Criminals are hijacking your computer to mine cryptocurrency

Egyptian internet users who accessed the porn site Babylon-X.com in recent years might’ve noticed their computers slowing down or overheating while taking in the entertainment. It wasn’t because Babylon’s videos were too high-definition, or that there were too many ads stifling the load times.

Nope. The slowdown was actually a result of the Egyptian government secretly hijacking its citizens’ computers “en masse” in order to mine the cryptocurrency monero.

Egypt’s manipulation of its country’s porn users is just one form of the growing trend of cryptojacking, where a computer’s processing power gets co-opted by outside forces (read: hackers) who use the extra computing energy to mine cryptocurrency either purposely or surreptitiously.

The practice has exploded in popularity — among both criminal and legitimate enterprises — in recent months along with the exponential rise in the price of bitcoin and other digital currencies. According to a report by Symantec published last week, there was an 8,500 percent surge in cryptojacking attacks in the final quarter of 2017. Researchers called the surge “a modern-day gold rush for cybercriminals.”

And nearly 25 percent of all attacks were detected in the U.S., which is more than the next three countries combined — Japan (9.4 percent), Germany (6.4 percent) and France (5.9 percent), according to the same report.

Unsurprisingly, criminals have been the quickest to capitalize on the new trend. It began when criminals started hacking millions of PCs and smartphones to plant malware that secretly mined cryptocurrencies like bitcoin. But more recently criminals have turned their attention to hacking websites, where they secretly inject code that captures the processing power of visiting PCs or smartphones, exponentially growing their web of power sources.

Mining is the process of solving complex mathematical equations in order to verify transactions on the network. The computer that solves the problem is rewarded with freshly minted coins.

As David Gerard, author of the book “Attack of the 50-Foot Blockchain,” explains: “It's literally a computer guesses a number, billions and billions and trillions of times a second, hoping to win the lottery. That's actually how cryptomining works.”

The more processing power you use, the better your chances of winning the lottery each time. Translation: Mining bitcoin is an enormously energy-intensive process, which can only be conducted by powerful and specialized machines.

This is why criminals look to co-opt as many computers as possible. And it partly explains why the vast majority of cryptojacking focuses on a lighter digital coin called monero, which for now can still be mined using laptops, smartphones, and PCs.

But hackers are also thinking outside the box, hacking servers controlling power stations and even home fridges in search of the energy they need to mine more popular cryptocurrencies.

But it’s not just criminals who think cryptomining is a way to make money. Some in the online media industry also see it as an alternative revenue generator that reduces their reliance on ads.

There are two recent high-profile examples of companies trying to use cryptomining for legitimate ends.

The first was Bail Bloc, the brainchild of the online publication The New Inquiry and the nonprofit Bronx Freedom Fund. The project saw people download an app onto their computers in order to mine the digital coin monero, which would then be converted into dollars and used to pay for the bail of those who can’t afford it.

Four months later and the project’s stats page says it has mined $4,955 — though that figure hasn’t budged in the last two weeks. Several attempts to find out if the money had been used to pay for anyone’s bail went unanswered.

The other high-profile effort is from liberal website Salon. In February, the media company launched its own attempt to get in on the crypto action by offering its visitors the option to give the site some of their CPU processing power to mine monero.

The company points to the rapid adoption of ad-blocking technology and the subsequent loss of revenue as one of the main reasons it’s wading into the cryptojacking trend.

“Maybe this can help,” Salon Media Group CEO Jordan Hoffner told VICE News about the site’s new initiative.

But a lot of questions remain, and not everyone is convinced cryptomining is the solution for declining ad revenue. “I do think it is all rubbish, but I can see people continuing to try because journalism is desperate for anything to fund it,” said Gerard.

Should other websites follow Salon’s lead, then the process will run into more problems, because the more people who are using the system, the harder their CPUs will have to work, and the less return they’ll get, Gerard warned.

“With bitcoin, every two weeks it checks how fast blocks are being mined. If they are being mined too fast, it alters the algorithm to make it harder. Monero and ethereum use the same process,” Gerard said.

Browser-based cryptocurrency mining has been around since 2011, but few had actively exploited it until last year, when a company called Coinhive released its new mining script last September.

Coinhive is a secretive German organization that created a piece of code administrators can embed in their websites and which uses the processing power of visitors’ computers to mine for cryptocurrency. Specifically, it mines monero, which is gaining traction on the dark web for its privacy features and relative ease of mining.

Coinhive offers its code for free but keeps 30 percent of all the coins mined for itself — and that includes any criminal use of its script. According to source code search engine PublicWWW, there are currently more than 30,000 websites actively using the script.

An unnamed Coinhive spokesperson told VICE News in an emailed interview that it has 180,000 customer accounts, and at any given time, somewhere between 2 million and 3 million people are actively mining monero using its service.

While Coinhive offers its services to legitimate business, criminals have used its code to illegally mine monero.

The company would not say how many people it employs, who founded the company, or how it is funded. It also refused to reveal the value of the cryptocurrency its script has help mine to date.

But a recent investigation by investigative journalist Brian Krebs found that Coinhive emerged from a German-language image-hosting and discussion forum pr0gramm.com. Krebs’ report claims that even when it shuts down illegal uses of its script, the code actually keeps running and the company scoops up 100 percent of the coins mined.

Any website can use the piece of JavaScript, and they can even embed it on their site and not tell their visitors — though Coinhive says it actively dissuades customers from doing this.

Cryptojacking is now so competitive that one criminal group created malware that would kill off any competitors it found on the systems it was infecting.

As cryptocurrencies only grow more popular, bad actors from hackers to criminal enterprises to corrupt governments are exploring ways to conduct massive campaigns, which risk compromising tens of thousands of computers and millions of smartphones along the way.

That alone is cause for concern among cybersecurity experts, but hackers are also exploring more extreme ways of stealing computing power.

Security company Radiflow recently discovered a European water utility had been compromised and its servers had been altered by criminals who were mining monero. And though that may not sound like too dangerous a hack on its own, the reality is that cryptojacking risks overpowering a CPU, causing it to crash. When that computing system controls critical infrastructure like water, electricity or gas, the consequences can quickly become very real.

Dan Gunther, principal threat analyst at cybersecurity firm Dragos, said that hacking tools stolen from the NSA and leaked online had led to huge vulnerabilities in critical infrastructure systems around the world.

“Because a lot of utilities have not locked down that protocol from the outside, we have seen the success of cryptomining attacks,” Gunther said.

“Cryptomining is a huge area of concern,” he added.

Cover image: Racks with crypto mining farms. Moscow, Russia. Vladimir Astapkovich/Sputnik via AP