羅伯·史蒂文斯 陳偉濟(jì)

Is the web browser on your phone slower than usual？ It could be mining Bitcoin for criminals.

As the popularity of virtual currencies has grown， hackers are focusing on a new type of heist： putting malicious software on peoples’ handsets， TVs and smart fridges that makes them mine for digital money.

So-called crypto-jacking1 attacks have become a growing problem in the cybersecurity industry， affecting both consumers and organizations. Depending on the severity of the attack， victims may notice only a slight drop in processing power， often not enough for them to think it’s a hacking attack. But that can add up to a lot of processing power over a period of months or if， say， a business’s entire network of computers is affected.

“We saw organizations whose monthly electricity bill was increased by hundreds of thousands of dollars，” said Maya Horowitz， Threat Intelligence Group manager for Check Point， a cybersecurity company. Hackers try to use victims’ processing power because that is what’s needed to create—or “mine”—virtual currencies. In virtual currency mining， computers are used to make the complex calculations that verify a running ledger2 of all the transactions in virtual currencies around the world.

Crypto-jacking is not done only by installing malicious software. It can also be done through a web browser. The victim visits a site， which latches onto3 the victim’s computer processing power to mine digital currencies as long as they are on the site. When the victim switches， the mining ends.

Some web sites， including Salon.com， have tried to do it legitimately and been transparent about it. For three months this year， Salon.com removed ads from its sites in exchange for users allowing them to mine virtual currencies.

Industry experts first noted crypto-jacking as a threat in 2017， when virtual currency prices were skyrocketing to record highs.

The price of Bitcoin， the most widely known virtual currency， jumped sixfold from September to almost $20，000 in December before falling back down to under $10，000.

The number of crypto-jacking cases soared from 146，704 worldwide last September to 22.4 million last December， according to antivirus developer Avast. It has only continued to increase， to 93 million in May， it says. The first big case centered on Coinhive， a legitimate business that let web site owners make money by allowing customers to mine virtual currency instead of relying on advertising revenue.

Hackers quickly began to use the service to infect vulnerable sites with miners， most notably YouTube and nearly 50，000 WordPress web sites， according to research conducted by Troy Mursch， a researcher on crypto-jacking.

Mursch says Monero is the most popular virtual currency among cyber-criminals. A report by cybersecurity company Palo Alto Networks estimates that over 5 percent of Monero was mined through crypto-jacking. That is worth almost $150 million and doesn’t count mining that occurs through browsers. In the majority of attacks， hackers infect as many devices as possible， a method experts calls “spray and pray.”

“Basically， everyone with a [computer processing unit] can be targeted by crypto-jacking，” said Ismail Belkacim， a developer of an application that prevents websites from mining virtual currencies.

As a result， some hackers target organizations with large computing power. In what they believe might be the biggest crypto-jacking attack so far， Check Point discovered in February that a hacker had been exploiting a vulnerability in a server that over several months generated over $3 million in Monero.

Crypto-jackers have also recently targeted organizations that use cloud-based services， in which a network of servers is used to process and store data， providing more computing power to companies who haven’t invested in extra hardware.

Abusing this service， crypto-jackers use as much power as the cloud will allow them to， maximizing their gains. For businesses， this results in slower performance and higher energy bills.

Martin Hron， a security researcher at Avast， says that besides the rise in interest in virtual currencies， there are two main reasons for the rise in attacks.

First， crypto-jacking scripts require little skill to implement. Ready-made computer code that automates crypto-mining is easy to find with a Google search， along with tips on the vulnerabilities of devices. Second， crypto-jacking is harder to detect and is more anonymous than other hacks. Unlike ransomware， in which victims have to transfer money to regain access to their computers blocked by hackers， a victim of crypto-jacking might never know their computer is being used to mine currency. And as currency generated by crypto-jacking goes straight into a hacker’s encrypted wallet， the cyber-criminal leaves less of a trail.

Both Apple and Google have started to ban applications that mine virtual currencies on their devices. But Hron， the Avast researcher， warns that the risk is growing as more everyday devices are connected to the Internet—from ovens to home lighting systems—and that these are often the least secure.

Some experts say new techniques like artificial intelligence can help get a faster response to suspicious software.

