Are You Unwittingly Making Crypto-Currency?

Scammers are secretly installing ‘mining code’ in websites so that they can use the computers of website visitors to help them generate digital cash or ‘crypto-currencies’.

What’s Happening?

Hackers are operating a popular scam which involves installing ‘mining script’ code such as Coin Hive into multiple web pages without the knowledge of the website owners. The scammer then gets multiple computers to join their networks so that the combined computing power will enable them to solve mathematical problems. Whichever scammer is first to solve these problems is then able to claim / generate cash in the form of crypto-currency.

If, for example, a website is able to get one million visitors a month, and if the Coin Hive Web Miner for Monero (XMR) is used, it could generate an income of £88 in the Monero crypto-currency.

What Is Coin Hive?

Coin Hive is crypto-currency mining software written in Javascript, which sends any coins mined by the browser to the owner of the web site. If you visit a website where it is being used (embedded in the web page), you may notice that power consumption and CPU usage on your browser will increase, and your computer will start to lag and become unresponsive. These slowing, lagging symptoms will end when you leave the web page.

Cloud Being Used

There are reports that this crypto-currency mining scam is now being extended to target cloud-based computing services. If hackers are able to break into a cloud account they can harness a huge amount of computing power and use multiple machines to try and generate more income.

With cloud billing services making it hard to detect the scam before it is too late, victims can be left with large bills for servers that hackers have been using for their coin mining.

Measures Being Taken

Many different measures are now being taken by companies and organisations to stop the surreptitious use of mining including:

  • Researchers in Illinois are developing a monitoring system that can spot the signs of mining software e.g. the increased activity in processors when working out the complicated maths problems. The researchers are working with a cloud company with a view to deploying it in their network, and have plans to extend the system to personal computers.
  • Government officials the Crimean council have reportedly been sacked for using mining software on government computers.
  • The creators of the FiveM add-on for the video game GTA (Grand Theft Auto) V have released an update which stops people from being able to add miners to their code.
  • Security service Cloudflare has suspended the accounts of some customers suspected of using mining scripts.

What Does This Mean For Your Business?

The increased CPU usage and slowing down of computers caused by mining scripts waste time and money for businesses. There are some simple measures that your business can take to avoid being exploited as part of this scam.

If, for example, you are using an ad blocker on your computer, you can set it to block one specific JavaScript URL which is https://coinhive.com/lib/miner.min.js . This will stop the miner from running without stopping you from using any of the websites that you normally visit.

Also, a dedicated browser extension called ‘No Coin’ is available for Chrome, Firefox and Opera. This will stop the Coin Hive mining code being used through your browser. This extension comes with a white-list and an option to pause the extension should you wish to do so.

Coin Hive’s developers have also said that they would like people to report any malicious use of Coin Hive to them.

Maintaining vigilance for unusual computer symptoms, keeping security patches updated, and raising awareness within your company of current scams and what to do to prevent them, are just some of the ways that you could maintain a basic level of protection for your business.

How Your Phone Can Depress You

Research by Nottingham Trent University has revealed that mobile phone alerts can have a negative impact on your mood, especially if they’re work-related and or non-human notifications.

App Research

The research, which was carried out to study the way people interact with the notifications on their phone and how they impact mood, was conducted by using an app called NotiMind which participants downloaded to their phones. The app collected details about the phone’s digital notifications, plus information about each participant’s self-reported moods at different points in the day over a five-week period, and involved the sending of half a million notifications.

Findings

The collected data showed that one-third of the participants suffered negative effects on their mood from their phone notifications, such as feeling hostile, upset, nervous, afraid or ashamed.

Most Negative

Phone notifications which related to non-human activity e.g. Wi-Fi availability and the working of the phone itself were found to be the ones that had the biggest negative impact on someone’s mood. Not surprisingly, work-related alerts (especially when several arrived) ranked a close second when measuring negative moods.

Why Negative?

