March 30, 2018

A story published here this week revealed the real-life identity behind the original creator of Coinhive — a controversial cryptocurrency mining service that several security firms have recently labeled the most ubiquitous malware threat on the Internet today. In an unusual form of protest against that story, members of a popular German language image-posting board founded by the Coinhive creator have vented their dismay by donating tens hundreds of thousands of euros to local charities that support cancer research.

On Monday KrebsOnSecurity published Who and What is Coinhive, an in-depth story which proved that the founder of Coinhive was indeed the founder of the German image hosting and discussion forum pr0gramm[dot]com (not safe for work). I undertook the research because Coinhive’s code primarily is found on tens of thousands of hacked Web sites, and because the until-recently anonymous Coinhive operator(s) have been reluctant to take steps that might curb the widespread abuse of their platform.

One of countless pages of images posted about this author by pr0gramm users in response to the story about Coinhive.

In an early version of its Web site, Coinhive said its service was first tested on pr0gramm, and that the founder(s) of Coinhive considered pr0gramm “their platform” of 11 years (exactly the length of time pr0gramm has been online). Coinhive declined to say who was running their service, and tried to tell me their earlier statement about Coinhive’s longtime affiliation with pr0gramm was a convenient lie that was used to helped jump-start the service by enlisting the help of pr0gramm’s thousands of members.

Undeterred, I proceeded with my research based on the assumption that one or more of the founders of pr0gramm were involved in Coinhive. When I learned the real-life identities of the pr0gramm founders and approached them directly, each deflected questions about their apparent roles in founding and launching Coinhive.

However, shortly after the Coinhive story went live, the original founder of pr0gramm (Dominic Szablewski, a.k.a. “cha0s”) published a blog post acknowledging that he was in fact the creator of Coinhive. What’s more, Coinhive has since added legal contact information to its Web site, and has said it is now taking steps to ensure that it no longer profits from cryptocurrency mining activity after hacked Web sites owners report finding Coinhive’s code on their sites.

Normally, when KrebsOnSecurity publishes a piece that sheds light on a corner of the Internet that would rather remain in the shadows, the response is as predictable as it is swift: Distributed denial-of-service (DDoS) attacks on this site combined with threats of physical violence and harm from anonymous users on Twitter and other social networks.

While this site did receive several small DDoS attacks this week — and more than a few anonymous threats of physical violence and even death related to the Coinhive story — the response from pr0gramm members has been remarkably positive overall.

The pr0gramm community quickly seized on the fact that my last name — Krebs — means “crab” and “cancer” in German. Apparently urged by one of the pr0gramm founders named in the story to express their anger in “objective and polite” ways, several pr0gramm members took to donating money to the Deutsche Krebshilfe (German Cancer Aid/DKMS) Web site as a way to display their unity and numbers.

The protest (pr0test?) soon caught on in the Twitter hashtag “#KrebsIsCancer,” promoted and re-tweeted heavily by pr0gramm members as a means to “Fight Krebs” or fight cancer. According to a statement on DKMS’s Web site, the KrebsIsCancer campaign involved donations from more than 8,300 people totaling 207,500 euros (~USD $256,000).

Update, 2:46 p.m. ET: Updated donation figures per statement posted today on DKMS site.


68 thoughts on “Coinhive Exposé Prompts Cancer Research Fundraiser

  1. The Sunshine State

    Stay safe Brian, don’t let the sc#m scare you

  2. Clint D

    This is an incredibly odd (but awesome) reaction from the pr0gramm community. Maybe the rest of your detractors will follow suit 🙂

    1. BrianKrebs Post author

      Just a heads up to the many people trying (but failing) to leave comments here. If you wish to leave a comment, my suggestion is to do so without using extreme profanity, and to keep it on topic. The former will get your comment held for moderation, and the latter will get your comment removed or sent to /dev/null entirely.

      1. Jimmey

        Thanks for at least getting the numbers right.

        On topic / off topic: exposing real names of real people on the internet accusing them of… well… try that stuff in your home country and I bet a lawyer will stick it to you.

          1. Krebsistan?

            The first amendment applies to government organizations, not private websites, and even then, hate speech, profanity, and defamation are not protected speech anyway.