That’s what Texthelp， an education technology company， used when it was infected with a crypto-jacker， said Martin McKay， the company’s chief technology officer. “The risk was mitigated for all customers within a period of four hours.”

But security researcher Mursch says that these precautions won’t be enough.

“They might reduce the impact，” he says， “But I don’t think we’re going to stop it.”

你手機(jī)上的網(wǎng)頁(yè)瀏覽器是否變慢了？它可能正在為犯罪分子開(kāi)采比特幣呢。

隨著虛擬貨幣越來(lái)越受追捧，黑客們開(kāi)始熱衷于一種新型盜竊：在人們的手機(jī)、電視和智能冰箱上安裝惡意軟件，利用這些設(shè)備開(kāi)采數(shù)字貨幣。

所謂的加密劫持攻擊已成為網(wǎng)絡(luò)安全行業(yè)日益嚴(yán)重的問(wèn)題，消費(fèi)者和企業(yè)都遭受到損害。由于攻擊的嚴(yán)重程度不同，受害者或許只注意到設(shè)備處理能力略微下降，通常不足以讓他們想到是黑客攻擊。但幾個(gè)月下來(lái)，或者說(shuō)一個(gè)企業(yè)的整個(gè)計(jì)算機(jī)網(wǎng)絡(luò)都受到攻擊，就可能累積占用很多處理能力。

“我們了解到有些企業(yè)每個(gè)月的電費(fèi)增加了幾十萬(wàn)美元?！本W(wǎng)絡(luò)安全公司以色列捷邦安全軟件科技有限公司威脅情報(bào)組經(jīng)理瑪雅·霍洛維茨說(shuō)。黑客試圖利用受攻擊設(shè)備的處理能力，因?yàn)閯?chuàng)造或說(shuō)“開(kāi)采”虛擬貨幣需要這些處理能力。開(kāi)采虛擬貨幣時(shí)，計(jì)算機(jī)用于進(jìn)行復(fù)雜的計(jì)算，以核實(shí)全世界所有虛擬貨幣交易的進(jìn)出明細(xì)。

加密劫持除了可以通過(guò)安裝惡意軟件完成，還可以通過(guò)網(wǎng)頁(yè)瀏覽器實(shí)現(xiàn)。受害者訪問(wèn)某個(gè)網(wǎng)站時(shí)，只要停留瀏覽，網(wǎng)站就會(huì)鎖定劫持受害者計(jì)算機(jī)的處理能力用于開(kāi)采數(shù)字貨幣。受害者不切換，開(kāi)采不結(jié)束。

包括Salon.com在內(nèi)的一些網(wǎng)站已嘗試讓加密劫持合法化，公開(kāi)透明地開(kāi)采。Salon.com今年有三個(gè)月去除了網(wǎng)站廣告，以換取用戶允許他們開(kāi)采虛擬貨幣。

2017年，行業(yè)專家首次指出加密劫持是一種威脅，這一年虛擬貨幣價(jià)格飆升，創(chuàng)歷史新高。

虛擬貨幣中最廣為人知的是比特幣，其價(jià)格從9月到12月暴漲了6倍，逼近2萬(wàn)美元，隨后回落至1萬(wàn)美元以下。

殺毒軟件研發(fā)公司愛(ài)維士稱，去年全球加密劫持的案件數(shù)量從9月的14.6704萬(wàn)起飆升至12月的2240萬(wàn)起，之后這一數(shù)字還在繼續(xù)增長(zhǎng)，5月份已達(dá)9300萬(wàn)。第一宗大案的焦點(diǎn)是挖礦服務(wù)公司Coinhive，該公司是一家合法企業(yè)，讓網(wǎng)站所有者可以通過(guò)允許客戶開(kāi)采虛擬貨幣來(lái)賺錢，而不是依賴廣告收入。

加密劫持研究人員特洛伊·穆?tīng)柺┑难芯匡@示，黑客很快開(kāi)始利用這項(xiàng)服務(wù)入侵存在漏洞的采礦網(wǎng)站，最著名的是優(yōu)兔和博客平臺(tái)WordPress近5萬(wàn)個(gè)網(wǎng)站。

