The Tale of Smokey and the Crypto Bandits

eBPF Summit 2020

Okteto Cloud is a developer platform, powered by Kubernetes. The biggest benefit that our users get from our platform is the ability to easily deploy any type of workload with one click. A group of Crypto Bandits discovered us and decided to set up camp on our platform and use it to mine crypto coins. What's worse, they used our "source to deploy" feature to push their instructions to a Github repo, for more people to join their merry gang. A gold rush started…

In this talk, the Okteto Team will talk about how they were able to leverage Falco and eBPF to detect and repel abuse across our entire fleet of Kubernetes clusters. We'll share details about our experiments and current Falco implementation, how abusing Falco rules can bring a cluster down, and how we managed to find a balance between repealing a gang of crypto-bandits and keeping our systems online while ensuring that our good citizens were oblivious about the whole thing.