Mining in the local network. Fraudsters have invented a new way of stealth mining in public places. How scammers organize the process of hidden mining through public networks

Cryptocurrencies like bitcoin have been buzzing around for a few years now. You may consider it just another pyramid scheme or a fatal threat to the established banking system, but one way or another, this is money that can also be earned while sitting in the office. We are talking about mining, the alleged profit from which encourages people to use computers in their workplaces to receive electronic tokens. And this means that there are serious risks for each specific company.

Examples - the sea. So, recently a group of scientists was detained in Russia who were trying to mine bitcoin on the country's largest supercomputer. In the US, Tesla was compromised, whose cloud storage AWS has also been used to obtain cryptocurrency tokens. And the supercomputer of the US National Science Foundation was not just tried, but was already used for mining.

The emergence of new types computer viruses also did not keep you waiting. There was a recent story in the press where a special mining script was surreptitiously downloaded onto the computers of visitors to specific websites, including, for example, the National Health Insurance in the US and an education loan company in the UK. Individually, user computers generated quite a few tokens, but the hackers expected that it was the joint work of tens of thousands of infected computers that would bring profit.

What is mining?

To understand the issue raised, it is necessary to have at least a general idea of ​​what cryptocurrency mining is and how it works. People who want to make a fortune in cryptocurrencies should have the following resources:

    powerful computer;

    Internet access;

    access to a source of inexpensive or free electricity.

The way to get bitcoin is quite simple: the power of the user’s computer is used to generate blocks of transactions that go through a special confirmation procedure and are included in the blockchain on which the cryptocurrency is based (“proof of work”).

Together, these blocks form both the cryptocurrency itself and the infrastructure for maintaining an international decentralized secure exchange and payment system that does not require classical banking mechanisms and does not provide for large commissions for cross-border currency transactions.

However, participants in the process are faced with tasks that can only be solved with the help of powerful computers, which is why only arrays of the latest graphics cards are used to work in this area.

electricity price

The more powerful the computer, the more electricity it consumes. Of course, you can continue to mine on the old PC in your bedroom, but then, most likely, you will pay more for the consumed electricity than you earn on cryptocurrency.

“The economics of bitcoin is such that most miners need access to a reliable source of cheap electricity no more than 2-3 cents per kilowatt hour. Therefore, they often move closer to the hydroelectric power station, it is cheaper there, ”Sam Harnett of the Rocky Mountain Institute explained in an interview with The Washington Post.

The world's largest mining farms are built in close proximity to solar and hydroelectric power plants in China. A Russian billionaire recently bought two power plants to power his own mining farms. In Iceland, where about 80% of all electricity consumed is generated by hydroelectric power plants, power grid operators are seeing an explosion in demand for power from mining farms and are openly talking about an impending power shortage in the local market.

It is problems with access to sources of cheap electricity that push hackers to create malicious software, which would allow the use of computer power of website visitors. This also explains the desire of company employees to secretly use working computers for mining, since in this case they do not pay out of their own pockets either for electricity or for Maintenance PC.

What are the risks?

There are several reasons why companies should take care to protect work computers from being used for cryptocurrency mining.

    Computers on which cryptocurrency mining software is installed work slower, which negatively affects the speed of business processes within the company.

    The company incurs unreasonable losses by paying ever-increasing electricity bills.

    The increased load associated with the calculation of new blocks of the blockchain leads to a reduction in the life of processors, power supplies and batteries, which directly leads to additional costs for maintenance or replacement of failed computer equipment.

    Mining software can make a corporate network vulnerable to attack and unauthorized entry from outside. According to Kaspersky Lab, the number of such attacks increased from 205,000 in 2013 to 1.65 million in 2017.

Botnet creators and operators and unscrupulous workers often view corporate servers as a good opportunity to earn money from "free" electricity. Botnets are already available on the market for $30/month, and the prices for programs for creating a hidden mining farm based on a corporate network start at $29.

Digital Shadows estimates that a Monero mining botnet operating 2,000 infected computers could bring in up to $500 daily. Latest Programs for illegal mining, they already know how to disguise themselves, bypass anti-virus protection on users' computers or disable it altogether.