            1. Catwhisperer

              Ah our good friend, but if you understood the laws of our “home country”, you would understand that “truth of statement” is a defense against libel and defamation claims. But go ahead and go play in that playground. There is also the concept of “discovery” in the process that can be compelled by writs of contempt, etc. So what is whispered in the ear, will be shouted from mountaintops, and what is hidden in darkness will be brought out into the light of day. It being Good Friday and all, I felt that was an apropos statement…

            2. Kai

              Hate speech is free speech though, just as much as profanity.

              As long as you’re not inciting violance it’s free speech. Why does noone get that?

              1. JCitizen

                Hate speech always leads to violence in the end. It isn’t any different that yelling “FIRE” in a crowded theater, which is not free speech either.(as long as there is no actual fire)

                1. Brian Lopsitch

                  Thanks to Krebs for the research and the fun drama that ensued, and the interesting topics and debates that got expounded here and elsewhere.

                  Not sure if DOXing cha0s was the right thing to do, but it’s not clearly wrong either.

                  The root problem here began when WWW was corrupted to include executeable code. Those of us who have been involved in security for a longer period can recall when data was data and code was code. (Despite GEB’s record-player-breakers).

                  When Adobe began putting code into its postscript documents, I knew we were in for hell, which continued with the introduction of javascript to the WWW and now exploits everywhere, with every site you visit able to pwn you.

                  The time to address this was 25 years ago. Now i just watch the world burn.

                  1. lol

                    If your position is that we should do away with all executable scripts on the WWW to minimize attack surfaces then you might as well just argue that we should do away with all digital technology to avoid being hacked.

                2. Yeah...no

                  >Hate speech always leads to violence in the end.
                  >It isn’t any different that yelling “FIRE” in a crowded
                  >theater

                  Your analogy has no legal basis (in U.S. law where the first amendment is extremely strong protection).

                  Brandenburg v. Ohio, 1969.

                  Unless the speech advocates an imminent, dangerous action it’s protected.

                  “always…in the end” explicitly fails to meet that standard by it’s plain language.

                  1. JCitizen

                    It is just my opinion, but I feel SOTUS erred in that judgement; but I can see whey they did it – because they likened it to similar calls to action made by people resisting tyranny. I disagree with their call on that. I can see calls to some kind of action for political reasons, but to do it because you hate a specific race, creed, religion, etc. their really isn’t an excuse in my book. I’ll never admit I’m wrong on that one.

                3. DM

                  Please give some evidence that hate speak always leads to violence. This is a bold statement and I for one have a hard time believing you can prove this with facts.

                  Defamation doesn’t apply if its not a lie, otherwise its just the truth and the TRUTH doesn’t care about your feelings.

                  Libel is the same as defamation.

                  Now if something was show to be intentional lies, then perhaps you could get somewhere, UNLESS your the media, in which case obama signed a law that made it legal for them to lie to you all day long. You can blame obama or not, up to you, just saying, facts.

                  Keep it going Brian..

        1. Jiminey

          Krebs does these kinds of “Who is…” stories all the time. Here are a few

          https://krebsonsecurity.com/?s=%22mind+map%22&x=0&y=0

          I don’t think he makes any distinction about whether people he tracks down are from the US, Germany or the South Pole.

          If the founders of programm really were that concerned about keeping their names a secret, maybe they shouldn’t have registered dozens of domains in their own name in PUBLIC whois records.

          For all the whining I’ve heard from the programm people over this, not one has stated a single fact that was incorrect in the story. Just a lot of complaining about the publication of “private” data that is anything but.

      2. Barry Wallis

        Unfortunately, it looks like leaving a comment in German gets past your profanity filter. 🙁

  3. Alton

    Wow… People should protest like this more often. Seriously.

  4. Barry Wallis

    Another way you are a force for good. 🙂

    1. Raphael

      Thats some strange logic. This would mean that mass shootings are good, since the NRA profits because of selling weapons to teachers.

      1. DLivesInTexas

        The NRA neither sells firearms nor directly benefits from their sale.

        1. KFritz

          Sure glad you included “indirectly,” Pilgrim. (Hat tip to John Wayne) ‘Cause they sure are subsidized by the firearms manufacturers, who ironically, aren’t selling as many guns as they’d like these days.

