What is Cryptojacking and How Can I Protect Myself?

What is Cryptojacking and
How Can I Protect Myself?
Presented by Dave Buster, CISSP

© Global Knowledge Training LLC. All rights reserved. Page 2
Your Panelists
Dave Buster
Senior Cybersecurity Portfolio
Director

Cryptojacking?

What is:
• Blockchain?
• Bitcoin?
• Hashing?
• Mining?
• Cryptocurrency?
Definitions?

Blockchain is a technology to publicly distribute immutable
information across multiple computers.
• Information is stored in “blocks” of data that are passed
around. (Distributed)
• Most implementations use some sort of hashing to insure the
integrity of blocks. (Immutable)
• Each block includes the hash of the previous block- hence
the term “block chain”
• Various protocols are used to distribute updates across all
computers.
• The computers then verify and agree on legitimate
transactions to add to the next block.
• In order to get them to cooperate to do the work, some sort
of reward must be offered.
• One of the first useful implementations of the concept was
“Bitcoin”.
Blockchain technology (Generic view)

In 2009, someone using the name Satoshi Nakamoto wrote a white paper outlining
a scheme to use Blockchain technology as a new form of public “cryptocurrency”.
• Bitcoin uses “proof of work” to award new Bitcoins to computers who build and
verify the blocks.
• Because new coins come into existence as rewards, they are called “miners”.
• The rewards get smaller over time, while the difficulty of the work increases.
This helps make bitcoins more valuable and scale.
• There can only be a maximum of 21 Million Bitcoins ever created. As of
January 2018, about 16.7 million have been mined (released).
• A user can create a “wallet” to hold coins. The public address is used to
receive money, but a private (secret) key is required to send money.
Bitcoin
By Zhitelew - Own work, CC0,
https://commons.wikimedia.org/w/index.php?curid=40617621
Bitcoin Transactions per month
Is it money?
IF a buyer and a seller agree, then it is.
Rational actors will only hold a commodity if they
believe it will hold value and can be traded to
someone else later.
A student showed his
Bitcoin public address on
ESPN…and collected over
$20K

SHA-256 is one of a family of mathematical algorithms that produce a unique
digital signature for any data input into the calculation.
• The hash is “computationally difficult” to compute, but easy to verify.
• No matter how many bits in the source file, the output is always 256 bits.
(It is recursive.)
• It is impossible to predict what a hash will be for a given block of data
without actually doing all of the calculation (no short cuts or estimates).
What is a the SHA-256 Hash?
"Hello, world!0" => 1312af178c253f84028d480a6adc1e25e81caa44c749ec81976192e2ec934c64
"Hello, world!1" => e9afc424b79e4f6ab42d99c81156d3a17228d6e1eef4139be78e948a9332a7d8
"Hello, world!2" => ae37343a357a8297591625e7134cbea22f5928be8ca2a32aa475cf05fd4266b7
...
"Hello, world!4248" => 6e110d98b388e77e9c6f042ac6b497cec46660deef75a55ebc7cfdf65cc0b965
"Hello, world!4249" => c004190b822f1669cac8dc37e761cb73652e7832fb814565702245cf26ebb9e6
"Hello, world!4250" => 0000c3af42fc31103f1fdc0151fa747ff87349a4714df7cc52ea464e12dcd4e9
Examples of hashes: (we typically don’t show 1’s and 0’s. So, 64 characters x 8 bits = 256 bits)
• Note that changing a single bit changes the entire hash, and it’s completely unpredictable (Avalanche effect).
• If you want 4 leading zeros, you would have to test 4,250 additional numbers until you found a hash that works.

Mining is a reward system based on proof of work.
• Bitcoin uses the SHA-256 Hash algorithm to create a unique digital signature (hash) for each block.
• Bitcoin adds difficulty by requiring that the computer add a random number (called a “nonce”) to the
block with the goal of getting the final hash to have some number of leading zeros. (Yes, it’s a bit
arbitrary, but it works.)
• The first miner to find a nonce that returns the correct number of leading zeros (currently 18) wins
some Bitcoins (currently 12.5). That block and hash are then distributed.
• The Bitcoin network mines a new block about every 10 minutes.
What is bitcoin “mining”?
Home ASIC miner: Antminer U3 with a Raspberry Pi
acting as a supervisor. This rig calculates 50 GH/s (50
billion hashes per second) in the “Bitminter” pool.
After electricity costs, it makes a profit of about 17
cents per week. (January 2018). Sigh.
Bitminter Pool
dashboard

In addition to Bitcoin, there are hundreds of competing cryptocurrency coins
emerging. Most will fail.
Other Cryptocurrencies
Coinmarketcap.com
currently tracks about 1422
different crypto coins.

