There was a time when, if you wanted to scam someone online, you had to be proficient in hacking techniques, or be able to write some very persuasive emails.
However, that’s no longer the case with the arrival of background mining software, which stealthily runs on a computer and siphons off CPU power without the user’s knowledge. The power goes towards the mining of cryptocurrencies, the profits of which you never see, of course, but someone out there makes a pretty penny from your electricity, battery power, and hardware.
Such activity doesn’t always have to be nefarious, however, and crypto enthusiasts may already be familiar with projects such as Golem (GNT), SONM (SNM) and iExec RLC (RLC), which cater for the legitimate trading of unused computer resources. The key word here is legitimate.
A study carried out earlier this year revealed that almost 50,000 websites had been maliciously infected with background mining software, with Coinhive being the most-used mining tool. Worryingly for bloggers, over 10% of the sites affected were WordPress sites, suggesting a possible inherent weakness in the platform.
Meanwhile, in February of this year, the UK government found itself victim to a background mining attack, which saw 4,000 websites infected with the software. The list of sites affected included that of the UK Student Loans Company (SLC), and the Scottish National Health Service (NHS).
The National Cyber Security Center (NCSC) addressed the malicious code immediately upon discovery and released a statement shortly afterward, stating:
“NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely.”
Of course, by that time the scammers have already collected their earnings, and very little can be done to bring them to justice.
Upfront background mining
Some websites are actually quite upfront about their use of background mining techniques. American online magazine, Salon, has implemented a system where, instead of viewing advertisements, a user can opt to have some of their CPU power used for crypto mining.
The site gives users the option of keeping their ad-blocker switched on, in which case you will give up a portion of your processing power to the site owners.
One has to wonder what will cost you more, sitting through a few adverts that you don’t want to see, or allowing Salon to harness your electricity, battery, and hardware.
The trend of mainstream sites engaging in something like background crypto mining may come as a surprise to many, but it’s a trend that seems to have become quite common.
Back in September of 2017, the American TV station Showtime was streaming episodes of Twin Peaks to audiences online, using their showtime.com and showtimeanytime.com websites.
As Gizmodo reported, one particularly attentive fan took to Twitter to reveal the hidden Coinhive script running silently in the background while everyone watched Twin Peaks.
Showtime soon removed the script upon the eruption of public outrage, and amazingly have since declined to comment on the incident.
What would be more worrying for Showtime users? That their platform was vulnerable enough to get hacked? Or that their service provider chose to exploit them without their permission or knowledge?
Advocates of background mining will point out that the technology is actually quite disruptive in a good way, and could replace established forms of internet monetization, as evidenced by the Salon example.
But given the ease with which background mining tools can be deployed, and more importantly, hidden from their intended victims, such utilities are going to remain the playthings of hackers and scammers for the time being.