CrowdStrike warns that botnets (such as Satori and Smominru) have already appeared, focused exclusively on creating networks for mining, and, for example, the WannaMine virus is trying to infect corporate networks.

Cisco Talos Network Threat Specialist Nick Biassini believes it's time for companies to actively defend themselves. As he told Dark Reading, "This is a huge wave that is hitting more and more corporate networks, every day and in the literal sense of the word."

What to do?

There is a very valid set of rules: companies must constantly improve their security mechanisms, keep their anti-virus software up to date, and be aware of the dangers of traditional hacking tools such as phishing emails and dubious programs and applications from obscure developers.

It is also worth installing specialized equipment and software filters in the company to prevent hacking and unauthorized use of corporate networks, and programs that will allow timely identification of computers with increased processor load or with increased Internet traffic - all these are clear signs of mining. There are ready-made solutions for this, such as the SD-WAN network utility, which allows you to selectively block the ports used for mining transactions. Plus, you need to keep a close eye on changes in electricity bills.

Finally, network administrators need to carefully monitor which programs and programming codes are installed and used on work computers, constantly scan them for malware and vulnerabilities to external attacks.

For mobile devices, there is the Mobile Threat Defense system, which is designed to protect this particular class of devices.

John Evans

Jon Evans is a highly experienced technology journalist and editor. He has been writing for a living since 1994. These days you might read his daily regular Computerworld AppleHolic and opinion columns. Jon is also technology editor for men "s interest magazine, Caliber Quarterly, and news editor for MacFormat magazine, which is the biggest UK Mac title. He"s really interested in the impact of technology on the creative spark at the heart of the human experience. In 2010 he won an American Society of Business Publication Editors (Azbee) Award for his work at Computerworld.

Consider how to mine bitcoins on your home computer and whether it can be done.

All the advantages and disadvantages, as well as more profitable alternatives for mining coins.

Content:

Mining (from Mining - mining) is the only way to get crypto-money. Its essence lies in the fact that a computer or a network of computers perform mathematical calculations. The result of the calculations is finding new blocks of the chain of the cryptocurrency network (blockchain). for each block found, a reward is paid in the form of coins.

If you are still a novice user in the field of crypto, but you want to start mining and earn money on it, you need to study the current realities of this lesson. The complexity of the calculations does not allow us to talk about adequate profitability when working with low-performance equipment, such as a home PC.

The concept of home mining was popular in the early 2010s.

Today, stationary or cloud ones are being created, in which dozens or even hundreds of video cards are involved at the same time. However, this will not prevent you from starting mining on your PC. You should immediately prepare for the fact that the earnings will be very small, but with constant mining it can amount to several hundred dollars a year (subject to the active growth of the Bitcoin exchange rate).

How to start mining on your home PC

If you are one of those who heard a huge number of times about cryptocurrency mining, but did not dare to create their own mining system, first you need to decide how you will work and what currency will be the main one.

  • Choose one of the cryptocurrencies . Further in the article, we will consider the mining of Bitcoin - the most popular cryptocurrency in the world, the capitalization of which is more than 171 billion dollars;
  • Open a wallet for the corresponding currency . As a rule, the official website of the creator of crypto coins has all the information for registering a wallet;
  • Choose which service will be used for mining . This stage should be well thought out, since with the increase in demand for cryptocurrency, the number of fraudulent services that use your PC resource for mining has also increased, but the earned funds are not sent to your wallet. However, there are also a lot of reliable and proven platforms. It is important to choose a pool with maximum performance;
  • Download and install the application . After registering in the pool, you will be prompted to download a desktop mining program. Each service has its own program. As a rule, there are always basic computer requirements to consider;
  • Start mining and earn Bitcoins. When the minimum withdrawal amount is reached (each service has its own threshold), you can withdraw coins by sending them to a pre-created wallet.

It should be remembered that without good hardware characteristics of the processor and video card, mining will be impossible or the number of coins will be minimal (if at all). If you have a good enough home PC, you can try to start mining.

Services that provide users with the ability to mine from only one computer, at the software level, combine the power connected to the network into a pool - a group of devices.

