In the case of “classic” money, it’s someone like a bank or Paypal.
With cryptocurrency, everyone using the coin contributes.
Well, not quite everyone. The people or machines that link these transactions are called miners. In exchange for a small fee, they link together the transactions and create the blocks to be added to the blockchain.
They accomplish this by solving complex mathematical equations using their computer’s processor or graphics card.
In some cases, there are special computers designed specifically for mining cryptocurrency, called ASICs.
When I first started investigating this area, I was a bit lost. I’m sure you feel the same way sometimes, so here is a great blockchain diagram to better explain the concept.
Currently, the blockchain is mostly used for financial transactions. It’s mainly a platform for digital money, though it can be used in a myriad of ways.
When there’s a need to replace a middleman for record-keeping, blockchain is a possible solution because it turns the process into a sort of democracy. That’s why decentralization is such a popular term nowadays.
But let’s get back to the topic at hand and see why you need to really beef up your cybersecurity efforts.
What is Monero?
Monero (shortened to XMR) is an anonymous, encrypted, almost untraceable cryptocurrency. It’s virtual money like Bitcoin (BTC), but it’s also a coin whose route is almost impossible to follow.
Of course, as you can see, a lot of these people do not necessarily have the best intentions.
What is the difference between Bitcoin and Monero?
The latter coin’s official website explains the most important reason why Monero is a cybercriminal favorite.
With Bitcoin, any BTC can be tracked by anyone back to its creation coinbase transaction. Therefore, if a coin has been used for an illegal purpose in the past, this history will be contained in the blockchain in perpetuity.
Currently, some large Bitcoin companies are blocking, suspending, or closing accounts that have received Bitcoin used in online gambling or other purposes deemed unsavory by said companies.
Oh, by the way, the coin’s market cap is now more than 4 billion USD according to the latest charts.
Due to its design fundamentals and a strong emphasis on privacy, Monero is a Holy Grail to a lot of people:
Libertarians, anarchists, cypherpunks and other anti-establishment groups
Internet activists who want to get funding from their supporters without revealing too much information
Citizens who, for one or another reason, do not want their government to know how many assets they own
People who lost trust in the banks and look for a new way
Members from groups like the infamous Anonymous who target users and organizations in the name of a cause or for just good old trolling
People who make a living online (content creators like bloggers or YouTubers, marketers, etc)
Serious cybercriminals that go for big targets like the NHS, other government sites, Tesla’s cloud servers and so on.
Let’s grab on to this last group. It’s the one that forces you to increase your online security measures, after all.
How blockchain can enable the cybercriminal industry
Want to know why cryptojacking is such a big threat to your financial security?
Want to know why cybersecurity experts are scrambling to counter so many attacks?
Beyond complicated concepts and fuzzy acronyms, it’s quite simple.
In the past, cybercriminals tried to steal your credit card info so they could use your money. Now, cybercriminals can steal your computer’s resources to create money,
In the near future, they will do both.
Why not create malware that uses your computer to create money and also tries to steal your actual money?
With Bitcoin, stealing is possible.
It’s, however, riskier for malicious hackers and not that profitable. The Bitcoin mining process is now too resource intensive for regular setups and is done on specialized hardware.
With Monero, stealing is extremely easy.
Because it can be done on consumer grade CPUs. Monero is also anonymous and untraceable.
Even if the authorities were inclined to help you in case of an attack (though they’re still struggling with the general cryptocurrency concept) Monero makes it almost impossible for them to identify the perpetrators.
The creators of WannaCry, one of the worst ransomware attacks in history, converted their Bitcoin gains to Monero so that the authorities could not follow the “money”.
Moreso, there is an online, free to use tool that makes it easy for thieves to obtain Monero.
It’s called Coinhive.
What is Coinhive?
This code can be embedded on any web page. Once you access that page, it uses your computer processor (CPU) to mine Monero.
Source: official Coinhive website
In a perfect world, the Coinhive script would be used by content creators on their pages. You’d visit their site without being badgered by ads.
You’d read an article or watch a video. While you were doing that, the creators of that content would be paid simply by using a few of your computer’s resources.
This is exactly what the famous Salon.com did – they implemented Monero to obtain revenue and give their visitors a chance to avoid ads.
However, it’s not a perfect world.
What cryptojacking is and how it affects you
Malicious hackers can target the websites you visit and implement the Coinhive script.
It has happened to thousands of websites, from pizza shops to blogs and worse, health organizations and government pages.
The Coinhive script has also been introduced in ads, the Internet Explorer browser, dozens of Android apps and more.
Those running the websites or ads had no idea that there was an unwanted script, one that was using the viewer’s computer to mine Monero.
Such an attack is called cryptojacking, short for “cryptocurrency hijacking”.
It’s stealing computer processing power to create a cryptocurrency and make a quick, untraceable profit.
Basically, without your consent, it turns your PC or device into a Monero miner.
It’s also compromising hundreds of thousands of websites and targeting a lot of vulnerabilities.
Because malware often goes unnoticed by users and antivirus can’t really catch it, it’s a huge challenge to tackle.
The Coinhive script can use 100% of the visitor’s CPU power and thus lower the lifespan of the hardware itself.
When you view a Coinhive infected site or use an app, it’s like a thief breaks in your garage every night and takes your car to run errands.
The car is still in the garage in the morning, but your mileage increased and there’s wear and tear on the machine.
Who knows where your car has been or what’s it been used for?
Moreover, with Monero malware packages, a malicious hacker can also put a surveillance camera in your car. Now, the hacker has free use of your car and, if you leave valuables in it, he can also steal those.
It’s also a horrible attack for the website owners as well, calling into question their security measures and having users ask angrily “Why don’t you secure your business?”
What the future holds for cryptojacking and you
Unfortunately, Coinhive injections are attacks that will paint the 2018 landscape.
Even if all businesses, websites and software apps manage to block it, the idea and technology are out there. There are hundreds, if not thousands of Coinhive copycats currently available or in the pipeline.
There is no question that we will see more cryptojacking and other cyber threats, even if Coinhive and Monero become irrelevant.
We just wrote about attackers using script injections to compromise websites with bitcoin-mining malware, and we’ll unfortunately but definitely issue more security alerts of this type.
Blockchain and cryptocurrency are revolutionary concepts and here to stay.
Even though what’s currently happening could very well be a bubble of hideous proportions, I’d personally say they are the face of the Web 3.0 and the immediate future of the Internet.
However, as with all transitions and as with all financial issues, there are security gaps that you need to close. Here are the a few steps for you to achieve Internet security as a user.
What online security measures you need to avoid cryptojacking
Always protect your computer with an antivirus – here is a guide to pick the best one.
Antivirus is not enough! Modern malware sneaks past it. You also need an anti-malware solution to catch the threats before they reach your PC.
On any browser, both on desktop and mobile, use an adblocker. Only disable it if you trust a website completely.
Always update your software, because most cryptojacking takes place due to unpatched vulnerabilities.
Always use strong passwords or a secure password manager so that, in the event of an attack, your personal info is not compromised.
Knowledge of online security basics will always be useful, so consider signing up for a free course
The Atlantic wrote about cyberflâneur and I think that's the best way to describe myself. Or maybe a digital jack-of-all-trades with a long background in blogging, video production and streaming.
I spend my waking hours snooping through online communities of all types, from Reddit to security forums, from gaming blogs to banal social media platforms like Instagram. Sometimes I even contribute to those communities.