It's a heavenly feeling when a coffee lover goes to a popular coffee shop, drinks a cup of coffee while soothing music plays in the background and there is a free wifi connection to connect to. Feels Good? It is said that Coffee is a language itself and everything gets better with a coffee. But something different happened in Buenos Aires, Argentina in a shop of coffee giants Starbucks.
The Incident: Noah Dinkin, CEO of a NY based email marketing firm Sensul connected his laptop to Starbucks free wifi, like millions of other coffee drinkers do across the world. While doing so, Dinkin observed that there was a 10 second delay when his laptop first connected to the stores wifi network. He got curious and pulled up his browser’s source code and discovered something out of ordinary. The wifi network was exploiting his laptop’s processing power to mine cryptocurrency. He immediately tweeted-
Hi @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand.. cc @GMFlickinger pic.twitter.com/VkVVdSfUtT— Noah Dinkin (@imnoah) December 2, 2017
To this, the official StarBucks Coffee Twitter account responded after 9 days claiming that the problem was fixed as soon as it was notified. In an interview to the Motherboard, StarBucks blamed its wifi provider and assured that incident was limited to one location.
However, Hackread.com and Blockexpoler.com have reported that the script was in fact Coinhive code, which was used to generate Monero Coins. This isn’t the first-time such illicit cryptocurrency mining has taken place. The problem is likely to grow as the value of many cryptocurrencies rise. According to hackread.com, the culprit is likely not to be wifi provider, but cybercriminals who have recently been identified as inserting the script in more than 5000 websites.
What is Crypto-Jacking:
The unannounced and unauthorized use of someone’s laptop or system for processing power to mine cryptocurrencies is called as Crypto-jacking.
How is it done:
Hackers are innovative different ways to cryptojack your system for crypto mining. In this case, it was via wifi connection. Another popular method used by hackers is loading the mining program into user’s browser when the video player is downloaded to stream the video. Websites such as Showtime, the official UFC streaming website and the official merchandise website for Suburu have recently been victim to these attacks. Even Open load, Streamango, Rapidvideo and Online Video converter are affected.
Threats of Crypto-Jacking:
Currency mining results in poorer computer performance, making the laptop/ system sluggish and slow while interfering with their intended activities. The activity can also result in higher electricity bill. Moreover, hackers can enter your system and subsequently can access all your data and financial transactions.
Why is it done:
Mining requires industry grade IT infrastructure which is very expensive. As a workaround of using extremely expensive servers, hackers are putting a script on popular websites or wifi networks like in case of StarBucks, which infect the computers of those visiting or connecting.
How to avoid this:
CTO of Symantec Pacific Region Nick Savvides said, “the best way to avoid hackers hijacking your computer’s processor to mine for coins was to ensure your security software is upto date”. Also as a general practice, users must clear their browser cache regularly and scan computer for threats.
Unlike Bitcoin, Monero mining does not depend on heavily specialized, application specific integrated circuits, but can be done with any CPU or GPU. Therefore, it can be easily mined on home computers without any specialized hardware.
Recently, it is observed that some websites use cryptocurrency mining to monetize the platform — informing visitors of the activity ahead of time, as is the proper thing to but many hijack the visitor’s computers instead, keeping its activities secret.
The user may not realize that mining is taking place, instead being left to wonder why their computer’s performance has decreased. Some ad blockers now block mining activity, but not all of them.
The Pirate Bay has acknowledged using visitors’ computers to mine cryptocurrency, revealing that this is a monetization method that could potentially replace advertisements.
Not all companies are upfront about it, though. Showtime, for example, was found earlier this year to be mining cryptocurrency with visitors’ computers sans permission or notice. Additionally, websites are also putting the code in themselves as an extra way to earn money – The Pirate Bay is one such example.