Multiple legitimate websites are hacked to leech processing power from visitors’ computers, using them to mine cryptocurrencies.
Hackers have installed malicious code on websites belonging to charities, schools, file-sharing providers as well as CBS, based on scans without the knowledge of their web agency.
Mining, in this sense, describes the practice of producing units of a digital money like Bitcoin. The mining computers accumulate pending trades (a block) and collate them into a coded mystery. The first miner to get the solution announces it, and these transactions are confirmed and added to the blockchain. The miner then receives some money as a reward.
Because just the first to solve the mystery gets the prize, miners tend to use quite powerful computers, in this instance, a widely-distributed network.
There’s an enormous fascination of being able to use other people’s devices in a massively distributed manner, since then you effectively take advantage of an enormous amount of computing tools and power without having to pay the price for the hardware or utilities.
Webmasters can use platforms such as JSE Coin and Coinhive to put in a piece of code on their websites that could mine coins by utilising excess CPU power of people’ machines. However, it’s not necessarily legitimate webmasters implementing the code.
Installing this script on hundreds of sites basically means the perpetrators have assembled a supercomputer, which is generating cash, while the legitimate owners remain unaware. It is somewhat like a criminal breaking into a mill when nobody is looking and covertly using business machines for their own way, except in this case it’s data capacity being used to mine Bitcoins.
The scans Have indicated that the code has been set up without the owner’s consent on a lot of affected sites, and because of the owners’ lack of knowledge, no asset tracking system has been put in place to trace this back to the hacker.
Coinhive have revealed that they had a couple of early users implement the script on websites they hacked, without the website owner’s knowledge. As a result, Coinhive have had to ban a number of these accounts and will continue to do so in the future as they learn about these circumstances occurring again.
Cloud at risk
Websites aren’t the only thing in danger from surreptitious code injection. Matthew Caesar of the University of Illinois explained it’s also problematic for companies running a cloud management system for clients.
The reasoning provided for this is that if someone can hack into a cloud accounts that they have access to an enormous amount of computer power. With that, they can get massive value from those accounts since there’s not much limitation on the amount of machines they could use.
Often, the charging systems that the cloud providers run don’t reveal what’s happening. Someone can get in and cause a good deal of damage before they are closed down, there is nothing that can be input through the web design at this stage to help counteract the code from being implemented within the website.
The researchers at the University of Illinois are now developing a real time GPS tracking system which can identify when such mining applications has been used, and they are now working with an unnamed cloud company to deploy it in their own network.
The key takeaway from this issue is that for reasons like this, it is essential to know what code you are running on your site, and put countermeasures in place. Organisations will need to be continuously monitoring web software, ensuring that they have a good grasp of all code that’s running and enforcing change whenever something suspicious plants up.