This association is necessary so that at the stage of mathematical calculations you do not compete with powerful stationary or cloud farms.

If the device pool performed a successful calculation and the reward was obtained, it is divided among all group members according to their capacities.

Less powerful PCs will get less money. In any case, participation in the pool is practically the only way to earn money.

If you don’t understand much about the principle of mining coins and don’t want to deal with a lot of concepts, work with automatic miners that you can simply run in the background.

List of reliable applications for automatic cryptocurrency mining on a home computer:

Kryptex - here, after each successful calculation of coins, users have two options for working - send the amount to their crypto wallet or exchange the mined money at the current rate and then transfer it to their electronic money account (, and so on).

Go to the online calculator page and select the currency you want to mine. Then, in the new window, enter the previously calculated hashrate and click on Calculate.

This will allow you to understand whether mining will pay off. Also, the calculator window displays data on how much energy will be consumed during constant mining.

Is it profitable to mine on a home PC

With the rise of Bitcoin it became unprofitable to mine it on home computers.

If you are hoping to earn an income of several hundred dollars already at the initial stage, we advise you to take a closer look at concepts such as cloud mining or .

The work of the miner on a regular PC will bring up to hundreds of dollars in income per month. We recommend using this method only if you have a PC with a good level of performance and while working with it you do not use even half of the video card's resource. For example, you have a powerful gaming PC at your disposal, but you rarely run games on it and constantly use only a browser and simple programs. In this case, the periodic operation of the miner will not harm the system. Also, you should not mine bitcoins on your home PC around the clock. Limit yourself to 6-8 hours a day.

Types of mining

As mentioned above, mining is the only way to get cryptocurrencies, but there is different ways mining:

  • - the most efficient and profitable way of extraction, but it requires investments. You will have to buy a few and fix them simultaneous work. This method requires a separate room and will entail impressive light bills;
  • - these are groups of computers that can be located in different parts of the world, but at the time of calculating and mining cryptocurrency, they will work together. To the pool home computer connected thanks to the program for mining. You can independently configure the operation of several of your PCs through the pool;
  • the easiest way to get coins without "killing" your computer. The essence of this mining method is that a third-party program uses the resource of your video card to calculate mathematical operations. The computer can be or be used by the utility as the only link in the mining network;
  • CPU – today, the method of mining coins using the computing power of processors has become a relic of the past. It is much more profitable to work with video cards, as they are able to mine coins faster, and in the event of a breakdown, the computer does not stop working - all computing operations are switched to the video card that is built into the central processor;
  • ASIC miner- microprocessor equipment created exclusively for the extraction of BTC and coins mined on the same algorithm. Asics provide maximum processing power and are reliable enough for long-term use. The disadvantage is the high cost and the inability to use this equipment anywhere except for the mining of specific cryptocurrencies.

Cryptocurrency mining software

All mining programs work on the same principle. Only the conditions of the mining site can differ.

Before installing the application, read the terms and conditions on the developer's website.

List of the most popular programs for mining Bitcoins and other cryptocurrencies:

  • CGMiner;
  • Bfgminer;
  • SGminer;
  • ccminer;
  • Claymore miner.

Is it worth it to mine on a laptop?

This question sounds very often, therefore, as part of the review, it is necessary to answer it. You should not mine Bitcoin on laptops.

Firstly, the power of even the most powerful model is not enough to mine coins, the cost of which will cover the amount of a laptop purchase.

Secondly, the laptop cooling system is not ready for constant maximum loads on the GPU.

And finally, replacing a burned-out video card in a laptop is possible only with the replacement of the main board, which is equivalent to purchasing a new one.

What is the difference between mining on a PC and a farm - which is more profitable?

Regular mining on a PC can only use one video card. If you use a video card farm, earnings will increase proportionally.

For beginners, it is more profitable to use a regular PC for mining, since you do not need to invest any money in creating a system.

If you are determined to earn a decent amount and invest money in business, buy several video cards and. As world practice shows, it pays off in 6-9 months after the start of work.

conclusions

You can create your own at home.

Today it is realistic to develop a farm for the extraction of cryptocurrency, which will pay off in about 5-6 months and begin to generate a stable income.

