I wanted to talk about crypto-jacking, right, which is, I mean the name itself it starts off in a good way Sometimes called drive-by mining also a great name. This is the idea that we can trick someone instead of maybe putting a virus on their machine I mean it might still be a virus, but we can trick them into mining some cryptocurrency for us. And that way we make a profit Think of it like an alternative in crime sensitive ransomware where you trying to get money off someone by taking control of their files. We're now just trying to use some of their CPU power to earn us some money Right, so theoretically they mine some coins for us. They send them to us and then we We profit from those So this all came about because a company called Coinhive decided that maybe instead of showing people adverts online They could just use a little bit of their CPU to mine you cryptocurrency while they're browsing and that way they don't have to look at adverts and you still get paid for your your website. Right now that Actually is not a bad idea or in some sense The idea would be but you go to let's say a newspaper and instead of seeing a load of banner ads You see a little ticker that says you're mining some cryptocurrency while you're on this website and you know We're gonna make a small amount of money off this in exchange for you not having any ads and reading the news for free, right? Okay, and I mean the amount of money you're gonna spend a couple of minutes reading an article It's not very much right if you even if your CPUs on a hundred percent, this is JavaScript So you you go to a website. It serves you a script which instructs your computer to start mining these coins The problem is that it wasn't long before people thought well, we don't maybe we should just not ask permission, right? We should we should Have them mine all the coins all the time. Right? And the other thing was that coin hive has a Feature, which lets you only use let's say 60% of a CPU So there's some overhead for Mouse Events and things that are kind of important to keep the operating system running and of course The malware programmers thought, well you know, 100%, right? So I've just got this web server set up on my machine I've extended my classic blog. This is the world's best blog, of course, right? It looks good and it's got good content on it [...] with a nice banner ad which also happens to mine me some Manero cryptocurrency. Right so let's have a look, so you can see here I've got my blog before it's got my comments and my cat pictures I had before and it's also got this lovely banner ad which I made for my shop which is not a real shop. Don't send me any money. You will also notice now if you look at my CPU monitor Which I've also got running It's sitting on 100% and if we leave it for a minute We're going to start hearing my fan get louder and louder and louder because basically the entirety of my CPU is mining Monero cryptocurrency now. I mean I didn't notice the mouse is still responding. I mean, you know it's a modern PC But you know, you wouldn't necessarily know apart from the fact that your fan has spun up. Now, it's also not plugged in So the battery is going to be draining pretty fast. The good news is that this is already less common than it was just a few months ago because Chrome, Firefox You know Antivirus vendors and things like this are all cracking down on these kind of scripts. Now Coinhive as I pointed out, Is actually a legitimate company. They weren't intending on people abusing this service So they've now got an opt-in version where a little pop-up turns up and you can say I do opt-in for this time instead of Ads or something like this, right that isn't blocked by browsers because that's a legitimate commercial Alternative to ads but of course Coinhive aren't the only people that are making these, right? So you're going to have clones you're going to have malware that does this and you can just imagine that instead of getting ransomware You'll just get something like this and runs on your PC instead And the same is true also for phones. So you might download an app, which seems too good to be true Oh there's not even any adverts on this free game and maybe it's because it's using up extra of your CPU to mine Crypto currency if you were doing this in Bitcoin, you wouldn't you wouldn't get a look-in. Essentially. I could mine with my CPU Bitcoins, you know for hundreds of years and never get any, right? Because compared to the size of the Bitcoin network We've all their dedicated hardware. My CPU is a nonentity essentially Manero is slightly different Monero has a a Hashing function, but it uses in the mining process which is quite hard to do on a GPU and So you get some but not a lot of benefit from having a dedicated rig, right? Two times, maybe. Given the cost of a graphics card not very good so actually you could have a lot of Android phones competing with big graphics cards in Monero specifically and and So in some sense there is a point to do it. Now, that's one of the reasons it was designed this way to allow people on phones and things to mine. But it has