Cryptojacking is the process of installing mining scripts or outright malicious malware onto computers of unsuspecting users to mine cryptocurrencies. The most popular among these is Coinhive, a javascript mining script installed on websites.
Hackers have been installing Coinhive on websites with weak security to mine Monero. Since Monero is a privacy coin, it makes it harder to catch criminals. A lot of high profile websites have been affected by cryptojacking. Early this year, Tesla’s website was hacked to mine Monero using Coinhive. Also, a bug in Drupal resulted in more than 300 sites infected with Coinhive, including the websites of San Diego Zoo and the government of Chihuahua.
In an official report from UK’s National Crime Agency(NCA), they said the problem is not going away anytime soon:
“Popular websites are likely to continue to be targets for compromise, serving cryptomining malware to visitors, and software is available that, when run in a webpage, uses the visiting computer’s spare computer processing power to mine the digital currency Monero.”
Though regulators and security have been trying hard to catch up with these new threats, the Japanese government has made progress in case of cryptojacking. Just last week, it was revealed that the Japanese police was investigating three suspects allegedly using Coinhive to inject mining scripts in multiple websites surreptitiously.
According to a recent report from local publication The Asahi Shimbun, the police have now arrested 16 individuals from 10 prefectures, aged between 18 and 48 for cryptojacking. The suspects had operated their own websites, which they allegedly used to send programs to the visitors of their site to mine cryptocurrencies without their consent.
All of them had used Coinhive, except one. The one individual had developed his own program, very similar to Coinhive and he has been arrested on suspicion of creating a computer virus. Though Coinhive is free to install, it operates on a 70/30 model. Only 70% of the Monero mined goes to the website operator, and the remaining 30% goes to the developers of Coinhive.
Though the individuals had only installed Coinhive on the websites they owned and not hacked sites, they were arrested because they did not get explicit content from their visitors to mine cryptocurrencies. Hisashi Sonoda, a professor at Konan Law School who is knowledgeable about cybercrimes also confirmed that the arrests were most likely made because they’d not asked for user consent. He went on to add that the arrests were excessive because there are no legal precedents on how to handle the use of such programs.
Featured image from Shutterstock.