Blockchain and Cryptocurrencies use cybersecurity technologies:
• encryption
• hashing
There is ongoing development to use blockchain to benefit cybersecurity:
• Enhanced data availability (storage)
• Certificate management (Guardtime)
• Identification management (REMME)
• Trusted DNS (to prevent DDoS)
What about Cybersecurity?

The Dark Side of Cryptocurrencies
Anonymity supports illegal transactions:
• Ransomware payments
• Dark web transactions

There have been some high profile cryptocurrency hacks:
• Mt. Gox
• In June of 2011, a hacker broke in, transferred and then sold bitcoin. Losses were about
$8,750,000.
• In February of 2014, transaction malleability attack forced Mt. Gox to declare bankruptcy.
• Ethereum DAO attack
• In June of 2016, someone manipulated a contract programming loophole and stole about a
third of all Ether coins before the leak was detected. (~$50M dollars). It caused Ethereum
to split into “Ethereum Classic(ETC)” and Ethereum(ETH).
• Bitfinex attack
• In August of 2016, the Hong Kong based exchange was attacked and about $72M in
Bitcoins was stolen.
• NiceHash attack
• In December of 2017, the Slovenian bitcoin mining was hacked and about $80M in Bitcoins
were stolen.
What about the bad guys?
Never the less, cryptocurrencies continue to move forward.

Mining software that runs as Javascript in the browser.
A link to the software can be included in any web page.
When you go to that web page, they can cause your
computer to start mining cryptocurrency for them.
Top 3 cryptojacking companies:
• Coinhive
• JSEcoin
• Cryptoloot
The companies split the profits with the web page
owner. These products are legal, and being offered as
a substitute for advertising revenue. However, the web
site owners don’t have to tell the users.
The next trend: Cryptojacking
These miners typically mine Monero coins,
because Bitcoin difficulty is too high.

Coinhive pays out about 0.00015 XMR (Monero) per 1 million hashes.
Data: A typical laptop computer can do about 30 H/s
Cryptojacking by the numbers
Advertising model
1000 users per day
1% click through ratio, payment $0.50 per click
Total: 10 clicks per day
Total daily revenue: $5.00 per day
Cryptojacking model
1000 users per day
30 H/s, 5 minute visit = 9000 H/user
Total hashes = 9 million hashes per day
Total daily revenue: $0.51
So, if Advertising pays 10 times better than Cryptojacking, why is Cryptojacking “a thing”?
If a website can be hacked, the hacker can add the cryptojacking code and
collect the reward for himself. The website owner would not even know.

Coinhive has been injected into many sites.
Hacked Websites
https://shop.subaru.com.au/
Note: The actual browser code can be easily viewed and
analyzed. A unique Coinhive ID is included so that the
hacker can be paid. Over 85% of them in the wild go
back to the same 2 Coinhive accounts (IDs).

Some downloadable apps contain hidden mining software.
They can:
• Slow down your cellphone
• Use up your battery
Some have been known to physically damage the phone by draining the
battery too quickly, causing it to overheat and swell.
Mobile risks
Loapi Malware on Android

Defenseᵌ: Human Element and 3D Defense
PROCESS
PEOPLE
TECHNOLOGY
More than “Defense in depth,” organizations need Defenseᵌ because cyber attacks happen across three dimensions.
Cyber attacks are people
attacking people, not machines
attacking machines, so an
educated workforce is critical.

Install anti-cryptojacking plug-ins in Chrome. Many Ad-blockers are starting pick them up as well.
Redirect: add 127.0.0.1 coin-hive.com coinhive.com to your hosts file.
Use a trusted DNS service. Examples:
 Google: 8.8.8.8, 8.8.4.4
 OpenDNS: 208.67.229.220, 208.67.222.222
 DNSWatch: 84.200.69.80, 84.200.70.40
 Norton Connectsafe: 199.85.126.10, 199.85.127.10
 Comodo Secure: 8.26.56.26, 8.20.247.20
If the computer slows down, check the process manager to see if the browser is using up too many
resources.
What should you do?
Note: Some cryptojackers are using “pop-under” techniques to hide the
running code (often under the bottom task bar) You may have to reboot.
Traffic to/from the miner is typically encrypted in TLS, and looks like
normal port 80 web traffic. It’s difficult to detect on the network.

Take That Next Step in your Cybersecurity Career
Foundational Courses:
Cybersecurity Foundations
Fundamentals of IS Security
Certification Courses:
CompTIA, (ISC)2, ISACA,
IAPP, EC-Council,
Product Courses:
Cisco, IBM, SonicWall, F5,
Dell, Palo Alto

Learning More
www.globalknowledge.com
For additional resources, visit us at…

What is Cryptojacking and How Can I Protect Myself?

In this document