  5. Doc

    Wow. Well done, Mr Krebs. I hope this story is as good as it seems, “we call could use a little good news”. This is truly something to be proud of!

    1. Kai

      Yes, Brian deserves the praise!

      Who cares about all these people who actually donated?

  6. Johnny

    Thanks for getting the numbers right – after people from that community pointed you the right direction.

    Ontopic/offtopic: What’s the deal with exposing real people to the internet by only accusing them. This is no security, but pure…well – try for yourself in your country of residence. Good luck in life!

    1. SeymourB

      People do this all the time in the US, how else do you think the “company” that paid Stormy Daniels got traced back to Trump’s long time lawyer? They tried to hide and obfuscate the origin of the funds but the entire sordid mess got uncovered and there are no big lawsuits aimed at the reporters who uncovered it.

      If you want to hide in the shadows, then hide in the shadows. If you want to come into the light then you’re going to have to come into the light. You don’t get to hide in the shadows and work in the light. You can try, but don’t be surprised when the light shines on you.

      1. James

        The light. You have read the bible a couple of times or are a big star wars fan. This much I can tell from reading this BS.

        1. SeymourB

          You would do well to avoid trying to psychoanalyze people using a language unfamiliar to you.

  7. Lee Stein

    Per your guidelines, you may want to remove the two German language quotes in your “Comments” section.

  8. vb

    The cynic in me has to wonder how much of the donations are actually from the ill gotten profits of Coinhive.

    Interesting tactic to play the dox victim after profiting from web server hacking. Either the pr0gramm community doesn’t care that the Coinhive hacking activity is illegal or they are really low intelligence. Or both.

    1. o

      > … from the ill gotten profits of Coinhive.

      His story successfully clouded your mind. You and several others here don’t seem to understand anything. Krebs investigated Coinhive because earlier this month hackers copied Coinhive code, hosted it on their servers and hacked tons of sites to load their code. Google it.

      1. Quid

        It appears several of you (Jimmey, Krebsistan?, Johnny, o, BearGear, Niklas) have missed the paragraphs excerpted below, especially the last one. If you know that what Troy Mursch or Krebs state is not true, then that should be your complaint and then correct the factual errors. But you don’t dispute anything, just complain.

        //Quote
        Coinhive does accept abuse complaints, but it generally refuses to respond to any complaints that do not come from a hacked Web site’s owner (it mostly ignores abuse complaints lodged by third parties). What’s more, when Coinhive does respond to abuse complaints, it does so by invalidating the key tied to the abuse.

        But according to Troy Mursch, a security expert who spends much of his time tracking Coinhive and other instances of “cryptojacking,” killing the key doesn’t do anything to stop Coinhive’s code from continuing to mine Monero on a hacked site. Once a key is invalidated, Mursch said, Coinhive keeps 100 percent of the cryptocurrency mined by sites tied to that account from then on.

        Mursch said Coinhive appears to have zero incentive to police the widespread abuse that is leveraging its platform.

        “When they ‘terminate’ a key, it just terminates the user on that platform, it doesn’t stop the malicious JavaScript from running, and it just means that particular Coinhive user doesn’t get paid anymore,” Mursch said. “The code keeps running, and Coinhive gets all of it. Maybe they can’t do anything about it, or maybe they don’t want to. But as long as the code is still on the hacked site, it’s still making them money.”
        //End Quote

        1. Lightkey

          Then read Nohard Fealings’ reply further down, that should be the top comment IMHO.

          1. NickDanger

            Nohard Fealings’ reply further down, that should be the top comment IMHO.

            …why? Most of that comment is nothing but posturing – and the few actual claims it makes are factually incorrect (E.g. the claim that Coinhive can’t block execution of the code on hacked sites).

    2. Anon

      “The cynic in me has to wonder how much of the donations are actually from the ill gotten profits of Coinhive.”

      The cynic in you doesn’t know anything. I don’t say, that what mr. Krebs said about the connection of cha0s and coinhive is not true, but as far as I know, none of the normal users of the pr0gramm even knew, that cha0s tried out his script on the website. So why are you trying to put this great demonstration in a bad light? Each and every cent of the money(as far as I know its already over 300k€) was hard earned and I won’t let someone like you spit on a great community like this. Shame on you.

  9. holzmaster

    The story about this even reached German public television news (“Tagesschau”).

