I’ve been trying to make a much more concerted effort at making my articles shorter, so consider this part 2 of a piece on Bitcoin I finished yesterday. In this article, I want to take a small piece of information and expand upon it a little further. More specifically, I want to talk about how Bitcoins power consumption has spiked by 29.98% around the world over the course of the last month, and if the power surge continued on at that pace then theoretically all of the worlds power supply would be used up Bitcoin mining by the year 2020.
While this will of course never happen, it is still incredibly interesting – at least to me. As for why I was particularly interested to first learn this, it might have to do with that fact that I was personally the victim of a Bitcoin mining malware campaign just two weeks ago, over the same time Bitcoin power surges were occurring. Coincidence? I think not.
— BleepingComputer (@BleepinComputer) November 14, 2017
What made the malware unique is that it essentially stole a small portion of the processing power of every computer it infected and re-directed that power towards Bitcoin mining. This theoretically allows for thousands of computers to do the work of one or take a large bulk of a network load off an individual processor. As someone whom practices above average security and was still temporarily effected by this cyber attack, it makes me wonder how people were never aware of it to begin with? I think the answer could literally be millions.
I say this because as was first reported by Catalin Cimpanu of Bleeping Computer on November 14th 2017, the malware spread as the result of “A free-to-use script that helps website owners show EU cookie consent popups is dropping an in-browser crypto-currency miner on websites that use it.” Explaining that “The Cookie Consent service generates a block of code that webmasters must embed in their sites” and because the cookie consent agreement is mandated by law to appear on every website within the EU, literally millions of users were exposed to this malware for weeks on end as a result.
As if that was not enough, the EU cookie banner plugin offered by WordPress themselves was also compromised, potentially effecting millions of WordPress owners. This plugin was also how my site was ultimately effected.
The WordPress plugin still offers a version of the script that includes a cryptocurrency miner.
— Catalin Cimpanu (@campuscodi) November 14, 2017
Putting all of this information together, when I read that Bitcoins power consumption started surging over the course of November 2017, I hardly think the Bitcoin mining malware campaign of November 2017 was any coincidence. What makes me angry though is that this hack primarily spread by taking advantage of a Government policy and their laws. Not only does the EU legally mandate all website owners install a script or widget on their site, but the script and widget the EU provided people was also compromised with malicious code used to exploit peoples personal devices and websites? That is unacceptable in my opinion and I am unsure how the EU has escaped liability or criticism in this matter so far.
For anyone whom is not already aware, cookies work by essentially remembering little pieces of information about you and your computer/device every-time you visit a website. A digital file then stores this information so that the next time you visit that site, your browsing experience will be made better, easier or more convenient. However, at the same time, privacy hawks argue that the EU legally mandates websites track and record their visitors information to make online investigations easier, so that peoples internet activity can always be traced/tracked by Government authorities whenever they want.
However, these laws have not been adopted by all countries. Here in the United States for example, website owners are not required to store cookies or any data about their visitors if they do not want to, it is entirely their choice. As an American myself, let it also be noted that I only installed the EU Cookie Consent plugin on my website because I wanted to fit in with my international readers, whom make up a fairly large portion of my audience. However, now that I was effected by the Bitcoin scam last month, I have removed the plugin from my site, updated all the files and completely disabled any/all tracking attempts made through my website, including storing cookies – you’re welcome.
Categories: Hacking News