The researchers noted that the disruption, distraction, and competition for attention that phone notifications bring, as well as the source (e.g. work-related) are contributors to negative feelings in recipients.

Most Positive

Those notifications which had the most beneficial effect on moods were found to be messages from friends, especially when several of these notifications arrived at once. Friend-related notifications were found to create a sense of belonging and feelings of connection to a social group in the recipients.

Emojis Help

Another interesting finding of the research was that the inclusion of emoji characters in notifications was found to lift the mood of recipients. This is particularly significant for the world’s fastest growing language in all forms of communications because they transcend traditional language barriers, and they help to quickly and easily communicate the emotional content of a message.

What Does This Mean For Your Business?

Most of us now have smart-phones, and the many apps compete for our attention, and the many different kinds of notifications that we receive privately during the course of our day at work disrupt our work and affect our moods. This means that modern businesses are likely to be affected by more constant and low-level disruption than in the past due to notifications and workers responding and reacting to them (often putting work aside to do so). It is also important to remember that being connected to (and being able to deal with) general life matters (without having to take time off to do so) can have a positive effect on workers.

In terms of how businesses communicate with their staff, customers and other stakeholders, this research could be valuable in terms of helping to structure notifications so that they will be received in a positive way. For example, knowing the best time of day to send notifications, not sending too many in a short time, linking messages to social / human subjects, and including emojis could help businesses to communicate in a more beneficial way with their public.

Tech Tip: Android Phone: Snap A Screenshot

If you see something on the screen of your android phone that you want to save and share, there’s an easy way to do it.

  • Press your phone’s power and volume-down buttons at the same time to capture a screenshot.
  • Share via the notification that appears on your device or via the “Screenshots” folder within Google Photos (or any other gallery app or Android file browser).

And voila!

EC Pushes Tech Companies To Remove Hate

Technology companies are coming under renewed pressure, this time from the European Commission (EC), to take measures to rid their platforms of hate speech and terrorist materials, or face the threat of legislation.

Propaganda Surge

According to the EC, despite a recent increase in the amount of terrorist propaganda, xenophobic and racist speech online, technology and social media companies have not been acting quickly or proactively enough to detect it, remove it, or to stop it from appearing on their platforms.

Code of Conduct Not Enough

Back in May this year, the EC agreed a code of conduct with Facebook, Twitter, YouTube and Microsoft that included a series of commitments to combat the spread of illegal hate speech online in Europe. The code was aimed at guiding the activities of the signatory companies as well as sharing best practices with other internet companies, platforms and social media operators. As part of the code, tech / social media companies agreed to train staff to remove illegal hate-speech material within 24 hours of being alerted to it.

It appears, however, that many European governments feel that more needs to be done, more quickly, and that tougher standards, backed by legislative measures may prove to be a more effective motivator for tech companies.

Standards

The EC has, therefore, decided to introduce guidelines and standards for technology companies, backed by the threat of legislation, to ensure that faster and more effective action is taken to stop unwanted material being shared online. The standards include investing in automatic detection technologies, and developing automated tools that can prevent the re-posting of content that has already been removed.

Also included in the standards will be the need for tech companies to set up dedicated points of contact that will allow the authorities to flag up offending content, and the introduction of (as yet not specified) fixed deadlines for tech companies to remove content that could cause serious harm e.g. incitement to terrorist acts.

The standards also call for tech companies to publish transparency reports that will show the number and nature of notices they have received about illegal content.

Following Calls From PM

This latest pressure from the EC follows calls from UK Prime Minister Theresa May who said in a speech to the United nations last month that technology companies must go “further and faster” in removing extremist content, and that tech / social media companies should be aiming to remove hate / terror content from their platforms within a 2 hour-or-less timeframe.

Banning Groups Helps

Recent research by the Georgia Institute of Technology using the Reddit platform showed that banning hate groups from a social media platform causes them not only to abandon that platform (rather than just going elsewhere within it), but also to reduce the levels of hate speech in any group members who stay.

What Does This Mean For Your Business?

