Everything you need to know about Crypto-jacking
Axiomatic assumptions of People Today
The amount of noise in the world today seems unprecedented. Some say this is the highest state of technological progress that humanity has ever reached, which as a result has caused people to turn upon their superstitious ancestors with incredulous scorn.
The academics, journalists, and innovators of today puff themselves up with a certain vanity remarking their conquest of the digital age. In other fields, archaeologists and historians reflect upon previous eras speaking lamentably about the naïve incipiency of past civilizations. Almost as if the human race somehow got to this point by an accidental trial and error.
And now, as people look into the stars, they speculate and muse towards the notion of alien intelligence commensurate with the current measure. Only perhaps a handful of fringe groups and rogue academics consider extreme facts like, maybe the Great Pyramid was an advanced power station, or Stonehenge some type of celestial calendar.
One thing that is ironically sound is that the ten commandments, perhaps engraved on a stone over 2000 years ago haven’t quite lost their validity. In particular, those phrases taking the form as “Thou shalt not lie, and Thou shalt not steal”, which brings us to the rampant epidemic known today as Online Scams.
The Rise of Consumerism
Does this seem irrelevant? Not quite! For the reason that a person must sometimes depart from their axiomatic assumptions in order to see things clearly. This paradigm, however trite and seemingly dull can be simplified by the following illustration:
When someone walks into their local news agency, it is not uncommon to see a rack offering the purchase of a handful of vouchers, all of which bestow the consumer with more credits for a certain brand of service.
Such things like iTunes, PlayStore, mobile data, ShowMax, Wifi Hotspots, etc.
All these vouchers apply to some new technology which has only recently thrust itself into the public forefront. As fancy and futuristic these services seem to be the question unavoidably presents itself:
Has technology increased in style or has consumerism grown in size?
The Token Crook
As the rate of consumerism expands in depth and concentration, so too will the human audience become more greedy and the world, whether cybernetic or physical becomes more insecure.
This insecurity is brought about from thieves and criminals who – in their quest for wealth – spend time inventing ways of making money by exploiting the digital world. On the same hand, some of these exploits are merely tricks of clever wording or loopholes of technical inconvenience. Just like in any other system of barter and commerce, all the same, rules apply. Just because the world has shifted to a digital platform doesn’t mean the people have advanced in kindness and consideration.
The new Crypto-trend
With the advent of Crypto-currency, which arguably has burst onto the scene along with the Internet of Things paradigm, a new surge of acute yet prurient practice has become pervasive.
Thousands of movements and online concepts tend towards this craze and even reach beyond the spectrum of the typical computer enthusiast. American broadcaster & financial expert Max Keiser has remarked this could be the solution to liberation from the debt and asset collector. Simply put, a financial system where world banks and government bodies have no hand in the matter.
Investigate Journalist Richard D Hall acknowledges the feasibility of decentralized banking, but also remarks the suspicious implications of BitCoin’s origin and incidentally the encryption it is based on is the SHA-256 which was designed by the NSA.
No one knows exactly what this growing trend will become and in that same breath, no one is even sure who invented it.
It begins with the concept of Bitcoin itself, which was allegedly devised by the mind of Satoshi Nakamoto. The enigmatic precursor to the idea had drawn out the scheme on a scrap piece of paper, of which subsequently was brought to life by the discoverers.
BitCoin. For those perplexed by the nature of this term, so thrown around in rapid conversation by unapproachable enthusiasts too busy to be tapped on the shoulder and give a quick definition. Bitcoin is summarized as this:
It is a reward currency created through a process known as mining.
Mining is when a computer device (connected to the internet) is instructed to perform relentless decryption upon transactions, of which if successfully solved will reward the respective user with a fraction of crypto-currency.
All the machines talking to each other and attempting to wear down the encryptions are known as the blockchain.
One key discrepancy here is that a computer appointed to perform this function need not necessarily be owned by the party of interest. In fact, there are multiple occasions where a user will unknowingly be going about their business while their laptop or smartphone is chugging away working overtime, on behalf of someone else! As we will discover presently… This is known as Crypto-Jacking.
Before we resume, we must digress a little into the history of Crypto Currency and BitCoin. While those two terms might seem interchangeable, be advised that the predicate Crypto Currency does not imply BitCoin. The latter is simply the most widely used and was the first of its kind invented by Satoshi Nakamoto.
It is said that if Satoshi Nakamoto ever returned to the fray and proved to be the rightful claimant to his title, the ownership of the BitCoin infrastructure would be transferred back into his name. So far no such thing has happened yet.
And too, so far the mysterious circumstances surrounding the founding of BitCoin does nothing to allay suspicion.
Speculators attest towards two possible candidates suspected of being the hidden creators, having feasible background and capacity to do so:
Hal Finney
Hal Finney was a Console-game designer and the first person known to have received the first BitCoin transaction. Also responsible for creating the first re-usable POW (Proof-of-Work) System in 2004, which is intimately bound to Crypto Currency. Hal Finney is no longer with us due to incurring motor-neuron disease.
