The recent explosion of the bitcoin exchange rate has catapulted cryptocurrencies into the news headlines. But what does that mean for IT security? Should we be worried? I will argue: Not more than usual!
Photograph by Xiang Gao
CryptocurrenciesMost people think of bitcoins when they hear the term «cryptocurrencies». But in fact, there are many different cryptocurrencies out there, with different properties. Examples include Monero, Dogecoins and many more. What they all have in common is the usage of a cryptographic algorithm, the so-called blockchain, as a basis to secure transactions. The blockchain stores all transactions done in a given currency in a cryptographically secure way. There are many good explanations of the blockchain available, so we'll skip this here. What is important to know, is that creating a new block is a computationally intensive process, i.e. it requires CPU cycles, which in turn require electrical power. A person calculating a block gets, some of the cryptomoney as a reward. This process is called mining and is set up in a way that subsequent blocks are harder and harder to mine, in terms of CPU usage.
Make money fast...Thus, mining bitcoins, for example, is not profitable anymore, that is as long as one has to pay the power bill oneself. If, however, someone else pays the power bill things look different.
So what?One could argue that this is not one of the most pressing problems security professionals have today. Indeed, CPU-hogging malware is probably discovered quickly and can be removed. Someone stealing a bit of electricity is not nice, but hey worse things can happen, can't they?
The issue here is not what damage is created, but that someone else is controlling your infrastructure. Mining malware might, in fact, first steal your data and only then start mining. A mining Java script might just as well try to exploit your browser and do more damage. So malicious cryptominers are in fact a sign of bad internet hygiene. And that is something security professionals should be concerned about.