Why do security professionals consider bitcoin and cryptocurrency mining a potential for 'parasitic' hacker activity?
Why do security professionals consider bitcoin and cryptocurrency mining a potential for "parasitic" hacker activity?
The basic idea is that mining bitcoin or other cryptocurrencies requires large amounts of computing power – that's one of the costs of generating value through the mining process. By that reasoning, if producers (miners) can keep their costs low, they can generate more profit.
The problem is that it's relatively easy for hackers to go in and take over parts of a system in the background – hacking devices or networks to harness some of that processing power toward their own mining goals. Mining scripts can run undetected in the background, and divert some of a user’s energy into the hacker’s mining setup.
There's evidence that piggybacking to mine cryptocurrency is a growing problem – this type of activity has grown 600 percent within the past year, according to IBM Managed Security Services.
All of this is made more complex by the idea that some websites are experimenting with minor energy piggybacking in order to fund operations. PC Gamer reports on these types of activities at the Pirate Bay, saying that "this could be the start of a new trend." Website administrators claim that by instituting energy piggybacking procedures for cryptocurrency mining, they can reduce ad placement. This begs the question – do web users want fewer ads, or do they want to keep their energy use from spiking?
It also raises procedural, logistical and legal questions. As for how to defend against this kind of piggybacking, users can take advantage of tools like anti-malware applications and ad blockers and look at their diagnostic resources to show CPU spikes. They can close out the tasks and services associated with piggybacking. But until the web community figures out a way to codify and universalize rules on the currency mining, it's likely that we’ll continue to have a vibrant debate about how this should work, how it does work, and what security professionals should do about it.