29 Nov Website Mining in relation to Cybercrime

Posted at 12:27h in Cybersecurity, Featured by
0 Likes

I. Cryptocurrency Mining.

 

The recent years have seen a huge boom in the use of cryptocurrencies driving their prices up and introducing  people to a new investment opportunity. Among the means to obtain cryptocurrency is through mining. Mining is analogous to mining gold, there being a finite number of coins per cryptocurrency. Mining requires the use of immense amounts of computing power. Miners often utilize multiple Graphics Processing Units in one computer just to get to a point where they can obtain a profit.

 

The term mining describes  how a coin is received. The computer will try to solve a hash function–a one-way encryption without a key. There is no definite way to solve the key will to a hash function. The computer will  go through trial and error, attempting random combinations in order to get the right one. This is  akin to how  miners hack at a wall randomly till they strike gold.

 

Needless to say, for a computer to repeatedly try random sequences of solutions, a lot of computing power will be needed. This is why miners utilize extremely powerful rigs which consume exorbitant amounts of power to run and to keep within a safe operating temperature. Running a cryptocurrency mining program pins the Graphics Processing Unit and the Central Processing Unit of a computer at maximum utilization. This already puts heavy strain on the components, wearing them down, more so if the computer is not adequately cooled.

 

II. Websites that use visitor’s Computers to Mine

 

Recently hackers have developed malware  imbedded on certain websites which would run a mining program on a visitor’s computer and would send all the cryptocurrencies mined to the hacker. This technique was  used for the cryptocurrency Monero. One researcher found that 2,500 websites actively running cryptomining code in the visitor’s computer. Closing the website, even the internet browser would not even stop the mining code on the computer.

 

Such acts can result in extreme revenue for the perpetrators as they will receive all the benefit of the mining with none  of the negative effects on their computers that are necessary when  running a mining program. All the negative effects are passed on to the visitors of the websites. This results in computers slowing down as the mining program takes up all the resources available to the computer.

 

Anti-virus software providers already reacted to this by detecting websites that run the program and automatically block them to prevent any harm to the user. However, the technique still is prevalent, though developers of Anti-virus software will continue to update their blocklists, users must still be careful in visiting unfamiliar website in order not to become victim to this scheme.

 

The hackers hijacked  the code of Coinhive,  a community platform intended to create an alternative to advertisements as a source of income for websites. The intent of Coinhive was to create a code which can be embedded on websites to allow the website to run a mining program in the background where the owner of the website will receive the profits. This would be beneficial to visitors of the website as they would no longer be interrupted by intrusive advertisements, whilst website operators are given more options as to how they can create more revenue for them.

 

III. Would this be punishable under the Cybercrime Act?

 

Under the Cybercrime Prevention Act of 2012 it included System Interference as an offense under the Act.  This involves  the intentional alteration or reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or electric data message, without right or authority, including the introduction or transmission of viruses.

 

Under this provision the acts of hackers in placing a mining code in websites would be punishable under the Cybercrime Prevention Act. As discussed earlier, running a mining program utilizes all the resources available to the computer. Running other programs while a mining program is running would make the computer function at a less than ideal state.

 

Data interference is also punishable under the Cybercrime Prevention Act. This is committed by the intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.

 

The act of  embedding onto websites their code, hackers would necessarily fall under the purview  of the law. They would be intentionally altering the website without permission from  the website administrator.

 

IV. Legal Effects of Website Mining

 

By virtue of the code embedded on these websites the hackers are able to gain cryptocurrency. With the initial intent of Coinhive in creating the code to allow websites to mine, it is arguable that the website owners should benefit from  the proceeds of the mining operations done on their websites.

 

Due to the illegal acts of these hackers, part of the penalty that should be imposed upon them is to require them to turn  over the cryptocurrency unlawfully mined to the website owners. It can also be argued that the person owning the computer which mined the cryptocurrencies would an interest over said cryptocurrencies  as the same were fruits derived from their computer.

 

Taking into consideration the actual intent of Coinhive to use their code as a substitute to running advertisements on websites for revenue, website visitors must have consented to the use of their hardware for such purpose. Plainly running the code at the background of the website without informing the visitors may be  punishable act under the Cybercrime Prevention Act. A clear statement appearing on the website is required to inform its  visitors  regarding the  use of this code for revenue purposes.  This is similar to how privacy and cookie disclaimers are given by websites whereby visitors are made to consent to it by clicking the consent button.

 

V. Conclusion

 

Clearly,  the mere act of hacking a code into a website is a violation of the Cybercrime Prevention Act. However the same can extend to users of the code  in situations where  visitors have not given their  consent to such use of their computers. With cryptocurrency mining still viewed as a means to create revenue it would be a viable replacement for intrusive advertisements on websites especially for certain sites which would benefit from having more space for content rather than being filled with advertisements. The concept would be a great development for the internet wherein users on the one hand get more content to enjoy, on the other hand,  sites  rely on donations to defray  the financial costs of  running their site. However, with hackers using this concept to their own benefit,  built in security warnings in web browsing programs and anti-virus software would be indispensable to prevent users from becoming victims of these unscrupulous acts.

 

Sources:

https://blockgeeks.com/what-is-bitcoin-mining-an-easy-guide/

https://blockgeeks.com/cryptocurrency-investing/

https://arstechnica.com/information-technology/2017/11/drive-by-cryptomining-that-drains-cpus-picks-up-steam-with-aid-of-2500-sites/

https://arstechnica.com/information-technology/2017/11/sneakier-more-persistent-drive-by-cryptomining-comes-to-a-browser-near-you/

https://www.investopedia.com/news/sites-are-using-your-browser-mine-crypto-it-could-be-good-thing/

https://www.lawphil.net/statutes/repacts/ra2012/ra_10175_2012.html

https://www.lawphil.net/judjuris/juri2014/feb2014/gr_203335_2014.html

https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/

https://motherboard.vice.com/en_us/article/vbpbz4/creators-of-in-browser-cryptocurrency-miner-coinhive-say-their-reputation-couldnt-be-much-worse

No Comments

Post A Comment