  10. BearGear

    Honestly i didn’t think this could on my nerves again after the protest. Not only are your fans acting like this is you who has done something good. No, not even an apology or acknowledgment of any kind from your site. I’m glad theres atleast an article about this, but it just feels like flat air. Some way to clear your name perhaps? I don’t know. At last i want to say, I would like you to put more work on your research and get important facts out not some bliberish you heard from one user of the site. I mean for gods sake, for instance, how was Gambs foot fetish in any means necessary for the coinhive report?

    1. Schwingerkonig

      @BearGear: You want an apology from Brian Krebs? Are you serious? What for? For his investigative journalism he carried out over all those years? Have you even bothered reading his book “Spam Nation”? That is more than just copy paste. I guess, our overhyped Bruce S would fit into the “copy paste” section, at least as far as his last book is concerned. (A compilation of articles, plus some drivel.)

    1. maxW

      And you sure understood what their response is about!

  11. Mahhn

    Awesome. Not sure if its the haters or the reconcilers, but either way the Coinhive stories are making several things better. A just cause has money, a program being abused and getting corrections. And facts that there is no real/lasting anonymity is hitting home for some kids. The worst and best people of pr0gramm are showing their true colors.

  12. Niklas

    Trying to claim this as your victory after your shoddy first article really does not speak well for your character Mr. Krebs.

    1. BrianKrebs Post author

      Sorry, but where do I claim this as “my victory”?

      I can’t help think that most of the angry comments from readers in these past two Coinhive stories come from people who a) don’t know how to read properly and/or b) don’t ever let inconvenient or unlikable facts influence their understanding of reality.

      1. Catwhisperer

        You keep up the Good work Brian, Sir! Maybe tick off more people in the future that will donate to another good cause. BTW, folks, money has no smell, and the Good Lord uses Caligula as well as Mother Teresa for His purposes, can we get an Amen!

        1. Anonymous

          Well, Mother Teresa also is long exposed for the person she was. Not sure if you tried to say the Good Lord uses people good and bad alike, or if you deliberately chose two really bad people to show the Good Lord uses the openly bad as well as the wolves in the pelts of sheep.

          And okay, you get an Amen because it is Easter / Passover:
          Amen

      2. Steve C#

        Keep up the good work Brian. Some people “doth protest too much, methinks”.

      3. Canuck

        don’t ever let inconvenient or unlikable facts influence their understanding of reality.

        A better description of the alt-right movement there is not.

        1. krustykrab

          Funny, I find the exact same thing is true about neo-liberals/regressives. And I’m not even alt-right!

  13. Rodney Thayer

    I hope someone in journalism school follows in Brians’ honorable footsteps by changing their name to amyotrophiclateralsclerosis so there is more funding to address that disease.

  14. Peter Kerner

    I was quite astonished (or amused) to see that you even made it into the headlines of the Swiss daily newspaper “Tages-Anzeiger” (also called “Tages-Anlügner”) https://preview.tinyurl.com/y8q7wg7n, a kind of British “Guardian” surrogate. Obviously, the journalist who wrote his article (no name mentioned, BTW), had no idea who you are. Well, as they say: Ignorance is bliss. Generally speaking, you are not known in Switzerland. Let’s not even mention Western Germany.

    Yet, with a bit of research, that article would never have appeared, above all not with such an expletive headline.

    I am a long time follower of your blog and even purchased and red your excellent book “Spam Nation”, but I am probably the only one. Yet, it missed the Coinhive thing altogether and did not know this Western German “pr0gramm.com” website. As a Swiss, I obviously do not care about what happens in the Western Zone.

    Keep up your good work. Your blog is one of the best security blogs. My posting as a reaction to the “Tages Anzeiger” article: https://preview.tinyurl.com/y9s7vfsy.

    1. Bernhard

      Dear Peter,

      please do not state that BrianKrebs is unknown in Germany. The site is actually very well known in the Security Community and German IT-News sites regularly cite his articles.

      Regards
      Bernhard

  15. Nohard Feelings

    Nobody is criticising you for being investigative. You worked thoroughly and uncovered everything.

    1. You were criticised, because you published data which did not serve a purpose. For example the foot fetish. You could have simply left that out of your article, because it didn’t add valuable information.

