Apr 26th, 2018
Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency
Almost 1,300 addresses for Amazon Route 53 rerouted for two hours.
Amazon lost control of a small number of its cloud services IP addresses for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that let them to redirect traffic to rogue destinations. By subverting Amazon's domain-resolution service, the attackers masqueraded as cryptocurrency website MyEtherWallet.com and stole about $150,000 in digital coins from unwitting end users. They may have targeted other Amazon customers as well.
During the attack, eNet Inc, an Ohio-based IP service provider, was wrongly announcing parts of AWS's IP space to its peers and forwarded them to internet backbone provider Hurricane Electric, which in turn affected Cloudflare's DNS directory resolver.
"During the two hours leak, the servers on the IP range only responded to queries for MyEtherWallet.com," explained Cloudflare engineer Louis Poinsignon.