Whenever we think about web threats, issues like malware, hacking and pornography are probably the first to pop into our heads, but cyberspace is witnessing one new web menace that is quickly gaining international attention, “Crypto Jacking”. It involves the secret use of your computing device to mine crypto-cash. Anyone casually using the internet at home can be unwittingly functioning as a proxy member of a hacker’s team. Over the past few months, there has been a frightening growth in the number of websites running scripts that silently crypto jack users’ computer resources and secretly make them mine digital currency for miscreants.

Easy bucks

This November, a security engineer at Threat Nix claimed on his Facebook wall that OnlineKhabar, the fifth most-viewed webpage in Nepal had a script of ‘Coin Hive’ running in the background which is used to secretly takeover users’ computer resources to mine crypto-currency. After this revelation, OnlineKhabar confirmed the presence of the secret code which has now been removed from the website. In a recently released document, OnlineKhabar claimed the involvement of a third party and demanded legal action against the culprit. This indicates that OnlineKhabar was a victim of a cyber-attack.  If OnlineKhabar can be hacked for crypto-mining, how can we guarantee the safety of other personal and public websites? In Nepal, except for a handful of Information Technology (IT) experts, almost the entire population is vulnerable to crypto-hacking. 

IT experts and the owners of popular sites are now rampantly using websites to mine crypto-currency using visitor’s regular sites worldwide. Security agency Trend Micro claims that high-traffic sites like online news and file sharing websites have been found with malicious scripts that use visitors’ CPU for mining purposes without their consent. Attackers exploit the interconnected machines of millions of gullible users as they visit such deliberately infected websites. These scripts can be easily misused by website owners or attackers because it requires a simple JavaScript file that website owners have to embed on their sites and it automatically processes crypto mining using each visitor’s machine. Easy bucks right? One study conducted by G Willems Lab recently found more than 25,000 sites actively running crypto-mining scripts in visitors’ browsers, which could make millions over time.

A crypto-currency runs on a Blockchain, which is like digital ledger replicated numerous times by various machines associated with the crypto-mining service. The updated document is circulated and made accessible to crypto-currency holders. The ownership of every single crypto-currency and every bit of transaction in flow is recorded in Blockchain. The Blockchain is operated by miners who use mega computers to handle the computation of transactions. Their job is to guarantee the validity of information and update each transaction, thereby determining secure processing of the whole transaction. Some miners use the scripts in popular websites and anonymously make users’ computers a part of the whole mining business.  

Just as susceptible

These scripts mine the crypto-cash popularly known as Monero, which is also an anonymous form of Bitcoin, because you can buy it offline with physical currency. According to Coin Hive, any webpage with one million visitors in a month could make about $116 worth of Monero.  This year alone, some high-streaming websites including torrent’s gateway, ‘The Pirate Bay’ was found running crypto-mining scripts on its website, secretly using visitors’ machine to heap Monero currencies. The process is simple: users enter a torrent site to search for a file, a script of Coin-hive operates in the background, mobilising user’s CPU resource to generate Monero currency for the site’s admin. Around 30 precent of the profits goes to Coin Hive, whereas sites like OnlineKhabar and The Pirate Bay keep the rest.

Recently some researchers from “Malwarebytes Labs” have discovered a new technique that allows compromised sites to keep mining even after a user closed the browser window. The window remains open and via hidden script, it continues generating Monero for website admin until the user makes a precise move to close it. Mining crypto-cash has become digital race for geniuses. Bitcoin was the first decentralised ledger currency released in early 2009. Similar digital currencies have evolved in the worldwide market since then, including Titcoin, Ethereum, Zcash and many others. Today’s digital world is busy with the competitive currency game where people can make large profits after investing a few bucks in technology and earn millions by mining digital coins.

The government of Nepal should exercise security measures to safeguard such digital intrusions because our country too is not safe from crypto-jacking. If popular news sites like OnlineKhabar are hacked to function as a medium for such illegal digital practices, it’s likely that other agents may also be sponging on our computer resources. Thus, the Nepali government should introduce a strong law that requires all websites that thrive in the public domain and have viewership of millions to hire professional IT experts to manage and secure their online resources. The increasing rate of crypto-jacking suggests that, on an individual level, some protection measures will have to be taken in browsers to reduce the threat of digital intruders. Available in Chrome browser, extensions like ‘Miner Block’ and ‘No Coin’ can block popular crypto miners from using our machines.

- Poudyal is a freelance writer and child health researcher at Kathmandu based NGO, Global Initiative For Vivid Empowerment (GIVE)