‘Cryptojacking’ Could Turn Your Computer Into A Bitcoin Mining Machine
The Bitcoin bubble hit its peak last December at nearly $20,000—an increase in value of 1000 percent in 2017. The cryptocurrency craze has caused unforeseen consequences. Huge mining server farms have popped up in Mongolia. The energy intensive mining process is straining electrical grids.
And hackers have tapped into this. Now, there is malware that could turn your computer into a cryptocurrency mining machine—a threat known as “cryptojacking.” Security reporter Dan Goodin discusses how this could affect your computing power and how some organizations are using this background crypto-mining for fundraising purposes.
Dan Goodin is Security Editor for Ars Technica. He’s based in San Francisco, California.
IRA FLATOW: Speaking of high technology, the Bitcoin bubble really took off last year. The cryptocurrency increased 1,000% in 2017. At its peak in December, one coin was worth nearly $20,000.
Not there anymore. It’s dropped a little bit. Hope you sold at the peak. But then, there are still speculators mining for the coin on computers all over the world. In fact, there is not just one Bitcoin. There are thousands of them.
And the blockchain technology behind the cryptocurrencies is the basis for secure business transactions of a growing number of businesses, not just for cryptos. And like any piece of futuristic technology, the cryptocurrency craze has caused unforeseen consequences. You have huge mining server farms popping up in Mongolia. The energy-intensive mining process is straining electric grids, threatening to overwhelm electric utility, cause brownouts.
And hackers, now, well, they certainly have tapped into this. There is now malware out there that could turn your computer into a cryptocurrency mining machine, something called cryptojacking. Cryptojacking, where without even you knowing it, your laptop is being hijacked to mine Bitcoin. Yeah, you hear that fan coming on in your laptop? Maybe it’s working overtime a little bit?
My next guest is here to tell us about that story. Dan Goodin is security editor at Ars Technica, based out of San Francisco. Welcome to Science Friday.
DAN GOODIN: It’s great to be here.
IRA FLATOW: Is that fan– will that tell you if you’re being cryptojacked?
DAN GOODIN: The fan suddenly spurring up and making a whole bunch of noise is a good indication that it’s happening. It’s not guaranteed that that’s going to happen. But if somebody is browsing a site and suddenly their fan comes on, that’s a good reason to be suspicious that something is happening.
IRA FLATOW: And so how does that malware get into your laptop?
DAN GOODIN: Well, in some cases, the attackers are actually infecting the laptop using some sort of trojan, which is just a program that is something other than it purports to be. But in some cases– over the weekend, for instance, 4,200 sites, almost 4,300 sites, were hijacked. And they actually fed the code that caused anyone visiting the site to suddenly start, you know, mining a cryptocurrency coin known as Monero. And in that case, the computer wasn’t hijacked. It was some of the code that all 4,300 of these sites were using in linking to.
IRA FLATOW: So when you went to the site, you got hijacked.
DAN GOODIN: Exactly. Suddenly, your computer would start mining this currency. And of course, that’s putting a strain on your computer, or in some cases, your smartphone. And it’s either draining the smartphone’s battery or it’s electricity that you are paying for, for someone else– somewhere halfway around the world, probably– to benefit from and gain currency to their account.
IRA FLATOW: You know, if the fan goes on in my laptop, I imagine that my cell phone is going to start heating up a little bit if this is happening.
DAN GOODIN: Yeah, well, in some cases, some of the really aggressive digital currency mining software running on cell phones has actually caused physical damage. The phone works so hard and it draws so much current from the battery that the battery bulges and causes the case to kind of pull away from itself or kind of explode. It wasn’t actually an explosion, per se, but it did actually cause physical damage to the phones.
IRA FLATOW: Wow. You know, if these really centralized crypto-mining places are using so much electricity, wouldn’t it be better that– you know, maybe the good news is that we’re spreading the electrical burden to a network of computers instead of all in one place.
