Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
The Internet Technology

Showtime Websites Are Mining Monero With Your CPU, Unclear If Hack Or Experiment (bleepingcomputer.com) 149

An anonymous reader writes: Two Showtime domains are currently loading and running Coinhive, a JavaScript library that mines Monero using the CPU resources of users visiting Showtime's websites. The two domains are showtime.com and showtimeanytime.com, the latter being the official URL for the company's online video streaming service. It is unclear if someone hacked Showtime and included the mining script without the company's knowledge. Showtime did not respond to a request for comment, but it could be an experiment as the setThrottle value is 0.97, meaning the mining script will remain dormant for 97% of the time. Despite this, Coinhive has been recently adopted by a large number of malware operations, such as malvertisers, adware developers, rogue Chrome extensions, and website hackers, who secretly load the code in a page's background and make money off unsuspecting users. At least two ad blockers have added support for blocking Coinhive's JS library -- AdBlock Plus and AdGuard -- and developers have also put together Chrome extensions that terminate anything that looks like Coinhive's mining script -- AntiMiner, No Coin, and minerBlock.

The Pirate Bay recently ran tests using Coinhive. A recent report has calculated that a site like The Pirate Bay could make around $12,000 per month by mining Monero in the background.

This discussion has been archived. No new comments can be posted.

Showtime Websites Are Mining Monero With Your CPU, Unclear If Hack Or Experiment

Comments Filter:
  • by Anonymous Coward

    Firefox, you will be missed.

  • by Anonymous Coward on Monday September 25, 2017 @11:10AM (#55259953)

    A recent report has calculated that a site ... could make around $12,000 per month by mining Monero in the background.

    It's not really a case of the site making money. They haven't actually produced anything of real value, so wealth hasn't been created. All they've done is consumed the computing and electricity resources of the site's users, and converted them to an entry in some distributed database. Overall, it's a net economic loss. Resources were consumed without producing anything of value.

    At least advertising, as shitty as it is, can potentially result in a sale, which is an example of actual wealth creation.

    • This is one thought I immediately had: So far as I know, it takes some serious computing power to 'mine' any sort of cryptocurrency; dedicated, FPGA-based platforms have been purpose-built for it. Direct machine code running on a general-purpose CPU is a pale substitute for this, and Javascript is slow and bloated compared to that, and the code would only be running so long as you had a webpage open? I have a hard time seeing how it would 'mine' much of anything.
      • Monero the coin being mined is supposedly optimized so that CPU or GPU will produce similar hash rates.

        The Showtime websites this is placed on are where people stream pirated TV and movies. So visitors sit on them for 30 minutes to two hours on average.

        I don't know how many people visit those sites, but it could easily be in the thousands to millions. Who knows how much money can could make off this.

        • by Rick Schumann ( 4662797 ) on Monday September 25, 2017 @12:08PM (#55260349) Journal
          The real question is, I guess: Is this better or worse than ads? Pretty much everyone hates ads. This, ostensibly, would run silently in the background. If you're informed it's happening, and making a very broad assumption that there isn't going to be any malicious code being executed (implies they protect it from being hacked/repurposed into something malicious) is it a better solution for funding websites instead of ads?
          • I wonder if websites might move to a proof of work model, where their miner would have to execute for n cpu cycles for access to pages to be granted. I can see this becoming an alternative to advertising, especially with smartphone CPUs so relatively fast.

            • If they did something like that, they'd take what might have been a good replacement for annoying ads, and made it into something even more annoying than ads: making you sit there and wait, perhaps watching some inane countdown or 'progress bar' for something that the vast majority of people wouldn't understand. All I'm saying is, if it were I who were implementing this idea, I'd make it clear in the Terms of Service for the affected site that it's happening (perhaps with a one-time pop-up notice informing
          • Users will just block it either way.

        • You do realize that Showtime is a premium network, and sites in question are legitimate, correct? Nobody is watching pirated content at either of those URLs.

      • by swb ( 14022 )

        I don't know how much fractional value you can mine from a single session, but assuming you can build out the distributed computing network even a fraction of a cent multiplied across millions of users starts to be real money.

        Getting $0.01 of value out of a million users is still $10,000 per day.

        • Well, they estimate the pirate bay can pull $12,000.00/month.

