Crypto Jacker Asks for Job at Site He Breached

A crypto jacker has offered his expertise to the website he hijacked.

Timothée Jeannin, a developer at screenshot API service provider ApiLeap, was surprised one morning to discover 150 alert emails in his inbox from the logging tool he uses. He quickly investigated the matter and found some guy was rapidly creating new accounts and illegally mining cryptocurrencies using all the free plan credit. What followed was a rather interesting conversation that culminated in the trespasser asking for a job at ApiLeap.

Jeannin wrote in a blog:

“He was making screenshots of this page https://cnhv.co/2uujp to mine cryptocurrencies on the machines hosting the chrome instances we use to make screenshots. I figured he was hanging out on ApiLeap’s homepage so I could reach him through Crisp, the tool we use to chat with potential clients.”

Jeannin contacted the guy and asked him to immediately stop mining cryptocurrencies using ApiLeap’s server because such activity is a violation of the site’s terms of service.

The guy admitted to mining cryptocurrencies but appeared more concerned about the possibility of legal proceedings against him. When told that those would unless he ceased his illegal activities, the guy blamed ApiLeap for not implementing “any mechanisms to prevent bots or automated access.”

The conversation included the following exchanges:

Jeannin: We allow users to create accounts freely, but we have various tools in place to ban people. We also have a contractor that can build a legal case if needed.

Guy: OK I understand. But it’s your duty to make sure that automated software cannot make an account on your site  

Jeannin: We might add more security if we feel the need.

Guy: I am web developer too. I can help you. I just created a tool in PHP for automatically creating accounts on your site.”

The guy even advised Jeannin’s team to implement a captcha as further improvement of their security protocols.

Jeannin also asked the guy if their website was the first he had attacked.

Guy: No. This is my hobby. For fun and profit.

Jeannin: Do you make decent money from Coinhive?

Guy: No. I have not made anything yet. So I thought of using such sites to mine some coins.

Things turned quite interesting when the attacker asked for a position on ApiLeap’s team. However, Jeannin declined the “application,” telling him they already have a developer.

Friendly note from hacker

The incident with ApiLeap is one of the several instances with an intriguing twist to a hacker intrusion.

In February, the LA Times was hit by a cryptojacker who forced its visitors to mine digital currencies using their gadgets. The hacker left a friendly note urging the newspaper to update its cloud storage settings.

The note read:

“Hello. This is a friendly warning that your Amazon AWS S3 bucket settings are wrong. Anyone can write to this bucket. Please fix this before a bad guy finds it.”

Source: Read Full Article