking through and warn users "hey you better check this shit out" before doing a real commit.
The other thing is "don't commit key into a private repository". Don't chef and puppet users usually do that? How are people backing up their keys?
I've saved api keys to a repository, but only ones with no payment information attached and read only access. Mainly because I couldn't think of a better way at the time.
Anyone have any suggestions?
Works well on teams, where the subset of developers that don't need to do actual deployments don't need the private repo anyway.
There are a couple of things that are easy to overlook when using billing metrics.
1. All billing metrics are stored in us-east-1 even for usages in other regions.
2. If you are using consolidated billing, billing metrics will be published under the linked account, and will only be visible to that account.
Hope that helps.
...what? Is this true? If so, can someone explain the logic behind this?
Scary. I'm sure a lot of universities and servers will see an influx of hacks for coin-mining.
It's important to remember that open-sourcing is generally one-way: once it's out there, it's impossible to completely eliminate all traces. Always audit code, and if there's even a remote possibility that you'll regret it you should check again
EDIT: Why is it unlikely the FBI will successfully investigate?
(I'm not saying otherwise, I'm asking)
Reminds me of the old phrase: What's the difference between hacking and penetration testing? Permission.
But will any law enforcement department or agency actually look into it? Highly unlikely. There's so much major scale white collar crime/cybercrime going on daily that it's generally too hard to dedicate resources to smaller cases like this.
Now, if they got evidence the perpetrator was doing this with dozens or hundreds of AWS accounts, that would be another story.
The damages which amazon will likely refund.
The FBI does not target petty thieves.
Their statutory minimum to investigate is 5k, but they suggested it's worth getting in touch with them either way. If nothing else, it'll give them an excuse to say "cyber" a few more times.
They listened politely until I said how much it was worth -- one of my favorite quotes was "If you added a zero to the end, we'd knock down their door at 6AM tomorrow. For $3,500 it's simply not worth our time."
He is still a criminal either way.
The question is whether the poster is such a person.
Or maybe it's just a coincidence they emailed immediately AFTER he racked up +3000$ in charges.
Hmmm..you already guessed someone hacked your account to mine litecoin? Astroturfing much? That's the last thing I would have guessed. I would have thought someone was using it as some crazy web server or mail server to generate spam or phony websites for bogus ad clicks.
It was probably the type and quantity of instance that tipped me off a little, having read about people trying to mine with EC2 again.