    Of course, you only connected publicly registered data sets, but those connections are considered personal data and are protected by German law. Problem is, you connected the dots, so technically the data has been available all along, but in fact it was not available in the context of pr0gramm and coinhive. I understand that the publication of all your findings is considered best practice in US journalism. This is significantly different in Germany, where a journalist would only publish as much information as needed to prevent vigilantism.

    You put bystanders in the spotlight with all their personal information, although they were not your most wanted “criminal”. This is what you should apologise for in my opinion.

    2. Labelling Coinhive malware is debatable. You did not point that out, perhaps because you don’t see any room for discussion. But in fact there are people willing to mine in exchange for an adfree experience. Coinhive did not encourage hackers to use their code, but it encouraged their customers to tell their visitors about the mining script. No data is stolen, nothing gets infected and nothing gets damaged, so I do not understand the term malware in this case.

    Of course, in the criticised version, the code was executed without any consent from the visitor. But this is also the case for every flash ad. Unless you block it which you can do for miners too.

    3. You criticised the payment methods. At first, I have to tell you that I see no problem with Coinhive getting a revenue. Then you wrote: “When they ‘terminate’ a key, it just terminates the user on that platform, it doesn’t stop the malicious JavaScript from running” and this is where I totally don’t get you. How would you change it? Of course this is the way it is. When you jump into a river with your trousers on they will get wet. When you put code on your page, it will be executed, unless you block it.

    You could demand that all the remaining earnings should be donated or something. But I see no needs for your accusations.
    _______

    tl;dr

    People are angry, because you blamed the wrong guys and published their personal data, though it did not serve your purpose. And you are exaggerating the “crime”. We are talking about a cryptominer, not a trojan.

    1. Chris Nielsen

      There is a pattern here that seems to be most visitors to this site in the US agree with the article being appropriate and well researched. Many of those outside the US see fault in it. But it would also appear that those that complain were somehow affected negatively. I was not affected in any way other than finding this an interesting story about a possibly good service was being misused by some for personal profit (Putting the code on sites without permission). I also agree that if the company is made aware of the abuse, that they not only need to cut off the abuser, but inform the site owner and/or stop allowing the code to generate profits. If it were me, I would attempt to send the abuser’s share of the profits to the site owner or failing to be able to do that, donate it to a charity.

      An ethical person has the option to not profit from abuse or crime. While this happens quite a bit in the US, there are also many who will not accept this “easy money”. I am such a person and I know there are others, even if we are not in as great numbers as I like to think we are. Perhaps it is because we can “afford” to hold these values and for that reason I do not judge others harshly.

    2. NickDanger

      1. You were criticised, because you published data which did not serve a purpose. For example the foot fetish. You could have simply left that out of your article, because it didn’t add valuable information.

      …seriously? The only mention of that is a single item in the mind map image, in text which is invisible to Google & the article text itself doesn’t contain a single instance of the words “foot” or “fetish.” That detail is also not the basis for any of the article’s conclusions. It’s also worth mentioning that the only place that info can be found in plain text is in the comments from you and apparent pr0gram/coinhive apologists – so it’s actually Krebs’ critics who are making that information more widely-available by harping on it (Streisand Effect by-proxy).

      And if that’s egregious enough that it’s your primary issue with the article, then surely you can come up with more than one example – right…?

      Of course, you only connected publicly registered data sets, but those connections are considered personal data and are protected by German law. Problem is, you connected the dots, so technically the data has been available all along, but in fact it was not available in the context of pr0gramm and coinhive.

      If the bolded portion is true, that’s insane. It certainly isn’t the case under, say, PIPEDA (Canada’s privacy laws, which tend to be substantially stricter than those in the US). Under most sane privacy regimes, there’s a standard known as “legally reasonable expectation of privacy” – and when you make infomation publicly-available (say, by submitting to the public WHOIS database when registering a domain name), you forfeit that expectation.

      2. Labelling Coinhive malware is debatable. You did not point that out, perhaps because you don’t see any room for discussion. But in fact there are people willing to mine in exchange for an adfree experience. Coinhive did not encourage hackers to use their code, but it encouraged their customers to tell their visitors about the mining script.

