How Content on the Internet WorksThink of your favorite websites – anything from social media apps to news sites. Now, think of your streaming websites and sports. The former are laced with sponsors, ads, and promotions that are paid for by businesses and individuals to support the development and security of the platform and ultimately the business itself. As a user, these sites are typically free but in order to make money, they have to sell real estate in order to function. Streaming content providers (including entertainment and sports) however make their money from subscriptions. This is generally an annual or monthly rate to subsidize the royalties they pay for content or production of their own material. This is how the content on the Internet works. We pay to review the material or someone else pays to advertise material. I think there is room for another option.
Crypto Mining DefinedFirst, let us define crypto mining. Crypto mining is the process of solving complex problems to verify digital transactions or other mathematical problems using computer hardware and dedicated computational software. Miners can either create a cryptocurrency or get paid for their processing power in a cryptocurrency once mathematical problems have been solved and verified using affiliate technology like Blockchains. In order to be successful, micro processing (CPU or preferred graphical processing power) is needed and the average computer, phone, and streaming device sits idle throughout the day or is not fully utilized when services are rendered. This leaves room for spare CPU cycles to be implemented for this type of project.
The Value of CPU CyclesNow, let us continue with the value of CPU cycles. A single CPU cycle represents a financial loss or gain based on the on the work processed. If you consider the cost of the initial system, amortized depreciation, maintenance costs, and monthly electric and cooling costs, each CPU cycle literally can be translated into some dollar value. While this would be infinitely small based on modern CPU clock speeds, the cost realization per hour, day, or month is something we reconcile every day; especially when licensing CPU power from shared and cloud resources. Therefore, CPU time has a value and the goal of legal crypto mining is to offset the purchase and operational cost of the CPU and to perform the work in the background of legitimate services. The result to the consumer is a free or discounted subscription fee or the need for the provider not to market and sell advertisements. If the initial costs are not in a mining farm, but rather from someone else’s environment, the profit ratio can be easily be biased towards the mining and content operator.
Why Illegal Crypto Mining is PopularThis is why illegal crypto mining is becoming so popular – because threat actors are making money using some else’s investment. The real objective is to turn this around and allow for real services to perform the same work while consumers use their resources. Large scale crypto mining for the provider and no subscription fees or advertisements (commercials) for the consumer. A win – win situation for both and crypto mining might just be the first step for other businesses to leverage spare CPU cycles from idle devices. In addition, the more time you spend using the service (like binge watching a TV show), the more CPU time the provider gets in the background to support the model. All it would take is enabling an application to use background CPU for a purpose and the consumer to accept an end user license agreement (EULA) that grants the content provide to use a fraction of their resources for an additional purpose.
A Real Example of How This Could WorkIf you think this entire scenario is far-fetched, the technology already exists to make this work. The University of Berkley has open source software for volunteer computing called BOINC. The technology uses the idle time (or spare time) on your computer to cure diseases, study global warming, discover pulsars, look for alien radio signals, and do many other types of mathematically intensive scientific research. There is no reason the same approach cannot be used for crypto mining or adopted by content providers to use spare resources along with their services to solve many of these humanitarian problems the world faces today. Imagine streaming a movie and spare CPU cycles are looking for a cure to a genetic disease or predicting the weather. Sitting on the couch could actually be proven to be productive. Whether this concept actually becomes reality is to be seen. It might be another form of digital transformation or maybe it is just a glimpse into the future. In either case, organizations will still need to determine if CPU cycles are being used for legitimate business purposes, for someone else’s financial gain, or for potential malicious activity. A vulnerability assessment is a good way to determine if your assets are at risk for malicious activity and if your browsers could be hijacked today for illegal crypto mining. For more information on how Retina CS could help perform these assessments, contact us. Otherwise, stay tuned. The services you utilize today might end up solving some of the world’s most mathematically challenging problems while you sit on the couch.
Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust
Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.