穆?tīng)柺┱f(shuō)，門羅幣是最受網(wǎng)絡(luò)犯罪分子歡迎的虛擬貨幣。網(wǎng)絡(luò)安全公司派拓網(wǎng)絡(luò)的一份報(bào)告估計(jì)，超過(guò)5%的門羅幣是通過(guò)加密劫持開(kāi)采的，價(jià)值接近1.5億美元，這還不包括通過(guò)瀏覽器所開(kāi)采的。在大多數(shù)攻擊中，黑客會(huì)讓盡可能多的設(shè)備感染病毒，專家稱之為“撒網(wǎng)式”策略。

“基本上，每個(gè)擁有[計(jì)算機(jī)處理器]的人都可能成為加密劫持的攻擊目標(biāo)。”應(yīng)用程序開(kāi)發(fā)商伊斯梅爾·貝爾卡辛說(shuō)，他開(kāi)發(fā)的應(yīng)用程序可以防止網(wǎng)站開(kāi)采虛擬貨幣。

后來(lái)，有些黑客將目標(biāo)鎖定在擁有強(qiáng)大計(jì)算能力的企業(yè)。2月，捷邦發(fā)現(xiàn)，一名黑客利用一個(gè)服務(wù)器的漏洞，幾個(gè)月內(nèi)開(kāi)采出價(jià)值300多萬(wàn)美元的門羅幣，這可能是迄今為止最大的加密劫持攻擊。

加密劫持病毒最近還瞄準(zhǔn)了使用云服務(wù)的企業(yè)，云服務(wù)的服務(wù)器群用以處理和存儲(chǔ)數(shù)據(jù)，為沒(méi)有購(gòu)買額外硬件的公司提供更多的計(jì)算能力。

加密劫持病毒會(huì)濫用這項(xiàng)服務(wù)，在云服務(wù)許可范圍內(nèi)用盡它所提供的計(jì)算能力，使自己收益最大化。對(duì)于企業(yè)來(lái)說(shuō)，這會(huì)導(dǎo)致性能降低而電力成本上升。

愛(ài)維士的安全研究員馬丁·赫龍表示，除了人們對(duì)虛擬貨幣越來(lái)越感興趣之外，攻擊增加還有另外兩個(gè)主要原因。

首先，運(yùn)行加密劫持腳本幾乎不需要什么技巧。通過(guò)谷歌搜索，很容易找到現(xiàn)成的自動(dòng)加密開(kāi)采的計(jì)算機(jī)代碼，以及有關(guān)設(shè)備漏洞的提示。其次，加密劫持更難被發(fā)現(xiàn)，而且比其他非法入侵更匿名。受勒索軟件或病毒攻擊的受害者必須交贖金方能重新訪問(wèn)被黑客封鎖的計(jì)算機(jī)，加密劫持與此不同，其受害者可能永遠(yuǎn)都不知道他們的計(jì)算機(jī)正被用于開(kāi)采貨幣。而且，由于加密劫持開(kāi)采出的貨幣直接進(jìn)入黑客的加密錢包，網(wǎng)絡(luò)犯罪分子留下的痕跡也更少了。

蘋果和谷歌都已開(kāi)始禁止在其設(shè)備上加裝開(kāi)采虛擬貨幣的應(yīng)用程序。但愛(ài)維士研究員赫龍?zhí)嵝颜f(shuō)，隨著越來(lái)越多的日用設(shè)備連接到互聯(lián)網(wǎng)——從烤箱到家庭照明系統(tǒng)——加密劫持的風(fēng)險(xiǎn)越來(lái)越大，而且這些設(shè)備常常是最不安全的。

有專家表示，人工智能等新技術(shù)可能有助于對(duì)可疑軟件更快做出反應(yīng)。

教育技術(shù)公司Texthelp首席技術(shù)官馬丁·麥凱說(shuō)，那正是他們公司感染加密劫持病毒時(shí)使用的方法，“不到四個(gè)小時(shí)，所有客戶的風(fēng)險(xiǎn)都降低了?！?/p>

但安全研究員穆?tīng)柺┱f(shuō)，這些預(yù)防措施還不夠。

“這些或許能減少影響，”他說(shuō)，“但我認(rèn)為阻止不了?！薄?/p>

（譯者為“《英語(yǔ)世界》杯”翻譯大賽獲獎(jiǎng)?wù)撸?/p>