Somebody Hacked Starbucks" WiFi To Mine Cryptocurrencies

As the values of the largest cryptocurrencies have multiplied this year, so too have reports of digital-currency miners stealing resources to amplify the profitability of their operations.

In Venezuela, where electricity is heavily subsidized by the (crumbling) government, the government’s intelligence agents are ferreting out and jailing people caught mining bitcoin or other digital currencies.

Yesterday, we reported that the world’s largest oil-pipeline company discovered unauthorized digital-currency mining taking place on the company’s hardware.

And today, Cryptocoinsnews pointed out that a Starbucks in Buenos Aires had its wi-fi hacked to force a 10 second delay when connecting so it could mine Monero - currently the world’s 11th largest cryptocurrency - with people’s laptops.

The presence of the CoinHive code was discovered by the chief executive of a New York-based tech company, Noah Dinkin, who noticed something was off when he was connecting to the service. He then used Twitter to share what he found:

 

Hi @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer"s laptop? Feels a little off-brand.. cc @GMFlickinger pic.twitter.com/VkVVdSfUtT

— Noah Dinkin (@imnoah) December 2, 2017

 

Initially, Dinkin believed his laptop was being forced to mine bitcoin, users noted Coinhive only works with Monero, a cryptocurrency optimized for CPU mining that recently hit a new all-time high above $300, and has surged over 1,500% this year so far, according to data from CoinMarketCap.

A few days after Dinkin shared his findings on Twitter, Starbucks responded. The company acknowledged the issue and announced that it’s been resolved.

 

As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely.

— Starbucks Coffee (@Starbucks) December 11, 2017

 

A spokesperson later on clarified that this wasn’t an isolated incident, and that the problem stemmed from the internet service provider, not Starbucks. Speaking to Motherboard, the spokesperson added that Starbucks hoped to ensure its customers are “able to search the internet over Wi-Fi securely,” and that it’s working with its service provider to remedy the issue.

Earlier this year, CCN reported the Pirate Bay’s efforts to use visitor CPU to mine Monero in order to monetize its traffic and replace the ads on its pages. The torrent index website used Coinhive, a JavaScript code that allows website admins to mine the anonymity-centric cryptocurrency with visitor’s CPUs.

Ever since the Pirate Bay tested Coinhive on its website, various actors started using the code to access other CPUs. The code was even placed on Google Chrome extensions, and on a subscription streaming service called Fight Pass, which exists to stream UFC matches.
 

Is Google Coming For Your Cryptos

Authored by Tom Luongo via TomLuongo.me,

The big boys, Apple and Google, are now actively developing a payment API for cryptos to use within their browsers.  This is a double-edged sword and possibly indicates a shift in tax policy.

I don’t trust either Apple or Google at all.  The news from Coindesk about Apple and Google developing a payment API on the heels of multiple avenues of officaldom cracking down on cryptocurrencies is enough to give you whiplash.

The work, started by the World Wide Web Consortium (W3C) with the help of Microsoft, Google, Facebook, Apple and Mozilla, is a tangible step forward for a currency-agnostic web payment standard first conceived in 2013. Equally, as bitcoin and other cryptocurrencies gain more momentum, the launch signifies the growing recognition of cryptocurrency as a payments technology.

Indeed, the W3C has gotten more interested in blockchain technologies over the years, hosting its first ever blockchain workshop in June last year. But while participants were left with interest in standardizing and democratizing the technology’s use, no formal work was decided upon then. That, however, has changed.

Announced on Thursday, the API is currently being implemented in browsers including Google’s Chrome, Microsoft’s Edge, Apple’s Webkit, Mozilla’s Firefox, the Samsung Internet Browser and Facebook’s in-app browser. When activated, the Payment Request API will allow new payment types, including bitcoin, ether any any other available cryptocurrency (as well as more traditional online payment methods) to be stored directly in the browser.

The last thing anyone should want is for their cryptos to be held in their browser knowing that all code developed in the U.S. is subject to government intelligence oversight.

Trust Big Google

This is absolutely a Trojan Horse designed to look like it legitimizes cryptos like Bitcoin but immediately puts them at risk of seizure by anyone with malicious intent.

First, it’s not like any code developed by these people is exploit-proof.  Let’s get serious, security on Android, iOS and Windows is a joke.  Google took Linux and made it worse than Windows.  It’s actually an astounding feat of bad engineering.

Microsoft, Apple and Google are all very tight with the U.S. government.

It’s part of the reason why Russia continues to crack-down on use of their software.  Putin knows it’s all spyware.

Second, if your cryptos are stored in your browser then they can be stolen from you.  Forget petty thieves.  I’m thinking much bigger than that.  Do you really think any of these companies would not comply with an IRS decree to seize your assets directly off of your computer?

If you do, then I have a nice piece of water-spanning real estate to sell you connecting Manhattan and Brooklyn.

Moreover, let’s see how this “standard” develops.

Will it support third-party hardware wallets like a Trezor or Ledger?