Thematic videos:

A lot has already been said about what constitutes hidden mining. But scammers do not stand still. And they are constantly improving their technology. One recent case in Argentina is particularly revealing. What happened to the visitors of the world famous Starbucks says that this can happen anywhere. And it's hard to defend against it.

Hidden mining using public networks

The fact that scammers have learned to use strangers on computers and mobile devices for hidden mining has long been known. People have even found ways to defend themselves against such an invasion. Today, there are a huge number of programs that help to identify criminals and block their influence on a personal device. Therefore, lovers of quick profit at someone else's expense went further.

Hidden mining was transformed into semi-legal with the help of public Wi-Fi access networks. And, as practice shows, neither antiviruses nor special utilities will save you from this. By connecting to the free distribution of the Internet, the user actually allows scammers to use his device to mine cryptocurrency. Naturally, no one is directly informed about this.

How scammers organize the process of hidden mining through public networks

The case of Starbucks visitors prompted the Argentinean mobile operators and software developers to delve deeper into the tactics of scammers. And here, two ways were discovered in which criminals can use other people's devices for hidden mining in public places. The first is to transform the traffic that is distributed by free Wi-Fi in coffee shops, pizzerias or subways. The second is the organization of its own access network.

Organizing your own access network

In practice, the latter is extremely rare, since it is easier for a person who has the resources to create free Wi-Fi in public places to organize. But if the trend with the rise in price of video cards continues, this method of hidden mining can be widely used. In addition, in terms of energy efficiency, using other people's devices is more profitable than operating your own farm.

Traffic conversion

If we talk about the first method, to implement hidden mining, the algorithm of actions in this case is as follows.

First, the attacker places his own machine between the Wi-Fi router and the user's device. This is very easy to arrange if the fraudster's device can work for distribution.

A covert mining criminal first intercepts traffic, and then, by sending false ARP connection protocols, starts distributing it to users. It is noteworthy that in this case, visitors to the establishment will see that they are connecting to an authorized network.

The attacker first sets up an http service on his computer, and then, when intercepting traffic, inserts fragments with its code into the data stream. A stealth mining worm is a simple command that is accessed via Javascript.

The most difficult thing in this case for criminals is to create a program that would automate everything. Otherwise, each IP address will have to be added manually. The configured script for stealth mining itself obtains IP addresses, sets up redirects and tables, performs ARPspoof and starts an HTTP server to serve the crypto repairer.

A hidden miner for cryptocurrencies is no longer a new topic, although there are almost no worthy technical instructions for detecting and eliminating it. There is only a mass of scattered information and articles of dubious content. Why? Because everyone benefits from mining cryptocurrencies on a global scale, except, of course, for those who do not receive a penny from this and do not even suspect that they have become a part of it. And indeed - after all, the principle of hidden mining can become something more than just getting coins into someone else's pocket.

The concept of hidden mining

This is not about mining, which is hidden from housing and communal services for the time being, but about hidden mining of coins on a regular computer, despite the fact that the owner of the computer himself does not even dream about it. In other words, for the extraction of cryptocurrency, it is possible not only to use your own computer, but also many other people's machines.

And it is not necessary that the load on the video card or processor should increase to 100% - these smart people are careful and will not load the machine of a member of their network to unreasonable limits. You can, in principle, not notice much of a difference if you have a powerful enough technique. This is an important condition for keeping the hidden work of the miner.

For the first time, official reports about the phenomenon of hidden mining began to appear in 2011, and in 2013 there was already a massive infection of PCs in various countries via Skype. Moreover, the Trojans not only mined, but also gained access to bitcoin wallets.

The most famous case is an attempt by μTorrent developers to earn extra money on users in this way by introducing a hidden EpicScale miner into the software.

Cryptocurrency mining in the workplace is no surprise anymore. Employees of large enterprises, where the volume of infrastructure exceeds hundreds of workstations, also sin with this. During the mining boom in 2017, there were cases of mining among employees of Sberbank, Rosatom, Transneft and Vnukovo airport. In a large network, the volume of information is so large that it can no longer be handled by a manual control method. To identify incidents and unauthorized actions, automatic analysis of traffic in the enterprise network is required.

