Web Cryptomining in the .ch Zone
- 1. © 2018 SWITCH | 1 Antoine Neuenschwander antoine.neuenschwander@switch.ch AREA41, June 16th 2018 in the .ch Zone Web Cryptomining
- 2. © 2018 SWITCH | 2 Agenda • About SWITCH • Superfast intro: blockchain, proof of work, cryptocurrencies • Mining in the browser with Javascript • Who deploys miners in the .ch zone? • What is SWITCH doing about it?
- 4. 1987 Foundation is formedThe .ch ccTLD is “registered” https://www.switch.ch/about/foundation/timeline/
- 5. © 2018 SWITCH | 5 Foundation purpose "The foundation has as its objective to create, promote and offer the necessary basis for the effective use of modern methods of telecomputing in teaching and research in Switzerland, to be involved in and to support such methods. It is a non-profit foundation that does not pursue commercial targets." Excerpt from the deed of foundation Berne, 22 October 1987
- 6. 1987 Foundation is formedThe .ch ccTLD is “registered” 1989 Launch of SWITCHlan https://www.switch.ch/about/foundation/timeline/
- 8. 1987 Foundation is formedThe .ch ccTLD is “registered” 1989 Launch of SWITCHlan 1990 https://www.switch.ch/about/foundation/timeline/ SWITCH becomes the registry for .ch 1996 SWITCH-CERT is operational 2002 .ch in the responsibility of OFCOM 2010 Ordinance on Internet Domains (OID)
- 9. © 2018 SWITCH | 9 Our customers Extended community • Other organizations involved in research or education SWITCH Community • Swiss universities on tertiary level (academic sector) and their research institutions Commercial customers • Registrars of .ch- and .li- Domain-Names, Swiss financial institutions, research-related industry and government
- 10. Superfast Intro to Blockchain Proof of Work Cryptocurrencies
- 11. © 2018 SWITCH | 11 Block #17 Previous: 0000de72ee...09be674c Nonce: 123456 Hash: 0000c9afaa...d4fd3e4c 00101100 DATA 10011001 100 $ From: Yves To: Katja 35 $ From: Andreas To: Daniel 1’850’480 $ From: Dobin To: Antoine Blockchain Block #16Block #13 Block #14 Block #15 Block #17
- 12. © 2018 SWITCH | 12 Cryptographic Hash Functions e6fdcbdb142c1e0f303bb54c7421b07d043a70aasha1("burp is not beef") fixed length of 160 bits sha1( ) c132d0663ed992e42fa61328eac71aeef47330c0 sha1( X? ) 0000000000d992e42fa61328eac71aeef47330c0sha1( Y? )
- 13. © 2018 SWITCH | 13 Proof of Work • Think of a worldwide lottery • Numbers are drawn every 2 – 10 mins • Have as many tickets as you want can Block #17 Nonce = ? hash 000000deadbeef42...1337
- 14. © 2018 SWITCH | 14 Evolution of Bitcoin Hardware CPU mining 2008 GPU mining 2010 FPGA mining 2011 ASIC mining
- 15. © 2018 SWITCH | 15 Photo credit: Trustnodes.com “Make Crypto Fair Again”
- 17. © 2018 SWITCH | 17 Algorithm Comparison Algorithm Name hashcash-SHA256 CryptoNight Limitation CPU-bound CPU/Memory-bound Current Network Hash-Rate 25 EH/s 1 GH/s Bitcoin (BTC) Monero (XMR)
- 18. Mining in the browser with Javascript
- 19. © 2018 SWITCH | 19 Coinhive Coinhive offers a JavaScript miner for the Monero Blockchain that you can embed in your website. Your users run the miner directly in their Browser and mine XMR for you in turn for an ad-free experience, in-game currency or whatever incentives you can come up with.
- 20. © 2018 SWITCH | 20 Running Coinhive coinhive.ch
- 21. © 2018 SWITCH | 21 coinhive.min.js
- 22. © 2018 SWITCH | 22 Performance CPU L2 L3 Hashes/s Apple A7 1.4 GHz 2x 512 KB 4 MB 16 Intel Core i7 3.5 GHz 2x 256 KB 4 MB 30 Intel Core i7 2.9 GHz 4x 256 KB 8 MB 50 Intel Xeon E5-1620 3.7 GHz 4x 256 KB 10 MB 60
- 23. © 2018 SWITCH | 23 Revenue Calculation # Systems Duration Hash Rate Hashes Revenue 1 1 h 50 H/s 180’000 USD 0.0000105912 100 1 h 50 H/s 18'000'000 USD 0.00105912 10’000 1 h 50 H/s 1’800’000’000 USD 0.10593 120’000 5 min 50 H/s 1'800'000'000 USD 0.10593 !"#"$%" = '()*%+ , 10/0 , 1 , 2%3(+4*$ , ℎ(6ℎ3(+" 0.00005884 XMR per 1M hashes 1 XMR = 188 USD -30% pool fee (coinhive)
- 24. Who deploys miners in the .ch zone?
- 25. © 2018 SWITCH | 25 Crawling the .ch Zone Elastic search openshift scrapy scrapy scrapy scrapy ... redis .ch ~2m domain names html content ~3000 sites per minute
- 26. © 2018 SWITCH | 26 Who’s mining on your back? out of 1.2 mio accessible .ch domains (0.01%) 90 105 116 Jan 2018 Apr 2018 May 2018
- 27. © 2018 SWITCH | 27 Compared to other TLDs TLD Accessible Domains # Cryptominers Percentage .fr 2,302,097 400 0.017% .li 34,086 6 0.017% .ch 1,264,329 116 0.009% .se 1,142,395 79 0.007%
- 28. © 2018 SWITCH | 28 Affected CMS (.ch)
- 29. © 2018 SWITCH | 29
- 30. © 2018 SWITCH | 30
- 31. © 2018 SWITCH | 31 Reasons for Cryptomining? 1. Operator mines with the user’s consent 2. Operator placed a secret cryptominer 3. Site has been compromised and a cryptominer was injected
- 32. © 2018 SWITCH | 32 Legitimate Use
- 33. © 2018 SWITCH | 33 Obviously a Hacked Site
- 34. © 2018 SWITCH | 34 Browser Addons
- 35. © 2018 SWITCH | 35 Adblocker Evasion
- 36. © 2018 SWITCH | 36 Intentional, undisclosed Mining
- 37. What is SWITCH doing about it? ¯_( )_/¯
- 38. © 2018 SWITCH | 38 https://www.bakom.admin.ch/bakom/de/home/digital-und-internet/internet/bekaempfung-der-internetkriminalitaet.html https://www.admin.ch/opc/de/classified-compilation/20141744/index.html
- 39. © 2018 SWITCH | 39 Reasons for Cryptomining? 1. Operator mines with the user’s consent 2. Operator placed a secret cryptominer 3. Site has been compromised and a cryptominer was injected
- 40. © 2018 SWITCH | 40 Asking for Consent
- 41. © 2018 SWITCH | 41 A Sneaky Case http://cookiescript.info/
- 42. © 2018 SWITCH | 42 Looks Familiar? http://cookiescript.info/libs/cookieconsent.6.min.js
- 43. © 2018 SWITCH | 43 Working for a better digital world