      While I agree, and would have liked to see some clarification, it’s equally plausible that it wasn’t mentioned because the author assumed that the audience for a tech security news site would understand that distinction on their own (which seems to have been a reasonable assumption, E.g. Gabe Mouris’ comment on the original article).

      Though in this case, it seems to be a distinction without a difference – at least in terms of Coinhive’s service being used to exploit people’s computing resources without their knowledge/permission. And it’s also worth comparing to other tools that aren’t fundamentally malware, but can be used maliciously – E.g. VNC. Unlike Coinhive, most VNC distributions include functionality to prevent malicious use, or at least make it more difficult (E.g. displaying notifications when a connection is active).

      I’d also point out that there’s a line between an innocent platform provider whose services are being (ab)used by third-parties for malicious purposes – and a provider who is effectively facilitating malicious activity. I don’t claim that it’s clear-cut, or that I know precisely where that line is – but when a provider is aware of abuse of/via their systems it and fails to take any steps to prevent it (when doing so would be fairly easy & while ALSO directly financially profiting by allowing it to continue), it’s really hard to see them as having clean hands.

      No data is stolen, nothing gets infected and nothing gets damaged, so I do not understand the term malware in this case.

      By design, cryptocurrency mining uses as much CPU power as possible – and running at max CPU load for long periods of time isn’t exactly what I would call healthy for a computer, nor is it something that most computer systems (read: laptops, mobile devices) are designed to handle. That can lead to overheating, which most certainly can cause direct damage to CPUs, motherboards, etc – and indirect damage/data loss (mechanical hard drives generally don’t handle sustained high temperatures very well). Not to mention less-tangible harms, like lost time/productivity due to automatic shutdowns caused by overheating, or the Coinhive code making the computer more sluggish overall.

      Of course, in the criticised version, the code was executed without any consent from the visitor. But this is also the case for every flash ad. Unless you block it which you can do for miners too.

      That’s not a great analogy, since you’re comparing a runtime/platform (Flash) with a specific application (Coinhive’s mining script). A better comparison would be between Coinhive and a banner ad network that was fully aware of malicious ads being distributed through their system, and who consistently failed to take any effective steps to clamp down on existing abuse or prevent future abuse.

      Incidentally, I can think of at least one real-world example of that scenario: when Google got hit with a fine of several hundred million dollars for running ads for illegal pharmaceuticals. If Google was liable in that situation, then it seems like Coinhive should be even more liable for malicious use of their system – they’re essentially doing the same thing, if Google had received a cut of all individual sales of the illegal products they ran ads for – instead of getting paid for the ads.

      Then you wrote: “When they ‘terminate’ a key, it just terminates the user on that platform, it doesn’t stop the malicious JavaScript from running” and this is where I totally don’t get you. How would you change it? Of course this is the way it is. When you jump into a river with your trousers on they will get wet. When you put code on your page, it will be executed, unless you block it.

      That’s not an accurate description, because the Coinhive JS code doesn’t actually run ON the third-party sites that use their service – not in the sense that the actual mining code is present within those sites’ HTML code, or JS files that are part of those sites. Rather, a cursory Google search shows that Coinhive uses XSS (cross-site scripting), where the third party site only contains a link/reference pointing to a JS file/code on the Coinhive servers.

      I haven’t used Coinhive before, but a Youtube search for “How to add coinhive in your site” turns up a tutorial (I won’t link to it because it will likely get the comment held for moderation, but it’s the first result) – at about the 27 second mark, the video shows the embed code used to add Coinhive to a third-party site: rather than containing the actual mining code, it’s just a link/reference to authedmine[dot]com/lib/simple-ui[dot]min[dot]js (munged).

      In other words: because all of the actual mining code runs from their servers, it should be trivial for Coinhive to add a conditional check to their code to prevent it from executing for invalid/disabled API keys. Here’s rough pseudo-code for what that would take:

      if apikey is vald
      { //valid key, mining code goes here }
      else
      { //invalid key, error message goes here }

      tl;dr

      People are angry, because you blamed the wrong guys and published their personal data, though it did not serve your purpose.

      You appear to be claiming (and not for the first time) that there are factual inaccuracies in the article, yet you haven’t actually detailed any of them. Without specifics, those claims really don’t warrant any other comment.

      And you are exaggerating the “crime”. We are talking about a cryptominer, not a trojan.

