Firth’s take on tech: Cryptojacking the new, insidious online criminal threat

David Firth

It turns out that ransomware is so last year. Cryptojacking is what’s new and hip if you’re part of the online criminal scene.

For those who don’t know what ransomware is, even though it is now passé, it is where a hacker breaks into your system, encrypts your files, and then charges you a ransom to unencrypt those files so you can use them again.

One of the more famous ransomware attacks was on a luxury Swiss hotel, and the hacker managed to get into the hotel room-lock system and lock all the rooms. Guests not already in their room had no way to get in.

The hotel is rumored to have paid $1,800 to get back into its own system and is replacing its high-end digital guestroom door locks with good old-fashioned locks and keys.

Cryptojacking, though, is a much better deal for the online criminal as it just keeps on giving. What cryptojacking does is to steal some of your CPU power in order to mine for digital currency.  I’ve already discussed what digital currency mining is at the Missoula Current article here: https://missoulacurrent.com/opinion/2018/06/missoula-bitcoin-mining/.

A very short version, though, is that the more you mine for digital currency the more money you make, quite similar to regular mining.  To do more mining, you need more computers, and you can either buy these and run them yourself, or as an aspiring digital criminal you can just steal the computing power off other people’s computers and smartphones.

The rise in popularity of cryptojacking is in part due to an outfit called Coinhive. Coinhive created the original in-browser mining software and a legitimate or criminal website could essentially rent their code to put in their website.

So you did not even need to know anything about coding or crypto-mining to profit. Anyone visiting a website with the Coinhive code installed would then have some of their computing power co-opted to mine for digital currency.

This in-browser mining software only works during a website visit, but with enough visitors, good money can be made. Digital criminals are hacking in to legitimate websites to insert this in-browser mining software and have the proceeds directed to themselves.

LMG Security, the international cybersecurity firm based here in Missoula, recently reported that they are finding this cryptojacking software almost every time they look at any website.

But it has recently gotten much worse. The original in-browser mining code only worked when you were on the cryptojacked webpage. Close the page and the mining stopped.

To get around this, cryptojackers have come up with something called “pop-unders.”  Sounding very much like an addictive drug, what this does when you hit a cryptojacked webpage is to open a very small website underneath everything else, typically picking the clock feature on your computer or smartphone as the location.

Even when you close the main webpage you were visiting, you don’t even know the pop-under is underneath your clock icon so it remains open, cryptomining away and burning up your computing power. There have been reports of this pop-under cryptojacking software being so aggressive at using computing power that it has burned out hard drives.

There is no way to stop this without checking and closing down every browser window on your machine using a method that shows everything that is open.  On an iPhone, that means double-clicking the home button and then swiping up to close what is open. On a Samsung Galaxy, there is a “recent applications” menu and you tap, hold and swipe right on each application to close it.  On a laptop you right click the application icon and select “close window.”

 David Firth is a professor of management information systems in the College of Business at the University of Montana and a faculty fellow with Advanced Technology Group in Missoula.