DAN GOODIN: Well, you know, I mean, certainly that’s the case. But you’re paying for it. I’m paying for it. So you know, this is no longer the case of a single entity who is presumably getting some sort of credit to their account. You know, they’re leeching just a little bit from you and just a little bit from me and just a little bit from tens of thousands, hundreds of thousands, of people. And they’re all paying for it.
IRA FLATOW: This is Science Friday from PRI, Public Radio International. In case you’re just joining us, we’re talking with Dan Goodin, security editor at Ars Technica, about crypto-hijacking. Give me an idea of how widespread it is. And is it growing, or have we got it early enough maybe to damp it down?
DAN GOODIN: There’s really no sense that it is actually damping down. We keep on hearing of these incidents. You know, the most recent one that I just alluded to happened to 4,300 sites. And these were just– you know, the state of Indiana. These were the US court system here in the US. It was UK court sites, UK government sites.
And so we have a whole lot of anecdotal evidence that shows that we have– you know, there are these rashes of incidents that will affect a whole bunch of sites. And then the sites will go and clean things up. And you know, for a time being, there’s no sign that it’s happening. And then another one will happen.
And in addition to that, we’re hearing of large servers that corporate businesses use to manage their payroll or run their websites. These things have a large amount of bandwidth, and they have a large amount of computing power. And attackers will find vulnerabilities in the way that these servers are set up. And they will exploit those vulnerabilities to install cryptocurrency mining software onto them.
You know, cryptocurrency is the new hotness. And you know, you look at what the price of Bitcoin and a bunch of the other currencies have done over the last year, and it’s inevitable that the attackers are going to start trying to harness your computer and mine to generate these types of currencies.
IRA FLATOW: Is there anything I can do, any software I can install, anything– how I detect that I’m being crypto-hijacked?
DAN GOODIN: Well, in general, people should always install their operating system and browser updates as soon as possible. That’s just sort of security 101. And that’s probably the most important thing any of us can do.
A large number of anti-virus programs are now detecting and warning people when their browser is trying to mine cryptocoin. And so that’s another way that people could try to protect themselves. And there are, for some people, they might consider using an ad blocker. The problem with ad blockers is that my business, for instance, relies on ads to pay my salary. So it’s a little bit hard for me to– you know, there’s some cognitive dissonance in me recommending that somebody use an ad blocker, because it actually hurts my business even as it protects people against threats like these.
IRA FLATOW: It’s just, you know, we’ve had ransomware. Now we have cryptocurrency hijacking. It’s a Wild West out there. I mean, not to put the West down, but–
DAN GOODIN: Yeah. I mean, it truly is. And you know, these cryptocurrencies have really revolutionized the whole business of malware. You know, once upon a time, people needed malware to steal your bank account information and then try to withdraw money from your account.
That still happens, but that’s gotten a lot harder. Banks now use two-factor authentication and a whole lot of other ways to prevent that from happening. And of course, once the crooks get the money, they have to launder it somehow.
The way that cryptocurrency works is it’s so anonymous, it’s so fluid, it’s much easier for it to be transferred around. And so it really has driven– two years ago, the new hotness, of course, was ransomware. And about six months ago, this– you’re calling it cryptojacking. The other thing that people call it is drive-by cryptocurrency mining.
IRA FLATOW: I’m going to have to keep it right there, because we have to leave, Dan. This is Dan Goodin, security editor at Ars Technica.
One last thing before we go. Next month is Women’s History Month. And to celebrate, we’re screening our complete Breakthrough– Portraits of Women in Science series at select Alamo Drafthouse locations across the country, followed by live conversations with women working in STEM in each of our featured cities. Visit sciencefriday.com/alamo for tickets and information. We hope to see you there.
That is Women’s History Month, Breakthrough– Portraits of Women in Science at select Alamo Drafthouse locations. Our website is sciencefriday.com/alamo for tickets and information. I’m Ira Flatow in New York.