Cryptojacking 101

Cryptojacking is a website or app taking over your device and using its excess resources to mine cryptocurrency. There are examples of this happening right now in the wild (both with and without the “victim’s” consent or knowledge). Currently, this is most commonly happening via JavaScript code running in websites which are able to discretely tap into the user’s excess computing power to mine Monero. The net effect is that the user’s computer uses lots of excess power, costing them money and draining their battery quickly if they are on a laptop, all while making the distributor of the code a small amount of digital currency. If the perpetrator can distribute the code to enough users, it is possible that they could make a significant sum over time.

Easy Attack

If you follow tech news sites, stories involving cryptojacking attacks are everywhere. In just February 2018:

Cryptojacking is popular because it is so simple to use and set up on websites. The most popular variant, called “Coinhive”, only involves ~10 lines of JavaScript that even a non-programmer could fairly easily copy and paste into their website by following simple instructions found online. This ease-of-use factor is attractive to a broad spectrum of people far beyond the core group of hackers who might typically use exploits. Cryptojacking appeals to everyone who wants to make some money.

The “Coinhive” script is used to mine Monero, a cryptocurrency known for being “untraceable”… thus making it a favorite among cyber-criminals. Its value has risen significantly during the period where the Coinhive script has grown in popularity.

Paradigm Shift for the Publishing World?

Earlier this month, Salon.com announced that they would be offering an alternative option to viewing their content. Salon will soon be offering an ad-free option, in exchange for the user allowing Salon to run the Coinhive script while they browse the site.

Salon Cryptojacking

Salon is the first, but certainly not the last media company who will try to offer a younger generation of readers prone to using AdBlockers the option to opt-in to a new arrangement between content creator and participant.

Resource Management

Sliver.tv’s Theta Token is another interesting innovation that follows a similar line of thinking.

The principle is that the company will reward users for using their extra bandwidth and computing power. When you are asleep or not using your computer, you allow them to leverage those unused resources to help them improve loading times to people nearby who are trying to stream video. In return, you are rewarded with “tokens” which you can use to buy various things you might like.

The idea has been around for quite some time. This Motherboard article from 2015 outlines Seven Ways to Donate Your Computer’s Unused Processing Power. From helping SETI to search for alien life to contributing a variety of medical research pursuits, you can lend your PC’s resources to any number of causes through open-source software developed by UC Berkley.

A New Era

We are witnessing a few things happening at once…

  • Billions of internet-connected devices distributed all over the world
  • High computing power supply relative to demand from consumers
  • Anti-advertising sentiment among consumers growing each year
  • Cryptocurrency awareness and greed surging

For content-creators – from high profile, household names to self-publishing bloggers – cryptojacking is going to be an easy-to-implement, attractive alternative to advertiser revenue for the foreseeable future. The success of the strategy will heavily depend on how the cryptocurrency market goes. If Bitcoin and other currencies have a healthy 2018, this movement will only gain momentum.

Along with that change of direction will come complex questions about consumer rights, energy consumption, and privacy & security. Clearly, giving users the opportunity to opt-in should always be established. Consumer watchdogs and advocacy groups will have to continue to help people to be aware of organizations attempting to run cryptojacking schemes without the users’ knowledge. You can attempt to protect yourself by running ad and script blocking add-ons in your browser (I prefer uBlock Origin) and Malwarebytes on your computer.

If you are a content creator, it is time to start thinking about how you are monetizing your content today, and how that might change in 6 months or a year as technology and digital culture evolve.