Cybercrime takes a near-infinite number of forms. As technology advances, criminals develop novel and ingenious ways to exploit vulnerabilities. Wirex Staff Writer Gemma Doswell takes a closer look at the insidious art of ‘Cryptojacking’.
A brief history of hacking
Hacking first emerged as a malicious term in the 1970s, when early hackers (known as ‘phreakers’, a young Steve Jobs among them) manipulated telephone hardware to get free long-distance calls. The 1980s saw large computer networks (Motorola and Nokia included) hacked by Kevin Mitnick, who became the catalyst for the first cybercrime legislation. In 1988, student Robert Morris created the Morris Worm on a floppy disk – the worm was designed to gauge the size of the internet by spreading through system vulnerabilities. It was not designed to cause harm, but was ‘unintentionally’ coded in such a way that it formed a large-scale attack and slowed down computers to a point that eventually rendered them unusable. In 1991 Morris earned the dubious honour of being the first person ever to be convicted of computer fraud.
A new-age of cybercrime
Since the turn of the millennium, cybercrime has become increasingly sophisticated. Unlike the early days, during which hackers were easily identifiable thanks to their esoteric knowledge, cyber-criminals have become more difficult to trace and convict. The emergence of cryptocurrencies has given rise to an entirely new genre of cybercrime known as cryptocurrency mine hacking, or cryptojacking.
Put simply, mining involves creating new digital coins by solving complex equations with a computer. Cryptojacking describes a situation in which a device is hacked remotely to harness its processing power to mine cryptocurrency. Like most crimes, cryptojacking is largely opportunistic – it takes vast amounts of electricity, relies on internet vulnerabilities and, depending on the coin being mined, requires more processing power than a single computer can generate. According to cybersecurity firm Avast, it would take 15,000 hacked devices four days to mine $1000 worth of any cryptocurrency. For this reason, Bitcoin is rarely a target for cryptojackers; the power needed to mine a whole bitcoin is prohibitive. However, many other cryptocurrencies are appealing targets for hackers.
Worried? Here are five signs that your device has fallen victim to cryptojacking:
- CPU usage is suspiciously high – an average webpage uses approximately 20% CPU (computer processing power). Check your Task Manager to see CPU usage. If it’s over 20%, you should probably investigate further.
- Unusually high fan speed or noise – this suggests your computer is working harder than normal.
- Your computer is unusually slow.
- Unknown and unauthorised programmes appear on your machine.
- Your electricity bill is noticeably higher – the rise in power consumption if a device is cryptojacked is similar to the difference between a summer and winter electricity bill.
A breach in security
In February 2018, the UK ICO (Information Commissioner’s Office) was cryptojacked to mine Monero. On review, web security researcher Scott Helme, reported that over 4000 websites had been affected. Hackers had added Coinhive mining software to an accessibility plugin called Browsealoud which is used by sites to assist blind users. Any device that loaded sites using the Browsealoud plugin could be infected.
Hackers employ increasingly sophisticated methods of infiltration. If a device is connected to the internet, there are almost certainly ways for it to be accessed. The key is to safeguard your internet-connected devices with as many layers of protection as possible, making them less desirable targets.
Here are some things that are known to attract cryptojackers – and some precautions you can take to stay safe:
- WordPress – sites built on WordPress are popular targets for hacking. Make sure you always operate the most up-to-date version and don’t ignore patches and updates from developers.
- Front and back door entrances – if a device’s admin password is weak, hackers can gain access. The admin is usually notified about this unauthorised access. However, if the site owner isn’t quick enough to change the password, hackers can set up access through the site’s back end (the “back-door”). This means that the owner won’t be notified if there’s another break-in. Using strong passwords and changing them regularly is a good way to safeguard against this.
- 2FA – using 2FA (two-factor authentication) like Google Authenticator helps to protect your online accounts.
- Unsecured sites – avoid browsing sites that don’t start with https:// and don’t click on unknown links or images.
- Firewalls – install a market-leading firewall and invest in reputable anti-virus software.
- Ads – installing an ad-blocker will help prevent pop-ups and ads with malicious links.
A smarter alternative
Leading hybrid money platform Wirex understands that security is imperative – especially when it comes to something as important as your money. That’s why the Wirex app features industry-leading security measures, including two-factor authentication and 3-D Secure fraud prevention.
This means that you can buy, sell, store and exchange BTC, LTC and XRP with absolute peace of mind. Mining crypto may be out of reach for most, but Wirex lets you link your debit/credit card to your Wirex BTC, LTC or XRP wallet to invest and spend your digital coins hassle-free.