Criminals are siphoning computing power from myriad devices to mine for currency.
In the Rob Reid’s fiction novel After On, an NSA employee uses a phalanx of unwitting consumers’ computing power to illegally crack encrypted messages sent by his bosses – including the President of the United States. The rogue employee gained access to this computing power by inserting code into an app that was downloaded by thousands of users, giving him the vast processor resources needed to crack the encryption.
While the previous scenario is fiction, we see such hacks happening in reality. There was the Mirai botnet that used hacked network-connected DVRs and video cameras to successfully unleash torrents of DDoS traffic against targets.
And now, criminals are using hijacked devices to mine for crypto currency. The key to making money in the crypto currency world in the amount of processing power one has on hand to do the mining. So, it’s no surprise the criminal types are trying to amass as much computing power as possible.
The crooks are leveraging just about any device they can infiltrate to gain computing resources: phones, PCs and internet-connected things. Yes, even your fridge could be roped into mining for some crypto coin.
In many cases, the amount of resources being used on an individual device is small enough that a legitimate user doesn’t notice. Groups are even using malware that gets installed when a person visits a site, starts mining while the person is on the site, then disappears when the session ends.
Combine enough of these resources and voila, you have quite the processing horsepower at your disposal to mine away.
Stopping the bad guys
Hacking to mine for crypto currency is yet another move in the cat-and-mouse game that plays out between the good guys and bad guys. For traditional PCs and Macs, malware vendors are catching up with wares that can sniff out / block malicious code on machine.
It’s on the IoT front that things are a bit scarier. While manufacturers are catching on and building in security to devices now, there are still a lot of older devices accessible via the Internet with little to no security controls, making them ripe for the picking.
IoT device makers of all stripes need to ensure the code that operates their devices is secure and vulnerability free. We continue to see a reluctance to sacrifice time to market for security, but there are ways to balance both speed and security.
Until that happens, criminals could have the upper hand in infiltrating Internet-connected devices and using the accumulated processing power for illicit means.