The digital currency Bitcoin is having a bit of a moment, which is drawing the attention of cybercriminals. They don’t want to steal your money (though there is some of that too). Instead they want to hijack the processing power of your computer to create more bitcoins out of thin air.
There is no company, central bank, or government behind Bitcoin—there is only math. The currency, created by a pseudonymous researcher and governed by computer code, is slowly adding more coins to circulation. New bitcoins are distributed to users with access to hugely powerful computers, which compete to process fiendishly complicated math problems. The system gives new coins to the winner as a reward; the process is known as “mining.”
The newest Bitcoin scam was discovered last week by security firm Kaspersky Lab, which found a type of computer malware that hijacks computers and uses them to mine new bitcoins.
The computers are infected through links within Skype—users click on an link that installs software on their machine, and they become unwitting slaves in the bitcoin mines. Kaspersky’s Dmitry Bestuzhev found infected computers in Italy, Russia, Poland, Costa Rica, Spain, Germany and Ukraine that have been brought to a crawl as nearly all of their processing power is stolen.
This isn’t the first Bitcoin botnet, as massive networks of hacked computers that are controlled by cybercriminals are known. A botnet called ZeroAccess was estimated to be earning $2.7 million a year by using infected computers to mine new coins, even offering bounties for new infected computers. And as the media hype and Bitcoin’s valuation rises, there will undoubtedly be further exploits. As Felix Salmon explained in his deep-dive last week, botnets are the logical outcome of the Bitcoin system:
The way that the money supply grows, in the bitcoin system, is by people harnessing the power of hundreds or thousands of computers to solve very complicated mathematical tasks, earning bitcoins for doing so along the way. And the easiest and cheapest way of doing that is to do so illegally, by stealth: set up a “botnet” of hacked computers to do your bidding for you. The incentives, here, are very bad indeed.
An FBI report last year detailed several incidents in which cybercriminals bought and sold botnets, with bitcoin as the medium of exchange. So Bitcoin may have inadvertently given birth to an insidious new business model: Pay bounties to build a botnet, use the botnet to mint bitcoins, sell botnet for more bitcoins, and repeat.