Pickpockets and crypto jackers

While in the physical world the pickpockets illegally access the victims’ wallets to steal money, similarly in the digital world the crypto jackers access the victims’ computers to mine crypto currency. To make matters especially interesting, it is possible for Crypto jackers to mine cryptocurrency even without compromising the victims’ computers. They just need to “lure” the victims in a malicious website which downloads in the victims’ browsers javascript code that mines cryptocurrency. This mining can go undetected for a long time while the crypto jacker abuses the system resources (e.g. local CPU) to mine cryptocurrency. Indeed, the victim might not notice anything out of the ordinary, apart from increased CPU utilization and/or increased of temperature of the device.
In addition to attackers, crypto currency mining can also be used for legitimate purposes as well. Indeed, crypto currency mining can be viewed as a potentially new web monetization scheme. For example, traditional web sites use advertisement as their main source of revenue. That is, when a client accesses the web site, the client is shown a sequence of ads. The owner of the web site receives some revenue from these ads, which in turn can be used to cover the costs of the web site. To make these ads more effective, sophisticated personalization has been extensively used in the past. Unfortunately, this personalization usually involves extensive user tracking. To avoid this user tracking, crypto mining can be used as a source of revenue. That is, when users visit a web site, instead of receiving a stream of advertisements, they may receive some javascript code that mines cryptocurrency. The longer a user stays on a web site, the more cryptocurrency is mined.
In the paper “Truth in Web Mining: Measuring the Profitability and the Imposed Overheads of Crypto jacking”, P. Papadopoulos, P. Ilia and E. Markatos measured the cost of web crypto mining imposed to the web clients and the profitability to the publishers or to crypto jackers. Their measurements revealed interesting results:

  • Crypto-mining alone may not be profitable.  But it becomes profitable if it is combined with ads; by utilizing ads to generate a basic revenue and move to crypto mining when their websites become idle.
  • Time was found to be a very important factor since the more the embedded miner works in the background, the more profitable it becomes for the publisher or the crypto jacker.
  • The more websites rely on web-crypto-mining for funding, the less revenues will be generated for their publishers.

The authors provide an important policy recommendation in order to enhance the transparency of the web: they propose that since crypto-mining impose costs on the user, the user needs to be informed about these costs and give them the option to choose which of the two monetization schemes to choose (advertising or web-crypto-mining).