Most website admins have always tried to profit through their pages, one way or another, for various reasons: whether to make an actual profit or simply to maintain it online. It has been that way with direct advertisement, adwares, spywares, sponsored posts and premium content. It just so happens that, with innovation and new technologies, such as cryptocurrencies, gaining momentum, admins find another way to profit with users and their access: using their processing power to mine cryptocurrency.
This novel practice has been called “cryptojacking” and has been used as a form of cyberattack and also as an alternative means for admins to profit through their websites. Some notable examples will be explained at the end, but include: government websites, the Piratebay, the UFC website, MBL’s Jornalivre and many others with various ends. That action basically hijacks computing power of an user’s computer or graphics card to mine cryptocurrencies for a third party, in many cases unknown. It has been called “cryptojacking” because it requires a lot of computing and processing power in order to slowly mine a new coin. Cryptocurrency mining is done through the solving of several highly complex mathematical problems, which then reward those who have used their processing power with a proportional amount of a certain cryptocurrency.
Even though it still has not been practiced in a large scale, it raises concerns and demands some attention, as, according to certain tests by users, the increased required processing power takes its toll on the user’s hardware and electricity bill.
How does it happen and when did it begin?
It all started when a company called Coinhive created a code which allows several different computers to be brought together in their processing power in order to mine cryptocurrency. It advertised itself as a new way of profiting with websites by implementing a script which forces users’ computers to mine cryptocurrencies, sharing the results between Coinhive and the website owner. It uses its software to mine Monero, which is easier to mine than Bitcoin.
The company’s website allows one to see its business plan, the used code and the products it offers: hijacking through captcha, shortened URLs or simply by accessing the website. It takes only a few lines of code, such as the following, and which can be easily spotted on a page’s source code:
var miner = new CoinHive.User(‘<site-key>’, ‘john-doe’);
When activated, the script kidnaps all the hardware’s processing power, causing the battery to be depleted much faster, the computer to get slower and more energy-consuming.
Website admins get a dashboard with all the information concerning the mining operation, and are able to follow the mining rate, how much are they profiting and the total hash number.
This way, Coinhive’s business model is quite complete, complex and worrisome: it offers admins total control over the hijacking of processing power, charges a fee and advertises itself as a way of reducing advertisement on the Internet.
Recent and notable cases
The State of São Paulo government’s Cidadão.sp website
After the complaint, the government declared it hadn’t used the tool and removed the script from its website.
RiHappy’s Christmas Website
The retail toy store was also denounced on Twitter and there was no manifestation by the company. The script was operating hidden on the www.umacasadenatal.rihappy.com.br website and was removed after complaints by users.
How to protect yourself?
Technologies can bring several conveniences to our lives, but certain barriers which must be fought against by all of society are also brought with it. Here are some ways of protecting yourself against such schemes:
No Coin is an open source extension created by Swiss programmer Rafael Keramidas and is available on Chrome, Firefox and Opera’s extension stores. It is easy to use and install and requires no previous registration.
Script Blocker is an extension which blocks the execution of any script while active. It is also available on Chrome and Firefox’s stores.
Tor is an anonymous, safe and privacy-ensuring browser which doesn’t allow for scripts to be ran automatically.
Now you know what cryptojacking is, how it works and how to protect yourself. It is important for everyone to raise awareness on the issue, so it may be brought to discussion before it becomes a norm rather than an exception, causing great disturbance in many users’ life. What are you waiting for? Protect yourself and share it with your friends!