A new report by researchers at the University of Toronto suggests the government of Egypt is hijacking people’s Internet services to secretly mine cryptocurrency. It’s the latest example of “crypto-jacking” in what seems to be an ongoing theme.
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts
Hardcore Mining Tactics
The authors of the report called the current evidence “the stuff of legends,” as the intrusion is occurring at the hands of a developed nation-state. Additionally, they say the method being used to mine the coins can be extremely difficult to detect.
The tactic is called “AdHose,” one in which Internet users are indiscreetly redirected to sites containing malware which is downloaded through ads to mine Monero. Researchers suggest it’s being distributed through the networks of Telecom Egypt, the country’s primary telephone company.
The report stated:
“On several occasions, the middleboxes were apparently being used to hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.”
Two Sides to the Hijacking Process
AdHose occurs in two distinct forms. The first is known as “spray mode,” in which users are directed to ads containing Coinhive, the digital currency mining malware readers should be very familiar with at this stage. Researchers at the university scanned several computer networks and discovered that nearly 6,000 individual units were affected, though the team hasn’t revealed the total number of networks examined.
Spray mode is used more sparingly than its more popular counterpart, which is known as “trickle mode.” Trickle redirects users only when they visit certain sites. Researchers have named the two primary sites as CopticPope.org and Babylon-X.com, with the former a religious website and the latter a porn page.
The authors say the hardware stems from a firm in Canada called Sandvine, which calls the report “false, misleading and wrong.”
A Few Other Uses
Additionally, the document also suggests that the malware attacks are occurring in other parts of Northern Africa and in the Middle East, and are being used to “manipulated other state and private sector” functions:
“In Egypt and Turkey, we also found that the devices matching our Sandvine Packet Logic fingerprint were being used to block political, journalistic and human rights content.”
The hardware used to implement AdHose appears to be preventing users from visiting certain news sites like Al Jazeera. NGOs like the Human Rights Watch are also blocked, suggesting it somehow doubles as a kind of censorship tool.
This isn’t the first time Coinhive has attracted unwanted attention. Last February, several government websites in both the U.S. and the U.K. were hit with similar crypto-jacking tactics, while the malicious software has also made appearances in both Google and YouTube ads.
Grand mufti of Egypt Shawki Allam has proclaimed in the past that cryptocurrency is “forbidden under Islamic law” due to its price volatility and “unreliable” nature.
Can crypto-jacking cases like these be permanently stopped? Post your comments below.
Images via Pixabay