A harmless side job or a real threat?

On the one hand, mining cannot be perceived as a direct threat information security enterprises, how difficult it is to hold the miners themselves accountable. Cryptocurrency mining software does not serious damage to ICT infrastructure is not viruses, cyberattacks or data theft. Mining requires only powerful equipment and electricity. On the other hand, the financial losses of the company will be significant:

  • Operating costs for equipment and resources - non-targeted consumption of capacities and consumption of electricity during non-working hours.
  • The salary of an employee who does not perform his job functions while mining cryptocurrencies.
  • Maintenance and repair of equipment that is more likely to fail due to continuous operation.

With expertise in network infrastructure security, Garda Technologies has developed a solution for detecting miners in an enterprise network. Functionality implemented on the basis of Garda Monitor, a system for detecting and investigating network incidents.

Network Forensics in Mining Investigation

Garda Monitor collects and records data on all ip connections, detects various signs of malware and suspicious activity in network traffic. The solution allows you to detect even those incidents in the network that have passed by active security systems. The complex is often used by large enterprises as a “last chance system” when an incident occurred despite all existing security systems, and it is necessary to restore the course of events in order to understand what happened, how and why, and what to do to prevent incidents from recurring.

Detection of illegal mining is one of the most demanded tasks in recent times for solving this class.

The practice of identifying miners

One of our clients with a large corporate network of over 3500 computers asked for help in identifying miners in their network.
It is worth saying that mining itself is difficult to attribute to obvious financial risks or security incidents. Here, rather, the misappropriation of company resources by employees, as well as viruses and advertising programs, which users, out of inexperience, install under the guise of mining software.
But the danger is that mining can be carried out and without the knowledge of the employee. For example, cryptocurrency mining malware is embedded in other installed software or executed directly in the victim's browser, and a computer on the company's network becomes infected. Then this is a serious IS problem.

Garda Technologies engineers, together with the customer's information security department, using the Garda Monitor complex, studied the organization's traffic in detail. We started by searching for hits to the addresses of mining pools - servers that combine the power of the equipment of many miners at once to increase the probability of finding a block and divide the reward for its mining among all participants.
No such traffic was detected.


Therefore, we complicated the conditions - we searched the list of ports that mining software uses to interact with mining pools - but found only non-mining TCP streams. The search for the Stratum protocol, which miners use to connect to the pool, also did not yield any results.

But, in the process of studying traffic in the organization's network, the Garda Monitor system revealed the use of the TOR protocol, an anonymous network of virtual tunnels that provides encrypted data transfer. The use of the TOR protocol on the network is in itself an extremely suspicious event. This means that one of the employees is deliberately trying to hide something, or indicates the presence of software that is trying to hide something, possibly without the knowledge of the employee.

The investigation into the incident continued. At the network level, it became clear from which computers information is transmitted using this protocol.



The fastest and in a simple way further investigation was the use of the capabilities of the DLP system - a solution for protecting against information leakage. In our case, the customer has been using the Garda Enterprise DLP system for quite a long time, the capabilities of which made it possible to conduct a retrospective analysis of corporate communications for the required period.

As a result of the analysis of the actions of employees at computers that transmitted data via TOR protocol, it turned out that ~20 computers had been running 24/7 for several months, while in the last few weeks there were no logins / logouts, application window switching, and even mouse movements and keyboard presses. With the help of a retrospective analysis, it turned out that among the latest activities was the launch of software with parameters command line, similar in format to a cryptocurrency wallet address. The situation was similar on all computers connected to TOR.

After analyzing the launch parameters of the software, we found out that this is software for mining the ZCASH cryptocurrency.

INFO

ZCASH is the first open and censorship-free cryptocurrency that can fully protect the privacy of transactions using a zero-knowledge cryptographic method. The system developer is Zerocoin ElectricCoin Company (ZECC). Its rate, as of July 2018, is $223.9 for 1 ZEC

The complexes "Garda Monitor" and "Garda Enterprise" operated in the organization gave a completely clear picture of what is happening. We identified a specific employee who organized a mining farm at the workplace. Next was the next stage of work with this employee ...

But that's a completely different story.

Similar posts