What is the story behind the "Linode problem"?

Question

What is the story behind the "Linode problem"? How did the service become compromised and what has exactly happened because of it?

Answer 1

The "Linode problem" is storing Bitcoins on a managed device. That managed device might be server hosting from Linode, for example, or a cloud server at RackSpace for another example. In both instances, by simply gaining root access using the service provider's systems, tens of thousands of bitcoins were stolen.

The incident in which the "Linode problem" term was coined, more than 46K BTC were stolen in a security breach at Linode, including 43K from Bitcoinica's wallet alone.

Linode hasn't disclosed the exact scenario but it is believed that an employee's system was compromised remotely and that system had access to a back door that allowed administrative access to every Linode host. With administrative access. wallet.dat's are vulnerable.

• http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/
• http://bitcoinmagazine.net/the-bitcoinica-linode-theft-and-what-it-means-for-bitcoin/

There are all sorts of managed systems. Most enterprise computing systems have administrative access for not only their systems in their data center but also for managing their employee's devices. This might allow a thief, or rogue employee or contractor even to gain access to Bitcoins.

Even mobile devices could be totally vulnerable.

Answer 2

There lies the problem. For a $100 a month, you can have a server administrator manage your Linode. If his system gets compromised, you are now at risk for an attack. In my case, I manage my entire server on my own. I even went as far as setting up an SSH key for log in, so an attacker would have to get a hold of my system directly and find my ssh keys. Considering I have all the latest antivirus software, firewall and common sense not to open up malicious email attachments, I should be fine.