Submitted by Micah Smith on Wed, 03/07/2018 - 16:50
Crypto Mines
Crypto Mines

There is a new style of cyberwarfare to be afraid of, and no, it's not smart devices. We all know by this point that your grandmother's smart heart device can be hacked. There's nothing to be done. 

We are actually talking about something different. 

Back in the good old days, hackers gleefully hacked into your site to steal information, money, cause damage or just get some attention.

More recently, researchers discovered that thousands of governmental sites have been hacked for mining cryptocurrency. That's right, sites are being hacked for virtual currency.

Most digital currencies, including bitcoin were until 5-6 years ago relatively easy to mine for on your own PC with a cheap Graphic Processing Unit (GPU).  However, due to the rise in network difficulties and complex ASIC miners, the majority of cryptocurrencies aren't possible to mine for using a singular graphics card.

Many IT guys may still mine for smaller or newer cryptocurrencies on a GPU, on a local computer, but if you are looking to strike a little crypto-gold, crypto-hacking is all the rage.

How is it done?

Crypto hacking is a smart practice. The hacker installs a special trojan code that forces all the site's visitors to mine cryptocurrency by hijacking their processing power. 

Calm down conspiracy theories, the government is not out to get you, It's the people who are mining crypto cash by using your computer. The best part is, you didn't even notice.
It's sort of an identity theft-lite. 

Crypto hacking is done to scale. The recent find confirmed that 4,000 government websites – including the UK's National Health Service, Information Commissioner's Office, and Queensland legislation - were all hacked and turned into crypto mines. 

How did the hackers manage to spread their Trojan? 

They compromised some of Browsealoud's from CoinHive - a browser-based mining service that gives people revenue by utilizing CPU resources. So, the hackers inserted this software into all these sites and created the largest crypto hacking operation known to man, mining for Bitcoin can be highly profitable and all the hackers need to do is drain your

We know that institutions are being deliberately hijacked and this makes sense, they have a lot of processing power. However, the government' sites are not the only way that someone could get access to your processing power and have you mining cryptocurrency for their gain. 

A recent vulnerability was found in Telegram where hackers used a hidden RLO Unicode character in a file name and then sent it to multiple users. Then the hackers exploited this vulnerability to install a backdoor trojan that used the Telegram API as its home base, allowing the hackers to remotely control the user's computer. 

Luckily for Telegram, the breach was quickly found by Kaspersky Labs and they quickly patched it. Browsealoud, the company responsible for the vulnerability that the hackers used against the 4,000 - some governmental sites were also able to find the issue and prevent future attacks. 

The more popularity cryptocurrency gains, the more hackers will try to steal our devices' processing power and use it to mine for these things. The future is already here, it's inevitable that these attacks will continue to happen as innovative hackers find more vulnerabilities to exploit. 

The key takeaway? 

Governments need to tighten up security by hiring more cybersecurity personnel. Public companies need to hire cyber companies to routinely test their code for vulnerabilities and random Unicode characters that hackers can and will exploit. 

As cryptocurrency gains ground and more companies embrace it, we hope to see increased security for all the major crypto sites. At least for one brief moment, hackers forgot about our smart home devices, watch out 'Alexa' the hackers may have their eyes on you also.