Bitcoin miners hit back at cyber-thieves

2013-03-28 12:14:57

By Mark Ward Technology correspondent, BBC News

Cyber-thieves are attempting to cash in on the rising value of the bitcoin

virtual currency.

Bitcoins have almost tripled in value in a month. In late February one bitcoin

was worth 22 ($33) but now each one sells for about 60 ($90).

Thieves who run networks of hijacked PCs are increasingly using these machines

to create or "mine" the coins.

But bitcoin miners say thieves will struggle to keep up, as coin-generating

technology becomes more sophisticated.

Computer cash

As a virtual currency, bitcoins depend on a wide network of closely connected

computers to log who holds the coins and where they are spent.

That network also shares information about who is "mining" the coins.

Mining involves solving a hard mathematical problem and miners typically use

large numbers of computers to speed up the number crunching involved.

"Botnet mining is fundamentally theft of private property, illegal and

unethical," Jeff Garzik, a bitcoin developer told the BBC, adding that bitcoin

miners had battled botnets for years, seeing them as a "cost and a burden" they

just had to deal with.

Many cyber-thieves who control botnets, large networks of home PCs compromised

with a virus, were using them as a dedicated mining pool in a bid to generate

bitcoins for themselves, said Derek Manky, senior security strategist at

Fortinet.

The operators of one of the biggest current botnets, known as ZeroAccess, had

recently ramped up their efforts to use machines they control to mine bitcoins,

he said, adding that millions of infected PCs were unwittingly enrolled in the

criminal network.

"ZeroAccess has employed an affiliate model," he said. "They pay other people

to install malware for them."

The operators of ZeroAccess were making so much money that they were paying

high prices for each infection. Current rates ran at about $100 ( 65) for every

1,000 infections, said Mr Manky.

As well as mining bitcoins, PCs enrolled in ZeroAccess were also being used to

poison search results - to cause users to unwittingly click on booby-trapped

web pages - or fraudulently click on adverts to generate revenue.

"ZeroAccess has been extremely profitable," said Mr Manky.

The wider bitcoin community was aware of the efforts botnet owners were making

to produce their own cash, said Mr Manky.

Circuit board Bitcoin miners are turning to dedicated hardware to generate the

virtual coins

"They try to detect and remove these transactions but it's a bit of a cat and

mouse game," he said. "The operators of ZeroAccess know about that and just

change their tactics."

However, said Mr Garzik, criminal participation in bitcoin mining was likely to

get much less profitable as professional miners turned away from using desktop

PCs to generate the coins.

Increasingly, he said, professional miners were using custom-made chips, called

Asics (Application-Specific Integrated Circuits), to mine because such

processors worked faster.

"It is theorised that the current shift in bitcoin mining to 'Asic' miners -

the fastest and most advanced generation - will simply make it unprofitable for

botnet miners," said Mr Garzik.

Vitalik Buterin, technical editor at Bitcoin Magazine, said the the rise of

Asic mining meant cyber-thieves would soon be pushed out.

Currently, he said, only about one-third of all professional miners were using

Asics, but as that proportion grew, the number of bitcoins that could be

generated with a botnet would shrink.

"The fact that botnets are (somewhat) viable now is basically an aberration

resulting from the massive price increase that has not yet been matched by

increased mining activity," he said. " Once Bitcoin stabilises again the

botnets will rapidly crawl back into the shadows."