What Proxies Are For
When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among
Home / Blog / EH Security / The Pirate Bay Exploits Users’ CPU to Mine Superanonymous Cryptocurrency – but Could This Actually Be a Good Thing?
The story first broke on TorrentFreak, which reported on September 16th that a cryptocurrency miner was detected on the popular website – that was also notably among the first to support Bitcoin by adding an option for users to donate via the famous cryptocurrency. A lot of users started noticing that their CPU power decreased dramatically while they were browsing The Pirate Bay – most notably in the category listings and search results – and it was discovered that the site was actually hijacking the visitors’ CPU to mine a cryptocurrency known as Monero.
As was expected many users were not pleased (TPB supermoderator Sid included) and started circulating ways to block the miner, which are quite simple and range from disabling JavaScript to running an adblock. Although file-sharing websites, of which TPB is perhaps the most renowned, are not viewed by most as poster boys for a play-by-the-rules approach to things, there is still a code of honour among thieves that frowns upon exploiting your own visitors. The most crucial aspect of the whole story is that TPB added the miner in secret and this might lead to users being concerned about how secure their browsing experience on TPB is.
After all, cryptocurrencies are relatively new to the game and are still associated with security risks – and Monero is one of the less transparent representatives out there. While most prominent cryptocurrencies, like Bitcoin and Ethereum, support transparency in their blockchains, meaning that transactions are verifiable and traceable, Monero focuses on privacy and obfuscates both the addresses of the transacting parties and the amount exchanged. Privacy is of course not a bad thing, but according to an article published on Motherboard a year ago, Monero’s super anonymity has led to its association with the dark web’s black market, while it has also been accused of not taking security very seriously.
For example, Motherboard also reported in the same article that Monero was found vulnerable to CSRF or Cross Site Request Forgery, a OWASP Top 10 threat. CSRF is an attack vector that exploits a website’s trust in a user, instead of the opposite, and thus tricks a web browser into executing an unauthorized action in an application where the user is already logged in. This means that the user will be authenticated by the application and makes it impossible to discern a legitimate request from a forged one.
In view of the outcry, TPB was quick to address the issue and stated that the miner was a test for a way to generate revenue in order to get rid of annoying ads while keeping the website afloat financially – and as the user comments to the statement demonstrate, the idea did fly surprisingly well among users. It seems that although unfortunate on how it went about it, TPB has opened up a debate on whether this could actually be a viable alternative for people to enjoy ad-free websites.
Could crypto-mining soon spread to other, more mainstream websites? It remains to be seen.
Industrial Cybersecurity
September 28, 2023
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among
You might have heard that the iPhone is almost completely impossible to hack or that Samsung devices have some of the best firewalls in the
As with any technological component, security must be a primary consideration when managing a Kubernetes environment. Applications are constantly at the risk of compromising with
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings