How Your Smart Fridge Might Be Mining Bitcoin for Criminals 新型网络犯罪：通过智能冰箱盗取比特币

罗伯·史蒂文斯 陈伟济

Is the web browser on your phone slower than usual？ It could be mining Bitcoin for criminals.

As the popularity of virtual currencies has grown， hackers are focusing on a new type of heist： putting malicious software on peoples’ handsets， TVs and smart fridges that makes them mine for digital money.

So-called crypto-jacking1 attacks have become a growing problem in the cybersecurity industry， affecting both consumers and organizations. Depending on the severity of the attack， victims may notice only a slight drop in processing power， often not enough for them to think it’s a hacking attack. But that can add up to a lot of processing power over a period of months or if， say， a business’s entire network of computers is affected.

“We saw organizations whose monthly electricity bill was increased by hundreds of thousands of dollars，” said Maya Horowitz， Threat Intelligence Group manager for Check Point， a cybersecurity company. Hackers try to use victims’ processing power because that is what’s needed to create—or “mine”—virtual currencies. In virtual currency mining， computers are used to make the complex calculations that verify a running ledger2 of all the transactions in virtual currencies around the world.

Crypto-jacking is not done only by installing malicious software. It can also be done through a web browser. The victim visits a site， which latches onto3 the victim’s computer processing power to mine digital currencies as long as they are on the site. When the victim switches， the mining ends.

Some web sites， including Salon.com， have tried to do it legitimately and been transparent about it. For three months this year， Salon.com removed ads from its sites in exchange for users allowing them to mine virtual currencies.

Industry experts first noted crypto-jacking as a threat in 2017， when virtual currency prices were skyrocketing to record highs.

The price of Bitcoin， the most widely known virtual currency， jumped sixfold from September to almost $20，000 in December before falling back down to under $10，000.

The number of crypto-jacking cases soared from 146，704 worldwide last September to 22.4 million last December， according to antivirus developer Avast. It has only continued to increase， to 93 million in May， it says. The first big case centered on Coinhive， a legitimate business that let web site owners make money by allowing customers to mine virtual currency instead of relying on advertising revenue.

Hackers quickly began to use the service to infect vulnerable sites with miners， most notably YouTube and nearly 50，000 WordPress web sites， according to research conducted by Troy Mursch， a researcher on crypto-jacking.

Mursch says Monero is the most popular virtual currency among cyber-criminals. A report by cybersecurity company Palo Alto Networks estimates that over 5 percent of Monero was mined through crypto-jacking. That is worth almost $150 million and doesn’t count mining that occurs through browsers. In the majority of attacks， hackers infect as many devices as possible， a method experts calls “spray and pray.”

“Basically， everyone with a [computer processing unit] can be targeted by crypto-jacking，” said Ismail Belkacim， a developer of an application that prevents websites from mining virtual currencies.

As a result， some hackers target organizations with large computing power. In what they believe might be the biggest crypto-jacking attack so far， Check Point discovered in February that a hacker had been exploiting a vulnerability in a server that over several months generated over $3 million in Monero.

Crypto-jackers have also recently targeted organizations that use cloud-based services， in which a network of servers is used to process and store data， providing more computing power to companies who haven’t invested in extra hardware.

Abusing this service， crypto-jackers use as much power as the cloud will allow them to， maximizing their gains. For businesses， this results in slower performance and higher energy bills.

Martin Hron， a security researcher at Avast， says that besides the rise in interest in virtual currencies， there are two main reasons for the rise in attacks.

First， crypto-jacking scripts require little skill to implement. Ready-made computer code that automates crypto-mining is easy to find with a Google search， along with tips on the vulnerabilities of devices. Second， crypto-jacking is harder to detect and is more anonymous than other hacks. Unlike ransomware， in which victims have to transfer money to regain access to their computers blocked by hackers， a victim of crypto-jacking might never know their computer is being used to mine currency. And as currency generated by crypto-jacking goes straight into a hacker’s encrypted wallet， the cyber-criminal leaves less of a trail.

Both Apple and Google have started to ban applications that mine virtual currencies on their devices. But Hron， the Avast researcher， warns that the risk is growing as more everyday devices are connected to the Internet—from ovens to home lighting systems—and that these are often the least secure.

Some experts say new techniques like artificial intelligence can help get a faster response to suspicious software.

That’s what Texthelp， an education technology company， used when it was infected with a crypto-jacker， said Martin McKay， the company’s chief technology officer. “The risk was mitigated for all customers within a period of four hours.”

But security researcher Mursch says that these precautions won’t be enough.

“They might reduce the impact，” he says， “But I don’t think we’re going to stop it.”

