Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.
Thanks for clarification. Couldn't have an encryption protocol prevented that man-in-the-middle attack?
Spoofed BGP packets were used for the attack. Miner-to-pool encryption would only have been beneficial if the encryption portion couldn't be tricked. For instance, if the mining was done over an proprietarily (SSH, IPSec, etc) encrypted connection where the connection would only work with a known signature on the mining-pool end and the 3rd party had no way to spoof the mining pool's signature. OTOH, if it was done over SSL and the mining software accepted self-signed certificates (or if the hacker was also able to get a socially hack to get a centrally signed certificate), then it wouldn't have prevented the attack because the miner would just try to reconnect to the malicious pool after packets were dropped, accept the SSL certificate, and mine just the same. I don't know whether or not any mining pools exist that use proprietarily encrypted connections, but I'm guessing not. As for mining over SSL, again, I don't know if any mining software (or proxies) supports SSL and rejects invalid/self-signed certificates or only accepts specifically user-approved certificates. This seems more feasible, but the majority probably wouldn't have it secured right regardless.