Skip to content
Naked Security Naked Security

Federal Reserve staffer caught mining bitcoins at work fined $5,000

Staffer bypassed security and installed mining and remote-access software on a Federal Reserve server

After using a server at the Federal Reserve to mine virtual currency, planting remote-access software so he could keep an eye on the workings from the comfort of home, and then trying (unsuccessfully) to cover his tracks by remotely deleting the software, a communications analyst for the Federal Reserve’s Board of Governors in Washington wound up getting fired.

The ex-employee, Nicholas Berthaume, pleaded guilty in October to one misdemeanor count of unlawful conversion of government property – namely, for installing unauthorized software on the server.

On Friday, Berthaume was fined $5,000 and given a year of probation, according to a statement from the Federal Reserve’s Office of Inspector General (OIG).

According to the plea agreement, Berthaume installed bitcoin mining software on a server at the Fed’s board. The central bank hasn’t figured out how much he managed to rake in courtesy of its computing power.

We don’t know how much electricity he used, but we do know that when it comes to mining bitcoins these days, the low-hanging fruit have all been plucked long ago. It takes some serious kW to get at the high-hanging plums.

Fun bitcoin mining electrical fact: according to Bitcoin.com, the global bitcoin mining economy currently consumes nearly $500m in electrical and operational costs and is on track to consume as much electricity as Denmark by 2020.

That’s a lot of heat, but it’s being turned to virtuous green in at least some cases: warming homes and warehouses, say, or accelerating rum barrel aging.

So yes, Berthaume was undoubtedly heating up the server room. To compound that environment crime, of course, was that remote-access software installation.

While the Fed didn’t manage to figure out how much Berthaume made from his mining, it did manage to spot the fact that he tweaked security safeguards so that he could remotely access the server from home.

When confronted, Berthaume tried to deny it. Then, he remotely deleted the software to try to cover his tracks.

#Fail. Forensics confirmed that he was involved, and he was terminated. He ultimately confessed.

Fed inspector-general Mark Bialek said that the board’s data is now completely secure and that it’s subsequently implemented better security.

Berthaume’s actions did not result in a loss of Board information, and we have been informed that the Board has implemented security enhancements as a result of this incident. Additionally, Berthaume’s voluntary admission of guilt and his full cooperation were critical to the timely closure of this matter.

There was a similar case Down Under a few years back, at the Australian Broadcasting Corporation (ABC). An IT staffer got it into his head to slip a bit of bitcoin mining software on to the servers and was using the idle CPU cycles to generate the virtual currency.

Or, at least, that’s what he might have done, were the software not spotted within minutes. The notion got rattled out of his head, and, well, that’s about it. Specifically, his access to production systems was throttled, and he was put under “close supervision” by a manager.

Their punishments differed, but both cases of mining involved employees who decided to appropriate “unused” CPU cycles, regardless of issues around security, authority and operating cost.


4 Comments

Won’t be a surprise if we see more such stories cropping up. For some, all those unused cycles will be too much of a temptation.

Not sure why the Aussies were so soft. In private industry here in the USA it would have been a termination offence, possibly with loss of pension benefits.

What does “a communications analyst” do? Almost any network admin would know that doing this would be difficult to hide. I get complaints all the time about server and network latency problems, from my boss! Oh, that’s right he works for the Fed, so no one cares.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?