this benefit that or benefit depending on who you are that it's a good target for this kind of malware, right? Because if you have a website where everyone is mining Monero for you. It's not gonna make you a huge amount of money but it'll make you some and Monero is one of these currencies that's a little bit hard to keep a track of and So maybe you can get away of it That's that's the idea. My browser and my extensions block it, my antivirus on my machine blocks it, the university firewall blocks it. So, I'm currently I have all of those disabled and I'm rooting through my 4G phone connection. It works fine at home I know good or bad So, you know, like I say, vendors of things like antivirus are taking a lot of steps to To fix this. I'm gonna close this now because it's it's not that loud actually Sean: It's basically the thing that says: "Many things for sale, buy now." That's got some JavaScript [...] Mike: Well, yeah, I mean, this is just an image, but yeah ... Just next to it is some script that does it. You could imagine that if I was running a like a newspaper Website I'm being served ads by some ad company All I have to do to get in there Is pay some money to have an advert deployed which also happens to have this script. No one's going to go to my blog, right? It's not online but also because no it's rubbish. So what I if I was an attacker It would be much smarter for me to try and take over a site Where lots of people are going. This came into a news because in February 2018 an Accessibility website that are just like screen reading and things like this was hacked and their JavaScript file had some Monero mining code Inserted into it and this website was serving JavaScript to about 4000 UK and US government websites among others including the Information Commissioner's Office and various high-level government websites. This meant that when you went on those web sites to let's say find out about something important You were actually mining Monero for the attackers not ideal Sean: Could you work out who did it? Mike: Absolutely, well no all you can all you know is I mean assuming ... Sean: the wallet Mike: All you know is the address that the Monero is being mined to right and as usual You've got the traceability issues of that. If they use that address to buy like pizza to their house It might be slightly easier to find them. But if they try and hide it, it's gonna be harder This is the code that was inserted into all these government websites. This is not my code. My code is much simpler than this and it's also not obfuscated So this has been encoded to try and make it harder for anti-viruses to find and then this is deobfuscated version Which is essentially looking up the Coinhive JavaScript and then pointing it towards this address Which you shouldn't mine Monero for because they're malware writers. Sean: They weren't even writing their own JavaScript, they were using Coinhive's actual -- Mike: Yeah Yeah, I mean, it's pretty lazy, really. Yes, so I think now some are writing their own JavaScript or embedding it into Java apps or for Android phones and things like this But yes, when Coinhive first came out. This wasn't I would say an unexpected side effect of their new idea. Like I say they've kind of come up with a more legitimate way of doing this now and they have interesting things like CAPTCHAs which do a little bit of hashing as an alternative to pick these Images that have road signs in, right? Just just do a little bit of CPU, which is interesting enough But yeah So I think going forward we're going to see fewer of these deployed in a browser Unless they can find a way of getting around these new browser restrictions But they might start to find their way into more actual malware, right? Maybe instead of encrypting everyone's files you just take over their CPU for a while and Make some money that way or do both at the same time. Both: Or do you buy for the same time? Mike: Yeah, why not? Sean: The free games thing is quite classic because I mean we're all used to just getting games for free and expecting you that purchases Mike: Yeah, when you download an app, it's got free access to your CPU. It could do this You'll know because your phone will get hot and your battery will go [... noise of draining battery ...] like this But that happens with some games that are poorly written anyway, so how do we know that? You've got a hope? I suppose that there's some vetting process on the apps, which might hopefully detect this kind of stuff But it's not always going to be easy to find And so you can expect a few of these to pop up from time to time We're going to say "document.write('')" Okay, now that's it's going to write nothing to the screen, right? So my comment on my blog, it's just going to be a script that does nothing. Okay, that's not very interesting So let's do something a bit more interesting our PHP file takes the cooking gives an image back So let's just show it on the screen, right? So image tag in HTML. <img> is the image tag ...
The more knowledgeable about the internet, the more likely it is they've got a sticker over their webcam.