你手机上的网页浏览器是否变慢了？它可能正在为犯罪分子开采比特币呢。

随着虚拟货币越来越受追捧，黑客们开始热衷于一种新型盗窃：在人们的手机、电视和智能冰箱上安装恶意软件，利用这些设备开采数字货币。

所谓的加密劫持攻击已成为网络安全行业日益严重的问题，消费者和企业都遭受到损害。由于攻击的严重程度不同，受害者或许只注意到设备处理能力略微下降，通常不足以让他们想到是黑客攻击。但几个月下来，或者说一个企业的整个计算机网络都受到攻击，就可能累积占用很多处理能力。

“我们了解到有些企业每个月的电费增加了几十万美元。”网络安全公司以色列捷邦安全软件科技有限公司威胁情报组经理玛雅·霍洛维茨说。黑客试图利用受攻击设备的处理能力，因为创造或说“开采”虚拟货币需要这些处理能力。开采虚拟货币时，计算机用于进行复杂的计算，以核实全世界所有虚拟货币交易的进出明细。

加密劫持除了可以通过安装恶意软件完成，还可以通过网页浏览器实现。受害者访问某个网站时，只要停留浏览，网站就会锁定劫持受害者计算机的处理能力用于开采数字货币。受害者不切换，开采不结束。

包括Salon.com在内的一些网站已尝试让加密劫持合法化，公开透明地开采。Salon.com今年有三个月去除了网站广告，以换取用户允许他们开采虚拟货币。

2017年，行业专家首次指出加密劫持是一种威胁，这一年虚拟货币价格飙升，创历史新高。

虚拟货币中最广为人知的是比特币，其价格从9月到12月暴涨了6倍，逼近2万美元，随后回落至1万美元以下。

杀毒软件研发公司爱维士称，去年全球加密劫持的案件数量从9月的14.6704万起飙升至12月的2240万起，之后这一数字还在继续增长，5月份已达9300万。第一宗大案的焦点是挖矿服务公司Coinhive，该公司是一家合法企業，让网站所有者可以通过允许客户开采虚拟货币来赚钱，而不是依赖广告收入。

加密劫持研究人员特洛伊·穆尔施的研究显示，黑客很快开始利用这项服务入侵存在漏洞的采矿网站，最著名的是优兔和博客平台WordPress近5万个网站。

穆尔施说，门罗币是最受网络犯罪分子欢迎的虚拟货币。网络安全公司派拓网络的一份报告估计，超过5%的门罗币是通过加密劫持开采的，价值接近1.5亿美元，这还不包括通过浏览器所开采的。在大多数攻击中，黑客会让尽可能多的设备感染病毒，专家称之为“撒网式”策略。

“基本上，每个拥有[计算机处理器]的人都可能成为加密劫持的攻击目标。”应用程序开发商伊斯梅尔·贝尔卡辛说，他开发的应用程序可以防止网站开采虚拟货币。

后来，有些黑客将目标锁定在拥有强大计算能力的企业。2月，捷邦发现，一名黑客利用一个服务器的漏洞，几个月内开采出价值300多万美元的门罗币，这可能是迄今为止最大的加密劫持攻击。

加密劫持病毒最近还瞄准了使用云服务的企业，云服务的服务器群用以处理和存储数据，为没有购买额外硬件的公司提供更多的计算能力。

加密劫持病毒会滥用这项服务，在云服务许可范围内用尽它所提供的计算能力，使自己收益最大化。对于企业来说，这会导致性能降低而电力成本上升。

爱维士的安全研究员马丁·赫龙表示，除了人们对虚拟货币越来越感兴趣之外，攻击增加还有另外两个主要原因。

首先，运行加密劫持脚本几乎不需要什么技巧。通过谷歌搜索，很容易找到现成的自动加密开采的计算机代码，以及有关设备漏洞的提示。其次，加密劫持更难被发现，而且比其他非法入侵更匿名。受勒索软件或病毒攻击的受害者必须交赎金方能重新访问被黑客封锁的计算机，加密劫持与此不同，其受害者可能永远都不知道他们的计算机正被用于开采货币。而且，由于加密劫持开采出的货币直接进入黑客的加密钱包，网络犯罪分子留下的痕迹也更少了。

苹果和谷歌都已开始禁止在其设备上加装开采虚拟货币的应用程序。但爱维士研究员赫龙提醒说，随着越来越多的日用设备连接到互联网——从烤箱到家庭照明系统——加密劫持的风险越来越大，而且这些设备常常是最不安全的。

有专家表示，人工智能等新技术可能有助于对可疑软件更快做出反应。

教育技术公司Texthelp首席技术官马丁·麦凯说，那正是他们公司感染加密劫持病毒时使用的方法，“不到四个小时，所有客户的风险都降低了。”

但安全研究员穆尔施说，这些预防措施还不够。

“这些或许能减少影响，”他说，“但我认为阻止不了。”□

（译者为“《英语世界》杯”翻译大赛获奖者）