BitMiner 49er

 In ITC's Threat of the Week

Can you go more than a few minutes online without seeing a reference to Crypto Currencies, BlockChain and the like?

Reports over the last few weeks and months have been warning about a new explosion in browser based BitCoin mining. Now this is nothing new. Way back in 2011 the BitCoin Plus service was launched. At that time the value of a single BTC was $7 and it was estimated that 6 computers could generate 50 BTC every hour.  BTC are worth around $9500 at time of writing.

There are some clever people out there who hopped on this bandwagon way back then and kept their precious until they were worth meellions. There are also some eejuts out there who leapt on the very same wagon with more than 6 computers, harvested a strong room full of BTC and then wasted them on frivolous gambles, rubbish investments and shady purchases. Good job we don’t know any of the latter eh, imagine just how sad, cynical and cold inside they might be today?

The use of many home computers to collaboratively solve complex problems is not new. Pioneers of the technique include the Search For Extra Terrestrial Intelligence at Home – [email protected] in 1999, which used volunteer’s machines to process the data from radio telescopes to find the little green men – so far unsuccessfully.

With the rise in value of BTC and other Crypto currencies the whole world+dog is looking for ways to mine them, even though the 1849ish like Gold Rush appears to be mostly over. Perhaps this new wave of prospectors should be called Miner 2 77,232,917 − 1ers, less pleasing on the ear though it is.

Recent audacious BTC mining schemes (mwahahaha) include a bunch of Russian nuclear scientists located within the most secret nuclear facilities in the world, who allegedly diverted significant supercomputer resources for their prospecting activities. What could possibly have gone wrong? Let’s hope that the Gulag is kind to them.

In a jaw-dropping move, the news site salon.com are offering users with adblockers a stark choice; disable the adblocker for their site or allow salon.com to utilise your computer resources to mine. A scheme this bonkers is clearly the work of some evil genius, presumably not an engineer. Time will tell if salon.com have comprehensively done themselves in (we do hope so) and will have to backtrack furiously.

As we all know, the lines between opportunism, entrepreneurialism and gangsterism are both fine and blurred. Enter stage right; organised crime.

This week, Coindesk revealed that more than 4,000 websites worldwide had been infected with Crypto currency mining software (in this case Monero) which would deploy in ‘drive-by’ fashion to visitors with vulnerable browsers – which is most people. Unfortunately these sites included non other than UKG’s Information Commissioner’s Office, red faces all round.

Gangsters do not generally infect individual websites – that would be far too time consuming. Instead the bad guys target third party content sites such as advertising plug-ins or in this case, somewhat despicably, a plug-in called Browsealoud which provides speech services to those with sight difficulty, or no sight at all, on all sites.

Clearing up the Browsealoud service will almost certainly compromise Internet service for the visually impaired, which should make us all understand the greed and nastiness of the perpetrators.

Up until now, many Enterprise types have not been overly concerned about Browser based Crypto mining. We would like to point out that as well as reduced machine performance, increased power load and heat generated, the very fact that rogue code is running on your user’s machines is a cause for concern. What, for instance, if the dropper could be repurposed for say a RansomWare attack?

In our opinion, this is very far from an innocent victimless crime and needs dealing with seriously and expeditiously. We urge you to contact your security and antivirus vendors and plan to identify, eradicate and protect against it.

It transpires that even innocent bedroom warriors aka ‘Gamers’ are also suffering from the current Gold Rush with Graphics Processing Units (which can be purposed, with the addition of a 3D canary, a helmet, pick axe and some software, to go mining) shooting up in price. Where will this all end?

If you would like some help to deal with this issue, anything else Cyber related, or would like a belated Valentine’s day card, please contact us at: [email protected] or call 020 7517 3900.

Oh, a couple more things; Microsoft unleashed a swathe of over 50 security patches this Tuesday, probably best to get on with it. In other (really bad) news, researchers continue to unearth novel ways to trick processors into releasing secret data. Of course, there is no live exploit code at this time, but it is coming, for sure. Best not be complacent.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return

totwtotw