Notes

Websites Hacked to Mint Crypto-cash

Websites compromised to mint cryptocurrency-cash. Mark Ward Technology correspondent, BBC News



Published



9 October 2017



Comments



Share



Close



Share page



Copy this link



About sharing



File-sharing, charity and school websites have been uncovered by scammers who are using them to create crypto-cash.



Hackers have been able to install code to "mine" cyber-currencies on visitors their computers.



One search of the most popular websites found hundreds harbouring the malicious mining code.



In order to get a lot of computers to join the networks, attackers can swiftly earn money.



"This is a purely an numbers game," said Rik Ferguson who is vice-president of security research at Trend Micro.



Malicious use



Mr. Ferguson said that crypto-currencies work by allowing a variety of computers to cooperate to solve complex mathematical problems, which lead to new digital "coins".



The number crunching is called mining and new crypto-coins are handed out to miners who are the first to solve the complex sums.



The more computer power that someone can amass, said Mr Ferguson, the more coins they can make.



He added that there is an immense benefit in being able to share other people's computers and make use of massive computing resources.



"Cryptocoin mining malware" is not new, said Mr Ferguson. He said the growing value of established cyber-currencies, as well as the rise of new ones were driving the use of these malwares for malicious purposes.



A security researcher has scanned the code behind the million most popular websites to determine which run the widely used Coin Hive mining script.



Many sites utilize this and others, such as JSE Coin, legitimately to earn some money from their steady stream of visitors. The metrics published on the Coin Hive website suggest that a website that receives one million visits per month could earn around $116 (PS88) in the Monero cryptocurrency by mining.



The script was hidden on many sites in the scan. This suggests that it was uploaded secretly.



The BBC has contacted a number of websites in the UK that use the Coin Hive script. Those that responded said they didn't know who had added it to their website. Some have now deleted the mining code, while others have updated their security policies, and are investigating how the code was inserted.



Coin Hive's creators said they has also taken measures against the use of its services for malicious purposes.
Fivem


"We had a few early users who implemented the script on sites they had previously hacked, but without the site's owner's knowledge," they said in an email to BBC. "We have blocked a number of these accounts, and will continue to do so when we find out more about such instances."



It encouraged people to report any suspicious Coin Hive use and recommended that any website that uses it inform users that their computer may be part of a miner's scheme. A number of security software and ad blocking programs now warn users when they come across mining companies.



Security service Cloudflare has also shut down accounts of a number of customers who began mining scripts. Cloudflare explained the reason for its decision by saying that it deemed the code to be malware if users were not informed about it.



Cloud cracking



Hackers aren't the only ones to have compromised websites. Surreptitious mining of coins is not an issue. The problem is being addressed by many others in the technology industry.



This week, two top officials in the Crimean government were fired after they began using a number of official machines to mine bitcoin. The developers of the FiveM add-on or "mod" for the video game GTA V released an update that prevented people from adding miners to their code.



Some of the most prominent websites, including the Pirate Bay, Showtime and TuneProtect have been found to be harbouring the script.



Professor Matthew Caesar, a University of Illinois computer scientist, said that mining was also causing problems for companies that offer cloud-based computing services.



Professor Caesar said that he and his student Rashid Tahir started investigating the problem after conversations with several cloud companies revealed that each of them had encountered issues with mining coins.



He said that anyone who hacks into cloud accounts has access to a large amount of computer power. "They can get huge value from these accounts as there's no limit on the number of computers they can use.



He also said cloud service billing systems don't always disclose what's happening. Someone can get in and cause some damage before they shut down."



He said that victims can be left with huge bills for servers that attackers rented to perform their mining of coins.



He said that the Illinois researchers are developing a monitoring system to detect when the mining software is being used.



Professor Caesar stated that it's relatively simple to observe how modern processors deal with the complicated maths required by crypto-currencies if you look for them.



"We're in the process of working with a cloud computing company to deploy the monitor on their network," he said.



"We're also looking into how we can accomplish this on personal computers as well," he added.



More details on this story



Scenes from the crypto gold rush



7 September 2017



China bans Initial Coin Offerings



5 September 2017



Bitcoin increases to record value



7 August 2017



Burger King creates its own crypto-cash



29 August 2017



View comments


Here's my website: https://fivem-servers.com/