Nick Szabo
Nick Szabo was the one who pioneered the BitGold, the first attempt at creating a decentralized digital currency. The system, which was never implemented, held a strong resemblance to the workings of BitCoin. These two respective systems both share two core components. The POW-based consensus algorithm and the Byzantine Fault Tolerance network.
Whether these connections attest to either party being responsible for engineering BitCoin, one could be sure that both knew the contention of making a currency that competes with state-owned money.
Crypto-Jacking Syndrome
The definition of this phrase is understood in the case of when a computer has been compromised with hidden software that mines cryptocurrency on behalf of some other party.
This party usually being some hacker or a greater organization with a vested interest.
The symptoms of this defect could be ailments difficult to remark, such as a performance drop or an unusually hot device. A drop in performance and a hot device is a sign that the CPU (Central Processing Unit) is working overtime. This can be verified if a user brings of a systems display and checks the CPU usage of all the apps currently running. If there’s something there which is hogging an inordinate amount of the CPU, then you know something’s up!
There are a handful of opportunities that allow the insurgent to secretly commandeer your device for mining. But there are cases where a user actually hands over their CPU permissibly for the duration that they make use of a website.
The notion of this was first made possible by the invention of CoinHive. A crypto-mining service that executes a script on a website turning the client into a node in the blockchain during that time they browse the page. This envisioned aim here was to make a trade-off for advertisement. So instead of being accosted with floating adverts and pop-ups the users temporarily parts with some CPU time.
There is usually a request according to the user to a visible agreement. Some of these notices are politely hidden from view in a grey surreptitious font. There was a time when the infamous Pirate Bay held such a feature, and a complaint was issued in the underground world which caused the rogue agency to include a humble disclaimer upon the site entrance.
The CoinHive code is client-side and in the case of the web browser takes the form of JavaScript. It is important though that during this time the user’s CPU has headroom to perform other client-related tasks like the dynamic content update and mouse hover events so usually the mining process is reservedly executed.
CoinHive works alongside the Monero Crypto-Currency which is distinguished by the absence of a public ledger. Which means the source and destination, as well as the amount of transactions, is hidden.
The Monero Currency is set aside from others in the way that a regular CPU can feasibly mine from the blockchain, instead of someone having recourse to a fully-fledged overblown desktop rig running some GPU (Graphics Processing Unit). This is due to the technical architecture by design making room for the miniscule device. In the light of this, even a smartphone has a capacity contribute via some interface.
Given the nature of these services, it was natural that hackers would try their luck by secretly injecting sites with these scripts. Since then rogue advancements based on this service have flourished and are pervasive even amongst sites of familiar territory. In February 2018 a website plugin called Browse Aloud which featured on thousands of government websites was hi-jacked by hackers. The incident attracted headline attention in BBC news, but due to the harmless nature of the crime, the reprisal was devoid of drastic measures.
Measures Taken and how to prevent
Already after a few months of vendors and website services becoming wise to this hack, commercial browsers included in their next update curative remedies and defensive measures. Such things that detect dodgy patterns in the JavaScript code, which is why the writers aim to obfuscate the code by adding a thin layer of encoding to the mining instructions themselves. Such things being observable to the human eye, are overlooked by the machine.
The method of protecting oneself from these things is best nebulous insofar as one cannot control the actions performed by a site whereupon a user navigates to it willingly. There is an assurance in the immutable fact that once a browser is closed no unwilling mining can take place. There is that other dreaded correlative notion called RaaS (Ransomware as a service) which is when a remote user somehow encrypts your computer files and demands a ransom fee paid in the form of crypto-currency.
The trend might shift to instead of attempting this cyber-blackmail they could write stealth apps that simply hide in the background and secretly mine crypto. The golden rule still holds that once an app is executed on your device, it has access to your CPU. Without regulatory measures taken by the operating system, a program can continue running and doing things with impunity.
The Online Scam
Finally, there is the dead simple online scam which takes many-a-form almost impossible to identify. James R Watts technical advisor for UCT (University of Cape Town, South Africa) recalls a story of a friend who invested his money into bitcoin during the period of 2014 and beyond when BitCoin seemed to fluctuate, but steadily grow in worth.
As it was, his friend awoke one morning with hope to withdraw funds and convert it back into Rands (South African ZAR) for some bachelor party he was funding, only to discover the service he’d trusted for a year and a half no longer allowed him to withdraw. Watts recalled at that time a meme was in circulation amongst the circle, listing all the expensive equipment invested in, but it was ‘priceless’ to witness awaking one morning to discover you’ve been conned out of R200 000.
Such stories engender unstoppable laughter within the audience, but what say others of the victim? Is all this due to mistakes and blind error of those affected, or does this attest to a certain level of feigned transparency surrounding BitCoin and those who pioneer it?
