Afro Voice / The New Age

Crypto currency miners may be targeting your computer

By Raymond Joseph and Schalk Venter 4 June 2018

Code running in the background of the website of the Afro Voice newspaper, the renamed former Gupta-owned The New Age, which hijacked unwitting visitors’ computers to mine crypto currency, has been deactivated.

The code was discovered when a tech-savvy visitor to the Afro Voice / The New Age (the web domain is still www.thenewage.co.za) noticed that his laptop had slowed down markedly. And when he investigated he discovered crypto currency mining script inserted into the website’s code that was using his computer to secretly “mine” a crypto currency called Monero.

Crypto currency miners are rewarded with digital coins when one or more computers run by them help to solve complicated mathematical problems. And the more computers involved, the faster the problem is solved and the more coins are awarded.
 The software on the Afro Voice’s website is called Coinhive and uses the Central Processing Unit (CPU) of the computer of visitors to perform the functions needed to mine coins.

On Friday Gary Naidoo, senior General Manager for Afro Voice, emphatically denied that they had added the code to their website.


I am not aware of this at all and we will definitely do something about it. I am meeting with our in-house website people today and will urgently raise it with them,” he said.

A few hours later mining was no longer happening. 


The Afro Voice site is built with WordPress and this particular mining software is a plug-in that can be simply switched on or off.
 Wayback Machine, which archives earlier versions of web pages, shows the mining code was not in place on May 14, but was there on 22 May, the next time the site was archived. It was still in place on Friday, 1 June, before being removed, meaning it was active for at least 11 days. The publisher of Afro Voice, as do most online publishers, indirectly covers itself for such eventualities, as is clear in their Terms and Conditions
.

Besides slowing down computers, crypto-currency mining also consumes huge amounts of electricity. In South Africa the cost of mining a single coin is $5,948 but with the current value of a Bitcoin at $7,566 on 1 June, it is still a profitable venture – especially if someone else is paying for the electricity consumed.

The developers of Coinhive pitch it as a new and innovative way for online publishers to generate revenue, as more and more people install ad blockers. But they say that this should be with the full knowledge and consent of the owners of the computers being used for mining. The revenue raised from the mined coins is shared 30-70 between Coinhive and the websites running it.

Some publishers are honest and upfront about what they are doing. For example, when an ad blocker is detected on the computer of a visitor to the US online publishers Salon, a pop-up is generated with the option of turning off their ad blocker. Alternatively, Salon offers an advert-free browsing experience if visitors grant them permission to use their unused computer power to mine crypto coins while they are on the site.

But secretly inserting the code into a website without the owners’ permission is an increasing problem in the United States – and will inevitably become more common in SA. 


Last year crypto hackers hijacked the website of PolitiFact, a highly credible US political fact-checking website, and used visitors’ computers to mine crypto currency for them. The hack was discovered by security researcher Troy Mursch, who alerted PolitiFact after he noticed that visiting the site caused his computer’s CPU to run at its maximum capacity.

But sometimes the offenders are the websites themselves, with some secretly adding the script to their website without disclosing this to users or giving them the option to opt in or out.

Last year on-demand websites ShowTime and ShowTime Anytime removed the Coinhive programme after users on Twitter bust them for secretly running it without disclosing what they were doing.

The Pirate Bay, a torrenting service, was also bust for secretly running crypto mining software. They then asked users whether they preferred an ads-free experience or crypto currency mining – and surprisingly many people were open to the mining idea.


Justin McCarthy, a media and tech commentator, says there are both legal and ethical issues involved in using someone else’s computer to mine crypto currencies without their permission.

“It is uncharted territory and complicated. I believe that it may constitute a criminal offence if not clearly declared by the publisher.”

He also believes that it may breach new privacy laws like POPI in South Africa and the European Union’s even more stringent GDPR laws. But it would be impossible to prove without a major digital forensic audit that the website had added the programme, rather than falling victim to cryptojacking, he says.


McCarthy believes that it is can be an effective and legitimate revenue generator for publishers “as long as they are transparent in disclosing what they are doing”. Website owners must also make it simple for someone to opt in or out, he adds.

But ultimately, the onus is on the owner of a computer to protect themselves against unwanted invasions of their privacy, says McCarthy. As with your sexual health it is on you to take precautions to safeguard your online health.


What steps can you take to protect yourself?

  • For a start, read the T&Cs before just accepting them when you sign up for a new app or programme for your computer and decide if it’s worth it;
  • Download a free browser extension like No Coin for Firefox or for Chrome, depending which browser you use;
  • This blog has some good advice on how to check if a website is mining crypto currencies, and how to stop them;
  • Protect your online privacy by blocking unwanted trackers by installing Privacy Badger for Chrome or for Firefox. DM

Raymond Joseph is a Cape Town-based freelance journalist and media trainer; 
Schalk Venter works as a front-end developer for OpenUp, a Cape Town-based civic tech organisation.

Gallery

In other news...

South Africa is in a very real battle. A political fight where terms such as truth and democracy can seem more of a suggestion as opposed to a necessity.

On one side of the battle are those openly willing to undermine the sovereignty of a democratic society, completely disregarding the weight and power of the oaths declared when they took office. If their mission was to decrease society’s trust in government - mission accomplished.

And on the other side are those who believe in the ethos of a country whose constitution was once declared the most progressive in the world. The hope that truth, justice and accountability in politics, business and society is not simply fairy tale dust sprinkled in great electoral speeches; but rather a cause that needs to be intentionally acted upon every day.

However, it would be an offensive oversight not to acknowledge that right there on the front lines, alongside whistleblowers and civil society, stand the journalists. Armed with only their determination to inform society and defend the truth, caught in the crossfire of shots fired from both sides.

If you believe in supporting the cause and the work of Daily Maverick then take your position on the battleground and sign up to Maverick Insider today.

For whatever amount you choose, you can support Daily Maverick and it only takes a minute.

Support Daily MaverickPayment options


Comments - share your knowledge and experience

Please note you must be a Maverick Insider to comment. Sign up here or if you are already an Insider.

SCORPIO

Gravy Trains, always on time: Cash from Prasa’s R3.5bn locomotives deal also flowed to Jacob Zuma Foundation

By Pieter-Louis Myburgh and Sikonathi Mantshantsha

"It's the friends you can call up at 4am that matter." ~ Marlene Dietrich