The business world works best when customers, investors and other stakeholders have confidence in companies, brands, products and services. Those businesses that supply platforms for, or enable the sharing / distribution free speech of any kind e.g. social media and web companies, have a common (and commercial) duty to provide a safe online environment for their users e.g. by removing hate speech promptly, and by making their part of the online environment particularly safe for children, young people, and the vulnerable.

Surprisingly, given the level of technological expertise and investment in large social media platforms e.g. Facebook and Twitter, they have always struggled to moderate their platforms effectively. Many commentators recognise the importance of free speech, and acknowledge that social media companies need to strike a balance which enables them to remove unwanted content, but not be seen to censor and curb free speech (characteristics of authority and governments), and thereby damage the value of their brands.

It is sadly the case that, in the business world, it often takes the threat of legislation to force businesses to act effectively on standards and guidelines, so this move by the EC may help speed things along.

Online hate speech / hate crimes and bullying are now being widely challenged e.g. Google, GoDaddy, and Cloudflare’s decision to stop serving a neo-Nazi site The Daily Stormer, and the UK Crown Prosecution Service’s move to treat online hate crime as seriously as offences carried out face to face with tougher penalties and sentences for online abuse on social media platforms.

Anything that contributes to a safer online environment can only really benefit businesses as well as society. Businesses and organisations of all kinds can also help the common purpose of minimising online hate crime through education of their staff / pupils / customers / users / stakeholders about their own policies for the treatment of those discovered to be using hate speech e.g. at work (online).

We, as individual members society, can all play our part in making the online environment safe for all by challenging reporting hate speech where we find it, and, although the stance of open rights / free speech organisations such as the ORG is important, so is ensuring that the Internet is a safe place for all.

US Government Wants Your Data

Reports from Apple and Google indicate that there has been a dramatic increase in the last year in the number of requests by the US government for user account details.

Requests To Google Hits Six-Year High

Requests to Google are reported to have reached a six-year high in the in the first half of 2017, with the US government reportedly seeking details about 48,902 user accounts. This is a 24% increase in requests over the last six months of 2016.
Although the volume of requests appears to be high, Google has said the number of requests could actually be lower because governments may have asked for the same data multiple times.

Google, Apple, Yahoo, Twitter, Facebook and others release details of government requests as part of (typically) six-monthly Transparency Reports.

What Type of Requests?

The types of legal requests that Google receives for user data, for example, include:

  • Tap and trace orders / pen register requests, to collect data on a person’s communication, including dialled phone numbers and IP addresses, in real-time. These have seen a 49% increase.
  • Emergency requests e.g. to obtain information to prevent death or serious physical harm (no legal process required). These have targeted 35% more users.
  • Search warrants. Probable cause must be shown for these, and this year 31% more Google users have been targeted with such requests.
  • Subpoenas. Government agencies can use these to get information about e.g. IP addresses and names associated with Google accounts. 18% more users have been targeted with these this year.

Similar At Apple

Apple’s Transparency Report data shows a similar increase in the number of government requests for user data. Although Apple received 6,432 requests for data (a 62% jump on last year), it reports that it only provided that data in 32% of cases.

Apple reports that increases in user-account requests were mainly linked to phishing investigations, and that the types of account requests it received from the US government centred on things like iCloud content e.g. stored photos, emails, iOS device backups, contacts and calendars.

What About The UK?

Even though the ‘Snooper’s Charter’ / Investigatory Powers Act is now in place in the UK, and the UK and the US are known to share online data gathered about citizens, the number of requests from the UK government for user data has reportedly fallen by 7% to 325, the lowest since 2014.

What Does This Mean For Your Business?

We now live in a post-snowden era where investigators are having to adapt to a world where consumers, and criminal suspects, spend less time on landline telephones, which could be tapped, and more time online e.g. on social media, on encrypted apps (WhatsApp), or using mobile devices that manufacturers are very reluctant to give them access to (e.g. Apple). This means that government agencies quite simply have to go to where the data is i.e. user accounts for Google, and there is very little that individual citizens or businesses can do about it. By law, businesses will have to comply with government requests for user information, while at the same time working hard to make sure that they protect customer data in a compliant way as part of GDPR, and in the UK the Data Protection Bill.