Will it accept any crypto in payment, including the anonymous ones like Monero and Dash?

If the answers to these questions in no, then that’s your sign that this API isn’t simply another backdoor way to maintain control over everything.

Cause I’m the Tax Man

This announcement makes me believe that the recent bill introduced by House Reps Jared Polis (D-CO) and David Schweikert (R-AZ) will likely sail through Congress.  The bill would exempt cryptocurrency transactions under $600 from capital gains taxes.

While this bill is an unqualified good thing as it will radically improve liquidity it is also the prerequisite needed to jump start this API development. So, while the U.S. will continue to fight the crypto-market officially for as long as it can, it is also bowing to the pressure from its corporate partners to free them up for commerce to begin.

The IRS rule is actually choking off a significant amount of money velocity in the world economy.  This will only get worse if it doesn’t change.  Bitcoin was designed to put purchasing power back in the hands of the people themselves and take it away from the banking system who demand their vig on every transaction.

So, there will be a trade-off to using this API when it is finally released if it doesn’t support the part of the crypto-market the government doesn’t have control over yet.

*  *  *

And finally, don"t forget, "don"t buy bitcoin... it"s going to crash!"

"It's Much Bigger Than WannaCry": New Stealthy Cyberattack Could Dwarf Last Week's Global Worm Epidemic

Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week"s assault on computers worldwide, a global cybersecurity firm told AFP on Wednesday.

Meet Adylkuzz - the new cyberattack that "is much bigger than WannaCry."

Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to "mine" in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.

Proofpoint said in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.

"As it is silent and doesn"t trouble the user, the Adylkuzz attack is much more profitable for the cyber criminals. It transforms the infected users into unwitting financial supporters of their attackers," said Godier.

Proofpoint said it has detected infected machines that have transferred several thousand dollars worth of Monero to the creators of the virus. The firm believes Adylkuzz has been on the loose since at least May 2, and perhaps even since April 24, but due to its stealthy nature was not immediately detected. Proofpoint"s vice president for email products, Robert Holmes, told AFP...

"We don"t know how big it is" but "it"s much bigger than WannaCry",

"We have seen that before -- malwares mining cryptocurrency -- but not this scale," said Holmes.

It uses the hacking tools recently disclosed by the NSA "in a more stealthy manner and for a different purpose." As InfoRiskToday details...

The SMB flaw (file-sharing network protocol) targeted by this Adylkuzz campaign existed in all versions of Windows since XP and came to light in April, via a dump of "Equation Group" tools released by the Shadow Brokers.

Many security experts believe the Equation Group is the National Security Agency, and that the Shadow Brokers may be part of a psychological operations campaign run by Russian intelligence.

One of the Equation Group exploits included in the April dump, called EternalBlue, is designed to exploit the SMB flaw in Windows. If successful, the Equation Group would then often install a backdoor called DoublePulsar onto the exploited endpoint to give it persistent, quiet access to the system.

Rather than freeze files demanding a ransom, Adylkuzz uses the hundreds of thousands of infected computers to mine virtual currency... As InfoRiskToday details...

The WannaCry outbreak began May 12. But Proofpoint says that the Adylkuzz campaign that targeted DoublePulsar and EternalBlue appears to have begun as early as April 24 - nearly three weeks earlier - and hasn"t stopped.

"This attack is ongoing and, while less flashy than WannaCry, is nonetheless quite large and potentially quite disruptive," Kafeine says in a Monday blog post.

In addition, Proofpoint reports that multiple outbreaks that were attributed to the WannaCry campaign, but which involved no ransom notice, may, in fact, have instead been part of the Adylkuzz campaign.

As with WannaCry, the Adylkuzz malware first attempts to exploit a system via EternalBlue, and if successful then infects the endpoint with DoublePulsar, Kafeine says.

"Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection, Kafeine says. "It then determines the public IP address of the victim and download the mining instructions, cryptominer, and cleanup tools."

This Adylkuzz campaign is mining not for the world"s most well-known cryptocurrency, but rather for monero.

Also known as XMR, InfoRiskToday notes that the creators of the cryptocurrency claim that it"s more private and difficult to trace than bitcoin. Unlike bitcoin, it also has no hardcoded block size limit, meaning that - at least in theory - an infinite amount of monero could be mined.

So far it"s not clear who"s behind this cryptocurrency mining operation. A version of WannaCry seen in February contains code that was used in a 2015 attack tied to Lazarus - a hacking group security experts say ties to North Korea. But anyone could have reused the 2015 code, which is publicly available, Matt Suiche, managing director at incident response firm Comae Technologies, tells Cyberscoop.

"Attribution can always be faked, as it"s only a matter of moving bytes around," he says.

As InfoRiskToday.com concludes ominously, the discovery of the cryptocurrency mining botnet shows that organizations that fail to patch their systems aren"t just at risk from flashy attacks, such as WannaCry, but also stealthier attacks that don"t always announce their presence.