          I'm not sure what their costs are, but it seems like best case scenario is a modest income for one person. Maybe showtime can do better as people watch there too?

        • Thats... thats not how it works. Theres no fractional gain in mining unless you are part of a mining pool. AFAIK you only get your share if you find one block, if you are mining alone all the block reward goes to you, if it's found by a pool its shared across the participants relative to the amount of work they provided.

          But as far as I've been reading, crypto mining is dead, its been dead for months only profitable for the mining farms in Asia.

          Latest ASIC miners are not reaching ROI within 2 years, for exam

    • They haven't actually produced anything of real value, so wealth hasn't been created.

      Why are people consuming the site's content?

    • Re: (Score:2, Insightful)

      by Anubis IV ( 1279820 )

      My (admittedly limited) understanding of cryptocurrency mining is that it actually does produce value, in that the mining process itself is what's responsible for distributing, verifying, and otherwise maintaining the blockchain on which the currency is built. Which is to say, miners are the ones facilitating the use of the currency. It's actually part of what makes cryptocurrencies work so well, since the very act of maintaining the currency is both distributed and incentivized.

      All of which is to say, mini

      • All of which is to say, mining isn't just a matter of spinning one's wheels without purpose. It produces value for the people making use of that currency.

        Based on your description of how virtual currency mining creates value, then couldn't we also create value by adding a zero to the end of our bank balances?

        Or more specifically, by having only people with fancy computers add a zero to their bank balances.

        • No, because in your example there's no correlation between the people adding 0s to their bank account and the people facilitating financial transactions. You're talking about paying people for doing nothing to aid the operation of the system, whereas I was talking about paying the people who facilitate the operation of the financial system.

          If you'd like an actual example of this sort of thing in the real world, look no further than banks, ACH, and other financial institutions who facilitate the transfer of

          • No, because in your example there's no correlation between the people adding 0s to their bank account and the people facilitating financial transactions.

            Sure there is. If you add a zero to my bank balance, it will facilitate many more financial transactions by me.

            You're talking about paying people for doing nothing to aid the operation of the system, whereas I was talking about paying the people who facilitate the operation of the financial system.

            In terms of productivity, those two things are exactly the

            • Sure there is. If you add a zero to my bank balance, it will facilitate many more financial transactions by me.

              Well, given that I said I was talking about "facilitat[ing] the operation of the financial system" and that you are not the financial system, I think it's safe to say that you're talking about something wholly separate. In fact, if you engaged in more financial transactions, it would place additional burden on those who are facilitating the system's operation, and if you intentionally twist terms in a disingenuous way like that again, I'll be done with this discussion.

              In terms of productivity, those two things are exactly the same.

              If you live in an agrarian society, per

    • A recent report has calculated that a site ... could make around $12,000 per month by mining Monero in the background.

      It's not really a case of the site making money. They haven't actually produced anything of real value, so wealth hasn't been created. All they've done is consumed the computing and electricity resources of the site's users, and converted them to an entry in some distributed database. Overall, it's a net economic loss. Resources were consumed without producing anything of value.

      At least advertising, as shitty as it is, can potentially result in a sale, which is an example of actual wealth creation.

      Hmm... Your post reminds me of someone in economic field. You are looking at something that has no value means no loss in value (but in net economic). However, that is not really true with non-tangible product. In other words, no value is produced does not mean no wealth created at all. In this case, results from hash computation actually has value even though it doesn't find the combination.

      Think of it as if you have to look through 1,000,000 boxes to find a mark. If you could eliminate 100 boxes that you

  • A system based upon the execution of unknown code downloaded from remote sites is inherently insecure. That'll probably never get through enough heads to do anything about it, but there it is.

    Walled gardens that prevent the blocking of said unknown code are prima facie unusable.

    • by Anonymous Coward

      I have no idea how anyone can browse the internet without a script-blocker and ad-blocker.

      • by HBI ( 604924 )

        Most people don't understand what that means. "What's Javascript?" might be the response. So they pay for too much bandwidth and tolerate the poor performance inherent in the unfiltered net. And all the usual risks of running unidentified code.

      • by murdocj ( 543661 )

        I don't use a script blocker and do a bit of ad-blocking. If a site slows me down, I close it. Problem solved.

        • by HBI ( 604924 )

          Presuming that they didn't drive-by install something using a zero day against your browser or OS. It wouldn't take very long, and probably not even long enough for you to notice.

