Cryptomining at work is the new way to steal office supplies
People are stealing CPU cycles and electricity as cryptomining becomes the latest way to steal things from the office.
There was time when sneaking a ream of paper into your briefcase and maybe "accidentally" slipping a stapler into your backpack was how some people justified poor wages or crumby work conditions. But with the computing cost cryptocurrency mining uses, either through increased electricity charges or as the calculations required to mine new coins get more complex, people are looking for new ways to mine without incurring the costs.
A few years ago, when the price of bitcoin reached $20, an employee of the Australian Broadcasting Commission, was found to have installed mining software on the company's servers, so that he could make a few bucks while the servers were idling. But now that coins are worth more, there are more cases being reported.
In Louisiana, the state's Attorney General has launched an investigation into IT department staff including the recently sacked director, who are alleged to have been using state resources to mine for bitcoin.
In addition to the theft of computing power, either by installing software on servers or using PCs and smartphones provided by businesses, there's another potential issue companies need to look out for. There are a number of small, bespoke mining devices such as the Antminer and OsherPlug which could be surreptitiously installed and hidden under desks. Rather than stealing CPU cycles from corporate computers, they syphon off electricity.
In addition, these devices, depending on their configuration, could provide an entry point to threat actors who could use them as a gateway into other corporate systems.
Businesses will need to be aware that cryptomining is on the rise and it poses a risk of financial loss, through either the increased power use of computers or via portable mining devices on spare power outlets. And it potentially opens the door to malicious software and other risks. At the very least, internal policies might need to be clarified and increased monitoring needs to be in place to detect and stop any mining that might already be going on.