Wind farm worker sentenced after turning turbines into a secret crypto mine

A technical manager at a Dutch wind farm operator has been sentenced to 120 hours of community service after it was discovered he had secretly installed cryptocurrency mining rigs at two wind farm sites - just as the company was recovering from a ransomware attack.

Wind farm operator Nordex discovered that its turbines were not only generating green energy, but were also powering a secret cryptocurrency mining operation at two of its sites in Gieterveen and Waardpolder.

The unnamed rogue employee, who is in his forties, connected three cryptocurrency mining rigs and two Helium network nodes (a device which acts as both a wireless gateway and blockchain node) to his employer's internal network between August and November 2022.

The mining rigs were plugged directly into Nordex's router at a substation in Gieterveen, while the Helium hotspots were installed inside the actual wind turbines at the Waardpolder site.

A court in Assen heard that Nordex had shortly before it discovered the unauthorised cryptomining equipment been dealing with a ransomware attack orchestrated by the notorious Conti gang.

The Dutch man is far from alone in attempting to turn company resources into cryptocurrency, as I have reported in the past.

For instance, in February 2018, several scientists at the Russian Federal Nuclear Center in Sarov - a top-secret nuclear warhead facility - were arrested for attempting to use one of the country's most powerful supercomputers to mine Bitcoin. One of them, Denis Baykov, was ultimately fined 450,000 rubles after being found guilty.

In the same year in China, headmaster Lei Hua lost his job after stealing the school's electricity to power a secret cryptocurrency-mining rig of eight servers that ran day and night mining Ethereum.

In the wind farm case, the court was told that the employee showed "no concern" about the potential disruption his action could have caused to turbine operations, used to generate power for thousands of homes.

Ordered to pay €4,155.65 in damages to Nordex, plus the same amount to the state, the man has been sentenced to 120 hours of community service.

All organisations should remember that insider threats are a significant problem, especially with technical staff having privileged access to systems and data.

In this instance, the message is clear. Renewable energy may be for the public good, but that does not mean that it is necessarily acceptable for the public to exploit or monetise.