TechSpot giveaway: Win a DJI Spark drone & a Star Wars BB-8 droid

Showtime websites were secretly using visitors' CPUs to mine cryptocurrency

By midian182 ยท 18 replies
Sep 26, 2017
Post New Reply
  1. Earlier this month, The Pirate Bay was heavily criticized for using a hidden in-browser cryptocurrency miner on its pages that used visitors’ CPUs to mine Monero surreptitiously. But it appears that the torrent service isn’t the only one to have engaged in this practice — websites run by CBS-owned cable network Showtime were also doing it.

    The Pirate Bay was found to be running a Javascript-based bitcoin miner that increased visitors’ CPU usage dramatically when they visited certain pages. The plugin — provided by Coinhive — mined the cryptocurrency Monero, which launched in 2014.

    Coinhive takes a 30 percent cut of the Monero and says using its service is a legitimate way for websites to make money. The company doesn’t, however, endorse sites using its code without first informing visitors. The Pirate Bay said it was testing the miner as an alternative to ads but quickly stopped once its presence came to light.

    Over the weekend, a Twitter user noticed that Coinhive’s miner was also present in the code of Showtime.com and its streaming site, ShowtimeAnytime.com.

    It’s unclear whether the Showtime sites had installed the cryptominer themselves as a test, or if they were hacked. It seems both theories have an equal number of supporters. When Gizmodo asked Showtime about the matter, a spokesperson (bluntly) said: “We decline to comment.”

    Showtime has now removed the code that activated the miner from its websites. Whether it was put there by the company, or was the work of hackers looking to make a bit of money, remains unknown, but don’t be surprised to see more of these instances appearing in the future.

    Permalink to story.

     
  2. davislane1

    davislane1 Inquisitor Posts: 4,675   +3,701

    I believe the hackers narrative like I believe in storks.
     
  3. Adhmuz

    Adhmuz TechSpot Paladin Posts: 1,817   +628

    See now this has me suspicious as to why YouTube lately has increased CPU activity to the point where I couldn't use an E8400 as my media PC anymore, it worked fine and then one day recently it just stopped being able to handle anything over 720p (even 720p60 was sketchy at best). Even the i3 I replaced it with has trouble at times intermittently.

    Actually, on a higher end systems which has ample processing power this could be a way to avoid dealing with adds, this would be opted in only, but I'm sure like myself, people would be willing to exchange unused CPU power for add free viewing...

    This needs to become an option on more websites in my opinion, heck, Techspot, if you can implement such a system I'm sure several people would gladly support it instead of adds.
     
    Satish Mallya likes this.
  4. H3llion

    H3llion TechSpot Paladin Posts: 1,344   +268

    Is it even worth it? The amount of return from the fraction of CPU usage is so small, even if millions are doing it. However on the other side, this would legitimize cryptos even further.
     
  5. RebelFlag

    RebelFlag TS Addict Posts: 147   +78

    So you don't believe in storks??
     
  6. erickmendes

    erickmendes TS Maniac Posts: 282   +101

    Seems like we are going to see a lot more cases like this appearing sooner than later...
     
  7. Cubi Dorf

    Cubi Dorf TS Rookie

    Does a browser addon like ghostery block this?
     
  8. davislane1

    davislane1 Inquisitor Posts: 4,675   +3,701

    Not these ones, no.

    [​IMG]
     
  9. jobeard

    jobeard TS Ambassador Posts: 10,691   +856

    Add this line
    • 127.0.0.1 coin-hive.com
    to your system32\drivers\etc\host file
    and you inhibit access to the script
     
  10. CaptainTom

    CaptainTom TS Maniac Posts: 277   +117

    I have never mined Monero, so idk how efficient it is at this type of thing. However I did mine Darkcoin in college, and back then a typical 7970 would get ~850 MH/s, and my overclocked i7-4770K only got 650 MH/s if I remember correctly.

    Now look the 7970 and 4770K were using the same amount of energy, and sure the 7970 at the time was about the same price for greater return - but at the end of the day it was still worth running my CPU's.

    If Monero is a similar situation, 1 million CPU's mining could equal about 500,000 gpus mining - that's A LOT of money haha! Hell even if the CPU:GPU mining ration is 1/4th what x11 (Darkcoin) wa, it would still easily be better revenue than ads.
     
  11. wiyosaya

    wiyosaya TS Evangelist Posts: 1,640   +572

    I was thinking the same thing myself. I have never mined in this sense myself, however, I can think of one scenario that would possibly make it worth it and that is if the results can be passed from one browser to another where subsequent browsers pick up where the last one left off. IDK whether this is possible, though.
     
  12. Xclusiveitalian

    Xclusiveitalian TS Evangelist Posts: 711   +70

    Ever wonder why Google Chrome literally eats ram, and runs 25 processes separating the full CPU usage amount? NOW YOU KNOW!
     
    wiyosaya likes this.
  13. wiyosaya

    wiyosaya TS Evangelist Posts: 1,640   +572

    You mean besides all the spyware stuff that runs by default?
     
  14. H3llion

    H3llion TechSpot Paladin Posts: 1,344   +268

    That is true if this is the case. Afaik, CPU mining was dead years now.
     
  15. Vito05

    Vito05 TS Enthusiast Posts: 17   +28

    Why are we not protected by browser or it is not how it works?
     
  16. jobeard

    jobeard TS Ambassador Posts: 10,691   +856

    Any webpage can load scripts, both local to the origin of the page and remote like this case. The code is simple:
    Code:
    <script src="url" ></script>
    but what's referenced by the URL is totally known . . . leading to opportunities as in this case.

    My solution #9 above cause a silent 404 error attempting to load any script from coin-hive and puts the control in the hands of the user.
     
  17. Athlonite

    Athlonite TS Enthusiast Posts: 72   +12

    The Pirate Bay said it was testing the miner as an alternative to ads but quickly stopped once its presence came to light.
    Which basically says one thing IF we hadn't of been caught we'd still be doing it
     
  18. CaptainTom

    CaptainTom TS Maniac Posts: 277   +117

    Yeah that's pretty pathetic. I mean I actually have no problem with them beta testing this, and then announcing it if they decide to go through with it. It's their website, so do whatever you want.

    But to then pull it "After people find out".... LOL if you thought it was wrong, why did you bother? Also why did you think no one would notice?!
     
    Athlonite likes this.
  19. Athlonite

    Athlonite TS Enthusiast Posts: 72   +12

    I too would not have a problem with them testing this if they asked first instead of all the secret squirrel cloak n dagger stuff they did
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...