      Depending on the trojan, malicious use of a cryptominer could arguably be worse. It’s making unauthorized use of the end-users’ computer resources (CPU, network, etc) in a way that directly generates reveue for the malicious parties – and Coinhive – while incurring extra costs for the end user (as a result of higher power consumption).

      That said, cryptojacking & trojans are not really an apples-to-apples to comparison. It’s a bit like saying “We are talking about getting mugged, not having your credit card skimmed.”

      1. Nohard Feelings

        “Here’s rough pseudo-code for what that would take:

        if apikey is valid
        { //valid key, mining code goes here }
        else
        { //invalid key, error message goes here }”

        You are right. Because of moderation your answer reached me too late, sorry. It would work that way (and it does). I looked it up. So you can criticise the way they handle or handled key verification.

        But of course their influence depends on the hack:
        – On Oct. 23th someone changed the Cloudflare’s DNS record and redirected to a third-party js.
        – In another case hackers embedded the code in the landing page of Fibertel. This should be the most prominent case by now.
        – WordPress Cryptojacking

        To be honest, I do not blame Coinhive for not having implemented an advanced key validation system so far. And it was not Coinhive’s fault, the code was embedded on those hacked sites.

        They invalidated some keys, but they couldn’t know before that those were fraudulent. But you are right, once they invalidated a key the script hosted on the server should terminate before the actual mining starts. And it is important that site owners have the possibility to get in touch with Coinhive.

        And obviously Coinhive reacted appropriately by changing their policies. So terminated keys are now actually terminated and the miner is not executed anymore. I think the new version with the UI that asks for consent is on a good way to not be labeled as malware.

        Thank you for clearing that up, good sir. No hard feelings.

    3. NickDanger

      Oh, and here’s a hypothetical for you: let’s say there was a company that would pay you for the power generated if you installed their solar panels on a house, while taking a 30% cut for themselves (E.g. by feeding it into the grid/reselling it to the power utility) – we’ll call them “Solarhive”. Then imagine your neighbour installed Solarhive panels on your roof (without informing you or getting your permission), which he was able to do because Solarhive didn’t make any attempt to verify that he was the owner of the house and/or had your permission. And maybe these are high-end panels with sensors/motors to adjust their angle to the sun throughout the day – which would run of your power, so you’d be paying to operate the paels while getting none of the benefit from them.

      Would you think that Solarhive should be held in any responsible in that scenario? Then imagine you discovered the situation, notified Solarhive & they shut off the flow of power to your neighbour… but then left the panels running & just collected all of the power/revenue for themselves. I take it you would have no problem with or objection to that?

      1. Mark

        Well said sir; you win the Best Analogy” award.

        In terms of the article, I really appreciate the well-researched information and the clarity of the context.

        There are so many web pests, this kind of light is exactly what is required. While the government(s) have a role to play, the culture can do immeasurably more in delegitimizing rogue or even self-serving behavior such as this.

  16. Blussi

    The users of pr0gramm are uploading screenshots of their donations to the imageboard itself. Based on those uploads and the relevant tags it is possible to roughly track the number of donations and the amount donated. It was more or less the same as the recent official statement from DKMS.

    The following website displays that information: http://www.daspr0spendet.de/

    1. Blussi

      I forgot to mention that we are currently at 316’000 Euros. Roughly 390’000 USD!

    2. Lightkey

      Interesting to note is that the official numbers are higher, so it could be closer to €400000.
      Also Herr Krebs mixed up Deutsche Krebshilfe and DKMS. The €207500 were for the former while DKMS got a little less between €100000 and €150000. Plus a few dozen thousand Euros to other institutions also in Switzerland and Austria.

  17. SkunkWerks

    I feel like the only thing missing from all this silliness is Jim Hellwig spontaneously resurrecting from the dead and joining Coinhive’s legal team (clandestinely)…

  18. Gigi

    Once again technology in a global economy leaves local law in the dust, digital tools compromised, and personal agendas exposed, for good or ill. Welcome to the WWW.

  19. Cheese

    It’s a good thing it was only the last four of the card number, and not the BIN numbers. That could have resulted in a lot of ATO fraud for victims that are using the same username and password at Panera Bread that they use for their online banking logins.

Comments are closed.