The new government administration in the US has also been very public in its desire to gather intelligence about individuals from social media and other accounts, and to use this information as a way of screening entry into the US. The current UK government has also shown itself to be willing to widen surveillance to the Internet by storing the browsing history or UK citizens (as part of the Snooper’s Charter), and by pushing hard to get ‘back doors’ into popular social media platforms and apps. The trend for more information requests from governments therefore looks likely to continue, and businesses can therefore expect greater pressure to comply with more regulations concerning data in future, and can expect the possibility of contact with government agencies as part of investigations.

Rudd’s ‘War’ With Techies Over Encryption

After making critical comments about unhelpful techies while answering questions at a fringe meeting at the Conservative Party Conference, Home Secretary Amber Rudd is facing criticism from technical commentators about her apparent lack of understanding about the basics of encryption.

Stopping End-to-End Encryption

After the Westminster Bridge attack back in March, where the attacker was reported to have used WhatsApp, Home Secretary, Amber Rudd (in a TV interview) described a situation whereby terrorists can secretly talk to each other on a formal social media messaging platform as ‘unacceptable’. This led to her publicly spearheading a move to push for the removal of end-to-end encryption model that denies everyone (including government’s) access to message content, and to instead allow specific unscrambled messages to be handed to the government on warranted request, or accessed through ‘back doors’ being built into social media platforms.

Comments At Recent Meeting

During a recent fringe meeting, however, at the Conservative Party Conference, Home Secretary Rudd answered an audience question by saying that she didn’t need to understand how end-to-end encryption works to understand how it helps criminals, and suggested that legislators were “laughed at” for failing to understand the basics of the technology. She also suggested that she faced being patronised, and criticised by techies who don’t like to help until “after an event has taken place”.

Techies Reply

The replies from technical commentators have come thick and fast. The main criticism of Rudd’s comments and stance on end-to-end encryption is that end-to-end encryption cannot be simply altered without being completely broken, and, if a back-door is built into an app or social media platform for the authorities, that same back door could be exploited by hackers and other online criminals. Technical commentators have therefore pointed out that although Home Secretary Rudd has said that she doesn’t need to know how end-to-end encryption works, it would appear that the reverse (on a basic level) is true, particularly since she is a leading exponent of calls to stop it.

Critics have also pointed out that, even though the Westminster Bridge attacker is known to have used WhatsApp (with its end-to-end encryption) prior to the attack, there is no real evidence to suggest that it was used to communicate with anyone else who was involved in the attack or its planning.

Home Secretary Rudd has also been criticised for previously saying that she doesn’t believe that “real people” actually care about end-to-end encryption, despite her highlighting it as an important issue, and for mixing up ‘hashtag’ with ‘hashing’ in an interview on the Andrew Marr show.

What Does This Mean For Your Business?

National security and Internet / data security for businesses are, of course, important issues. Clearly, the technical community (in this case) feels that the Home Secretary should try to understand and exhibit more knowledge about key online security issues, and in order to maintain good relationships and a common purpose, refrain from public criticism of those in the technology industry.

Security and privacy are important in business communications, whether by phone app, social platform, or by email system. Businesses could argue that (political arguments and political personalities and styles aside) UK businesses are now facing really serious risks from cyber criminals, many of whom have already shown themselves to be capable of exploiting situations where there are back-doors in software / platforms / systems, or where there is a lack of adequate encryption. Relaxing security protection (such as end-to-end encryption) for everyone (for the sake of a few) may therefore not be a response that will benefit businesses right now. The debate and the criticism, however, look likely to continue.

Each week we bring you the latest tech news and tips that may relate to your business, re-written in an techy free style. 

Archives