{"id":5368,"date":"2017-10-30T14:01:37","date_gmt":"2017-10-30T18:01:37","guid":{"rendered":"http:\/\/ncjolt.org\/?p=5368"},"modified":"2020-06-04T20:52:51","modified_gmt":"2020-06-04T20:52:51","slug":"cryptojacking-abuse-javascript-cryptocurrency-mining-challenges-legitimate-use","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/cryptojacking-abuse-javascript-cryptocurrency-mining-challenges-legitimate-use\/","title":{"rendered":"Cryptojacking: Abuse of JavaScript Cryptocurrency Mining and Challenges of Legitimate Use"},"content":{"rendered":"<p>In recent months, some websites have commandeered users\u2019 computer processors to \u201cmine\u201d cryptocurrency. This new form of computer user abuse is called <a href=\"https:\/\/www.wired.com\/story\/cryptojacking-cryptocurrency-mining-browser\/\">\u201cCryptojacking.\u201d<\/a> Cryptojacking is possible because of new \u201cmining\u201d technology that allows websites to run <a href=\"https:\/\/www.wired.com\/story\/cryptojacking-cryptocurrency-mining-browser\/\">JavaScript<\/a>s that use an individual\u2019s computer processing power to mine cryptocurrency without the individual\u2019s knowledge or permission. This allows the website to profit at the expense of the individual\u2019s computer performance and power bill. The most prominent scripts for this purpose are currently <a href=\"https:\/\/malwarecomplaints.info\/crypto-loot-new-cryptojacking-service\/\">Coinhive and Crypt-Loot<\/a>. Coinhive was the first widely used script, but Crypt-Loot is quickly overtaking its popularity because Crypt-Loot only takes 12% of the profits compared to <a href=\"https:\/\/malwarecomplaints.info\/crypto-loot-new-cryptojacking-service\/\">Coinhive\u2019s cut of 30%.<\/a><br \/>\nIn addition to \u201cCryptojacking\u201d by website owners, there are instances where outside parties hacked websites and then <a href=\"https:\/\/www.wired.com\/story\/cryptojacking-cryptocurrency-mining-browser\/\">\u201cinjected\u201d<\/a> the websites with the script for the outside parties\u2019 gain. In addition to these threats there also <a href=\"https:\/\/malwarecomplaints.info\/crypto-loot-new-cryptojacking-service\/\">downloads<\/a>, for example browser extensions, that run the offending scripts as well.<br \/>\nHowever, the technology itself does not appear to be inherently problematic and may be a <a href=\"http:\/\/wccftech.com\/the-pirate-bay-cryptojacking-mine-monero\/\">legitimate business itself<\/a>. The fact that there is a market for this cryptocurrency suggests that these mining technologies may be a viable way for websites to be compensated presuming the <a href=\"https:\/\/www.wired.com\/story\/cryptojacking-cryptocurrency-mining-browser\/\">computer user consents<\/a>. This technology becomes even more appealing considering that this may be able to replace ads on the internet which have been <a href=\"https:\/\/www.wired.com\/story\/cryptojacking-cryptocurrency-mining-browser\/\">notorious<\/a> security risks themselves.<\/p>\n<blockquote><p>Allowing a user to consent to a website\u2019s use of their computing power may alleviate the \u201chidden\u201d aspect of the abuse but brings about a whole host of other problems.<\/p><\/blockquote>\n<p>The director of MalwareBytes Labs, <a href=\"https:\/\/www.wired.com\/story\/cryptojacking-cryptocurrency-mining-browser\/\">specifically notes<\/a> that their anti-malware company is currently blocking the script because it does not allow an op-in\/op-out option. However, he also <a href=\"https:\/\/www.wired.com\/story\/cryptojacking-cryptocurrency-mining-browser\/\">noted<\/a> that they observed that the scripts put a strain on the user\u2019s computer system resources and may degrade the user\u2019s hardware. These observations, along with the facts that people have computers of varying efficiency and obtain electricity at different costs raises the question of whether the average user would even be able to give their informed consent because the average user would not know the value of what they would be providing. In a similar vein, it may also be possible for a user to trick the website into believing that the user is providing more value than they actually are. This would remove the benefit that the user was supposed to convey in exchange for access to the website and creating a problem that is comparable to ad blockers and online advertising.<br \/>\nAdditionally, even if a user could give informed consent, there would also be problems ensuring that the script only uses as much processing power as the user contracted. Specifically, a user may have difficulty noticing usage that is only minimally greater than agreed to. While the additional taking is small on the individual level, when viewed on a large scale this taking could amount to significant increases in profits for website owners which, without deterrence, would encourage additional taking behavior. Moreover, beyond direct economic exploitation, there could be tangential harms related to data and productivity losses <a href=\"https:\/\/www.wired.com\/story\/cryptojacking-cryptocurrency-mining-browser\/\">caused by<\/a> computer or network crashes and slowdowns.<br \/>\nOverall, these new mining technologies may hold economic benefits but the average person\u2019s consent alone (the lack of \u201ccryptojacking\u201d) is not enough to mitigate the technology\u2019s dangers. In order to realize the economic and societal advantages of these technologies research into the appropriate data protection measures and economic efficiency need to be conducted, appropriate regulations may need to be enacted, and users need to be educated.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In recent months, some websites have commandeered users\u2019 computer processors to \u201cmine\u201d cryptocurrency. This new form of computer user abuse is called \u201cCryptojacking.\u201d Cryptojacking is possible because of new \u201cmining\u201d technology that allows websites to run JavaScripts that use an individual\u2019s computer processing power to mine cryptocurrency without the individual\u2019s knowledge or permission. This allows <a href=\"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/cryptojacking-abuse-javascript-cryptocurrency-mining-challenges-legitimate-use\/\" class=\"more-link\">&#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":5370,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5368"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=5368"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5368\/revisions"}],"predecessor-version":[{"id":7016,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5368\/revisions\/7016"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/5370"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=5368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=5368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=5368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}