A plain language post about cryptojacking (that anyone can understand)

cryptojacking

What is cryptojacking?

Current technology trends and buzzwords include bitcoin, blockchain, artificial intelligence, etc. It can be overwhelming to keep up; one can be intimidated by the tech lingo. I’ve written about tech before and try to explain it in a way that is simple and understandable.

One article I wrote in this plain-language style was about fog computing.

I like to teach lawyers about technology, especially technology that is new and relatively unknown to the masses. So with this in mind, here is what lawyers should know about cryptojacking…

What is cryptojacking?
Think of it as hijacking your computer. To understand cryptojacking in a comparative way, think about when your car is running and you’re parked in neutral. Your engine is running but you’re not revving it.

You wouldn’t rev the engine while in neutral because it doesn’t make sense. You’re in neutral.

Now imagine that a person wearing a ski mask comes along, jumps into your car and and stomps on your gas pedal (I know this is weird …just hang with me for a bit). The act of pushing down on the gas pedal revs your car’s engine. Additionally, you don’t know who that someone is and you have not consented to this action. Why is this intruder revving your car engine? He or she has hooked your car’s engine to a generator! The bandit wants to rev the engine so that they can steal power.

Another comparison was given by my friend, attorney Marc Whipple (his insightful blog is here). Marc said the principle behind cryptojacking is similar to when somebody parks outside your house and uses your WiFi. Then you wonder why your router is so slow and/or get notices you’re downloading pirated stuff.

This basic theft/tort principle of someone stealing something without your consent is the principle behind cryptojacking. The bandit is stealing your computer’s resources and your electricity.

Consider this: You are web surfing and your computer is operating as it normally does. Upon visiting a particular website, your computer’s hard drive suddenly maxes out at 100% capacity. You don’t know why your computer maxed out. And although you may hear your computer whirling and grinding, you may not be aware that the excess computing power of your computer is being used without your permission. That, my friends, is cryptojacking.

Your computer is being used to mine a cryptocurrency for an unknown person who is going to make real money off of this transaction.

Cryptocurrencies + hijacking = cryptojacking.

When is cryptojacking done?
Whenever a person goes to a webpage that has the cryptojacking code on it. This code is normally in the form of a JavaScript (js) file, which is an extremely common web file. JavaScript is everywhere online, and is considered one of the three languages that all web developers must learn. So we can’t get rid of JavaScript. And although web developers can include these files on their own websites, other people can attack the website and maliciously insert code into the webpage to active a cryptojacking. The original site’s owners may be unaware that this has happened!

In that case, you don’t know who is cryptojacking your computer and neither does the website’s owner!

Why is cryptojacking happening?
To make money for whoever has hijacked your computer. The money is made by mining digital cryptocurrencies at your expense. And you pay for it by increased electricity bills as well as using (without your consent) your computer’s hard drive. Hard drives are mechanical and wear out over time. Again, think back to revving your car engine. A little rev may not hurt the car considerably but extended use of the engine may cause it to be overheated. This is the same for cryptojacked websites… the longer you are on them, the more money the hijacker is making and the hotter your computer, and even your phone, gets.

As cybersecurity expert Scott Hemle explains, when your computer is being cryptojacked, you are inadvertently financing a criminal gang.

We are seeing a surge in cryptojacked websites for many reasons. The cryptocurrency that is most commonly being mined is called Monero, and it is hard to detect who is behind the cryptojacking when this type of currency is being mined. Simply put, it is hard to find the bad guys.

Who is installing the cryptojacking code on a website?
Who knows! As explained above, it is hard to find the attackers in this scheme. The important thing to remember is that the malicious code can be installed without the website owner’s knowledge. So you can’t blame the owner of the website. Shift of liability?

How do you know if a website has cryptojacking on it? I’ll give a step-by-step but it is only for people using a PC that has Windows and Chrome as their browser.

1. Open up your task manager by doing any one of the following:
a. Right-click the Taskbar and click on Task Manager or
b. Open Start, do a search for Task Manager and click the result or
c. Use the Ctrl + Shift + Esc keyboard shortcut or
d. Use the Ctrl + Alt + Del keyboard shortcut and click on Task Manager

2. Click on the Performance tab and note the CPU percentages. Probably less than 100%. Also, notice how the chart to the right is probably jumping up and down but not at constant 100% utilization.

3. Find a webpage that has been cryptojacked. To date thousands of websites have had the JavaScript code in them that cryptojacks a computer. One long-standing example can be seen on http://www.ronpaul.com

cryptojacking

Look for a continuous 100% CPU reading. Your computer is being cryptojacked.

4. When you are on that cryptojacked site,
a. Take a look at your Task Manager and see that the CPU % is peaked, and may be constantly at 100% (look at the chart to easily see this) = JACKED!!!

How (2) do you protect yourself from having your computer by cryptojacked?
1. Install browser extensions to stop the execution of the code. Some popular ones are
a. No Coin
b. minerBlock
c. ublock
d. Adblock Plus

To find these extensions, just do a Google search for them.

How(3) do you remove the malicious cryptomining code from your website?
1. First find the person who has control over your website. If you’re a solo or small, that may be you (congrats on more non-billable-hour work). If you’re lucky enough to have an in-house IT person, call them, thank them, buy them a coffee and nicely ask them if they know about cryptojacking. If they do not, don’t insult them. Cryptojacking is a new thing and not yet widely known. Show them this blog and politely say, “I think our firm’s website may have been cryptojacked.”

2. Then read this page on what to do. Simply put, you need to remove the JS file that is probably called “coinhive.min.js”.

Some additional things lawyers need to consider:
1. All kinds of “computers” can be cryptojacked. Not just your desktop or laptop, but also you smart phone! And yes it affects Macs and PCs.

2. Can you opt-out of being cryptojacked? Short answer- no. You’re probably unaware that either your site has been affected or your computer has been hijacked.

3. Is bitcoin mining the same thing as cryptojacking? No. Words matter here. Bitcoin mining involves using computers to mine digital currency but it is not operating in an unknown way. Cryptojacking is like a trespass to chattel. It’s not on the up-and-up. It also probably violates the Computer Fraud and Abuse Act (CFAA), as pointed about by attorney Vince Polley.

cryptojacking violation

Cryptojacking likely violates the Computer Fraud and Abuse Act.

4. To date, there are over 100 law firms that are running JavaScript files that cryptojack the computers of people who visit their site. How do I know this? I went to https://publicwww.com/ and searched by “coinhive.min.js” “law firm”

5. Other than understanding that YOUR firm’s website may cryptojack visitors (also known as potential clients), people who have been cryptojacked may want to file suit. It will be hard to find the attackers, prove damages, and where the claim falls (trespass to chattels, neglience?), but for those lawyers focusing on cybersecurity, be aware that cryptojacking will increase.

If you want to learn more, here are some resources
1. A good video explaining cryptocurrencies

2. A video of an interview with Scott Helme about the government sites that were cryptojacking visitors this year

3. For the technical bits, look at Troy Mursch’s work with cryptojacking here and follow him on Twitter @bad_packets.

Good luck, and contact me if you have any questions sarakubikphd@gmail.com, or on Twitter @sarakubik. And if I e-mail your firm and tell you your website’s been cryptojacked, please look into this. So far, I’ve contacted two law firms and neither has fixed the problem. Their site still cryptojacks you when you visit them. Not good!

Sara Kubik