          Your hope based strategy is probably not going to work out well over the long term.

          • by murdocj ( 543661 )

            Yeah, it's only worked for 10 years. If I really wanted to be safe, I guess I could telnet to websites and just pick out what I wanted from the readable text.

            • by HBI ( 604924 )

              Are you positive that it has worked?

              I'm quite sure that I wouldn't recognize every exploit for what it was, so therefore I don't allow such things to execute.

  • by Bugler412 ( 2610815 ) on Monday September 25, 2017 @11:12AM (#55259965)
    Doing it this way, unannounced and underhanded is wrong. However, if done in an upfront and informed way I would likely accept some form of low impact mining on my PC while consuming content over most forms of advertisement.
  • Remember kids... (Score:5, Insightful)

    by RyanFenton ( 230700 ) on Monday September 25, 2017 @11:20AM (#55260019)

    Never browse without properly community-maintained ad blocking and script blocking.

    And if any company complains about not being able to 'serve' you properly as they'd like to... add a request to have that complaint blocked.

    Ryan Fenton

  • by EndlessNameless ( 673105 ) on Monday September 25, 2017 @11:39AM (#55260137)

    I would gladly donate CPU time to support a site instead of viewing ads.

    I might even idle my browser there---if it doesn't affect anything else I do. They really need to have a light touch though.

    And, it should go without saying, but no mining on mobile. If I have to choose between bandwidth for ads and battery life, I'll take the ads.

  • by Anonymous Coward

    OMG tulips! Tulips, everyone! Oh shiiiiiiiiiiiiii-

  • by Anonymous Coward

    Before I swung by slashdot, I hit TPB and fired up my download of Star Trek. I haven't paid TPB for anything, and I'm not about to sign up for their VPN, or stay up all night playing "The most addictive game of 2017". But TPB has provided me with a valuable service, and for that, I am more than happy to throw them a few spare CPU cycles.

    Thanks guys, keep up the great work!

  • by FeelGood314 ( 2516288 ) on Monday September 25, 2017 @11:48AM (#55260201)
    CPU mining has a return of between 1 and essentially 0% depending on the currency and the price of electricity. Best case scenario, you leave you web browser open for two days, you consume $1 of extra electricity and the web site gets $0.01. Unless the browser could leverage your GPU, you live in Quebec (cheap electricity) and it's winter so you are heating your house with the GPU, this is never going to make sense.
    • by johannesg ( 664142 ) on Monday September 25, 2017 @12:13PM (#55260391)

      CPU mining has a return of between 1 and essentially 0% depending on the currency and the price of electricity. Best case scenario, you leave you web browser open for two days, you consume $1 of extra electricity and the web site gets $0.01. Unless the browser could leverage your GPU, you live in Quebec (cheap electricity) and it's winter so you are heating your house with the GPU, this is never going to make sense.

      It makes perfect sense if it is other people paying for the electricity...

      • by Anonymous Coward

        The hashing algo used by monero needs a fair amount of super fast memory (think CPU L2 or L3 speed). Its not efficiently minable with GPUs or ASICs.

        Depending on electricity cost, consumer level CPU mining can be profitable. Even better if using someone elses electricity.

  • Bitcoin mining has been done by custom chips for at least the last 5 years. The economics of mining are that you convert electricity into currency at some rate that is efficient (ie the value of the electricity < value of the coins mined). CPU mining of bitcoin is at least 100x less efficient than the custom chips used by miners. For other currencies (ie Litecoin like currencies), its either custom chips or graphics cards (I think the graphics cards have been squeezed out of there too) which are at le
    • CoinHive [coin-hive.com] is mining Monero [wikipedia.org], which does not benefit from custom miner hardware.

      • Yes but the difficulty is so high (and Monero the coin so stagnant) thats not really worth it. Theres always newer and fresher coins to mine tho, but most crypts are going Prof-of-stake instead of prof-of-work. The value of bitcoins being given by the electricity used to create them was always a meme.

        This JS would have been a killer 3-4 years ago, today? And with the SEC preparing to come after so many scammers in the crypto scene? Meh.

        When you have the Chaina© and the US (and even JPM) working togeth

Programmers used to batch environments may find it hard to live without giant listings; we would find it hard to use them. -- D.M. Ritchie

Working...