Coverity Scan code checker's systems crypto-jacked to run cheeky mining op

Freebie tool restored after 4 weeks offline


The systems of freebie open-source code scanning tool Coverity Scan were hacked and abused to run a cryptocurrency mining operation, its operator has confirmed.

Synopsys, the firm behind Coverity Scan, said its corporate systems were not affected by the previously unexplained incident, which resulted in the suspension of the service for around four weeks until last Friday.

In a breach notice this weekend, Synopsys said:

As you may be aware, there recently was an interruption in the availability of the Coverity Scan service. In February 2018, we discovered that servers used for the Coverity Scan service were accessed by an unauthorized third party. The access appears to have started earlier in the month. We suspect that the access was to utilize our computing power for cryptocurrency mining. We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.

We have closed the method of access, and the Coverity Scan service is again available as a free service to the open source community. The Coverity Scan service data is backed up frequently, and Coverity Scan service data will be restored. We regret any inconvenience caused by the downtime of the Coverity Scan service.

Registered users have been asked to reset their passwords to access the service again.

Jim Ivers, vice president of marketing at Synopsys' Software Integrity Group, told El Reg the firm had called in computer forensics experts.

"The service was down for about four weeks. We took the service down immediately upon discovering the unauthorized access. We engaged a leading computer forensics company to independently assist in the investigation, and kept the service down until we completed the investigation. The investigation reported no evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed.

"We have addressed the source of the unauthorized access and took the down time to perform maintenance on the servers that drive the service. The service was restored Friday, March 16. The only interruption to the users was the unavailability of the service and that registered users had to reset their passwords on their first entry to the service once it was restored."

Ivers reiterated that Synopsys' corporate systems were not affected so its corporate data and intellectual property were never at risk.

"The servers used by Coverity Scan were not connected to any other Synopsys computer networks. The servers were purely for external access to the Coverity Scan service. No other Synopsys systems were affected by this event," he added. ®

Broader topics


Other stories you might like

  • Investors start betting against Bitcoin with short-trade products
    Some crypto-bros keep the faith in the face of market onslaught

    ProShares, the issuer of exchange-traded funds with around $65 billion under management, has launched the first short Bitcoin exchange-traded product in the US, offering a way for investors to make money from the ongoing cryptocurrency meltdown.

    Dubbed the ProShares Short Bitcoin Strategy, the ETF is set to launch on the New York Stock Exchange under the ticker BITI. Bitcoin declined to $17,601.58 over the weekend, according to Coin Metrics. It has lost 70 percent of its value since last November's highs.

    Speaking to the Financial Times, Nate Geraci, president of wealth management firm The ETF Store, said there would be "a rather robust market" for the short funds.

    Continue reading
  • Inverse Finance stung for $1.2 million via flash loan attack
    Just cryptocurrency things

    A decentralized autonomous organization (DAO) called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million.

    "Inverse Finance’s Frontier money market was subject to an oracle price manipulation incident that resulted in a net loss of $5.83 million in DOLA with the attacker earning a total of $1.2 million," the organization said on Thursday in a post attributed to its Head of Growth "Patb."

    And Inverse Finance would like its funds back. Enumerating the steps the DAO intends to take in response to the incident, Patb said, "First, we encourage the person(s) behind this incident to return the funds to the Inverse Finance DAO in return for a generous bounty."

    Continue reading
  • Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players
    But welcomes fast cross-border payments in central bank digital currencies

    In the same week that it welcomed the launch of a local center of excellence focused on crypto-inspired central bank digital currencies, Singapore's Monetary Authority (MAS) has warned crypto cowboys they face a rough ride in the island nation.

    The center of excellence (COE) was established by the Mojaloop Foundation – an open source effort to create payment platforms to make digital financial services accessible to those without access to banks. The COE aims to "accelerate financial inclusion in emerging markets" through hackathons, workshops and pilot projects while examining expanded CBDCs payment capabilities."

    Singapore's sovereign wealth fund has invested in Mojaloop, and MAS chief fintech officer Sopnendu Mohanty serves as a board advisor and the authority provides representatives to the Foundation's working group, alongside folks from the Bill & Melinda Gates Foundation, Google, and more.

    Continue reading

Biting the hand that feeds IT © 1998–2022