Gatos virtuais: detectando e avaliando os impactos da mineração de criptomoedas em infraestrutura pública
Abstract
Blockchains and cryptocurrencies represent a revolutionary way to convert energy into a medium of exchange. Today, numerous applications for blockchains and cryptocurrencies are envisioned for purposes ranging from inventory control to banking applications. Naturally, in order to mine in an economically viable way, regions where energy is plentiful and cheap, e.g., close to hydroelectric plants or in certain countries where energy production is greater than demand, are sought. The possibility of converting energy into cash, however, also opens up opportunities for a new kind of cyber attack aimed at illegally cryptocurrency mining. In this work, using data from January and February of 2018 from the Federal University of Rio de Janeiro UFRJ, it was observed that this threat is real and it is presented a projection of the costs and gains derived from these attacks. This work also indicates ways of detection and mitigation of these attacks that were successfully implemented at UFRJ.References
Andersen, D. (2014). Mining money with monero and cpu vector
intrinsics. https://da-data.blogspot.com/2014/08/minting-money-with-monero-and-cpu.html.
Avritzer, A., Tanikella, R., James, K., Cole, R. G., andWeyuker, E. (2010). Monitoring for security intrusion using performance signatures. In WOSP/SIPEW Conf. Performance engineering, pages 93–104. ACM.
Cherone, L. and Mahon, P. (2018). Minerblock extension. https://tinyurl.com/minerblock.
Coinblockerlists (2018). Coinblockerlists. https://github.com/ZeroDot1/ CoinBlockerLists.
Hong, G., Yang, Z., and Yang, S. (2018). How you get shot in the back: A systematical study about cryptojacking in the real world. In ACM SIGSAC Computer and Comm. Security, pages 1701–1713.
Keramidas, R. (2018). No coin. https://github.com/keraf/NoCoin/blob/master/src/js/background.js.
Kharraz, A., Ma, Z., Murley, P., Lever, C., and Mason, J. (2019). Outguard: Detecting in-browser covert cryptocurrency mining in the wild. The Web Conference (WWW).
Kührer, M., Rossow, C., and Holz, T. (2014). Paint it black: Evaluating the effectiveness of malware blacklists. In Advances in Intrusion Detection, pages 1–21. Springer.
Marini, T. (2017). Gato de energia é usado para minerar bitcoins em Paraisópolis. Estadão.
Nadaud, G. C. A. (2012). Acesso à energia elétrica de populações urbanas de baixa renda:
o caso das favelas do Rio de Janeiro. UFRJ/COPPE/Progr. Planej. Energético.
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Computers.
Penin, C. (2008). Combat, prevention and optimization of commercial losses of power.
Rüth, J., Zimmermann, T., Wolsing, K., and Hohlfeld, O. (2018). Digging into browserbased crypto mining. In IMC, pages 70–76. ACM.
Segura, J. (2018). The state of malicious cryptomining. https://tinyurl.com/maliccry.
Setti, R. (2018). Febre de bitcoins cria uma nova indústria de ’mineradores’. O Globo.
Wu, Z., Ou, Y., and Liu, Y. (2011). A taxonomy of network and computer attacks based on responses. Info. Technology, Computer Engineering and Managm. Sciences, page 4.
Zimba, A. and Wang, Z. (2018). Crypto mining attacks in information systems: An emerging threat to cyber security. Journal of Computer Information Systems, page 13.
intrinsics. https://da-data.blogspot.com/2014/08/minting-money-with-monero-and-cpu.html.
Avritzer, A., Tanikella, R., James, K., Cole, R. G., andWeyuker, E. (2010). Monitoring for security intrusion using performance signatures. In WOSP/SIPEW Conf. Performance engineering, pages 93–104. ACM.
Cherone, L. and Mahon, P. (2018). Minerblock extension. https://tinyurl.com/minerblock.
Coinblockerlists (2018). Coinblockerlists. https://github.com/ZeroDot1/ CoinBlockerLists.
Hong, G., Yang, Z., and Yang, S. (2018). How you get shot in the back: A systematical study about cryptojacking in the real world. In ACM SIGSAC Computer and Comm. Security, pages 1701–1713.
Keramidas, R. (2018). No coin. https://github.com/keraf/NoCoin/blob/master/src/js/background.js.
Kharraz, A., Ma, Z., Murley, P., Lever, C., and Mason, J. (2019). Outguard: Detecting in-browser covert cryptocurrency mining in the wild. The Web Conference (WWW).
Kührer, M., Rossow, C., and Holz, T. (2014). Paint it black: Evaluating the effectiveness of malware blacklists. In Advances in Intrusion Detection, pages 1–21. Springer.
Marini, T. (2017). Gato de energia é usado para minerar bitcoins em Paraisópolis. Estadão.
Nadaud, G. C. A. (2012). Acesso à energia elétrica de populações urbanas de baixa renda:
o caso das favelas do Rio de Janeiro. UFRJ/COPPE/Progr. Planej. Energético.
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Computers.
Penin, C. (2008). Combat, prevention and optimization of commercial losses of power.
Rüth, J., Zimmermann, T., Wolsing, K., and Hohlfeld, O. (2018). Digging into browserbased crypto mining. In IMC, pages 70–76. ACM.
Segura, J. (2018). The state of malicious cryptomining. https://tinyurl.com/maliccry.
Setti, R. (2018). Febre de bitcoins cria uma nova indústria de ’mineradores’. O Globo.
Wu, Z., Ou, Y., and Liu, Y. (2011). A taxonomy of network and computer attacks based on responses. Info. Technology, Computer Engineering and Managm. Sciences, page 4.
Zimba, A. and Wang, Z. (2018). Crypto mining attacks in information systems: An emerging threat to cyber security. Journal of Computer Information Systems, page 13.
Published
2019-09-02
How to Cite
PIRES, Victor; COUTINHO, Felipe; MENASCHÉ, Daniel; DE FARIAS, Claudio.
Gatos virtuais: detectando e avaliando os impactos da mineração de criptomoedas em infraestrutura pública. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 57-70.
DOI: https://doi.org/10.5753/sbseg.2019.13962.
