CBS’s Showtime and The Pirate Bay get Caught Mining Cryptocurrency… on their Consumers’ Computers

Online advertising has become a really tricky game to get into.  Monetizing a popular website that generates a lot of online traffic used to be much, much easier than it is now.  The simple answer used to be advertising, but nowadays you would need to generate OVER A MILLION pageviews in a month just to generate $5,000.  Without those users having an Adblocker installed on their browser.

$5,000 a month is nothing to scoff at, but generating that much traffic is a very, very tall task.  So online streaming websites like CBS’s Showtime and the infamous Pirate Bay are doing something else in an attempt to monetize their considerable traffic: mining cryptocurrency on their viewers’ computers.

They’re Mining Cryptocurrency… What Does That Even Mean

We’ve written about cryptocurrencies before, but to keep it simple: mining cryptocurrencies like Bitcoin and Ethereum takes considerable amounts of processing power and electricity which is what makes it so hard to “mine” and it gets harder as time goes on.  That’s why people often say it’s a better to just invest into a cryptocurrency rather than mine it yourself if you’re late to the game.

So, these two websites were caught using their viewers’ computers to mine the cryptocurrencies for them, putting the burden onto customer’s (and pirates) computers to avoid racking up their own significant electricity costs and using their own processers.

How They Can Do It

If you don’t have an adblocker, it’s pretty simple for them to be able to run a script from your browser that would just mine cryptocurrency in the background.  However, using the viewer’s processing power in the background is also a really easy way to hurt the quality of your product.  The stream isn’t going to buffer and load as quickly, and the quality is very likely to suffer because of that – not to mention that it could overheat computers if they’re not too careful.

It’s easy to see why they would want to find an alternative to advertisements to turn their considerable online traffic into money, but it’s pretty shady to be using the consumers that are ALSO being shown endless advertisements like that.

I’m Not Mad, I’m Just Disappointed

The Pirate Bay doing something like this isn’t that surprising, because they are an illegal streaming site.  People aren’t likely to complain to the authorities about something like this because you really shouldn’t be using their service anyway.  They also owned up to it already, and getting ahead of the bad publicity is pretty ironic given who they are.

It is very concerning that Showtime is the other big-name website that just got caught doing it, because not only do customers PAY for Showtime, they are also given small advertisements while on the site.  They’re not double-dipping, they’re TRIPLE-dipping.

That’s like Hulu on steroids (disclaimer – I don’t mind that Hulu charges customers and still gives advertisements because for just $4 more a month you are able to avoid those ads altogether, but that’s beside the point).

It’s… an Interesting Development

At the end of the day, this is an intriguing situation to watch unfold.  Pirate Bay said it was a test, basically saying that mining on consumers’ computers could potentially be used as an alternative to advertising altogether – which has been met with mixed reviews. It’s actually a pretty good idea.

If I had a transparent choice between ads and dedicating some of my processing power to them (for a very limited time) I might consider the latter. The biggest question now though, is just how many of these websites are doing this?  Doing something like this is debatable even when completely transparent, but the fact that such large websites didn’t let their customers know (okay, so maybe I’m just talking about Showtime here) is very concerning.

The Basics: What is Phishing?

Phishing is just the term for people trying to lure others to give up their secure information through emails.   People hopefully aren’t falling for the Nigerian Prince bit anymore, but it’s a good representation of the basic idea.

Nowadays, people don’t typically ask for you to directly send them money – instead they try to get sensitive information (often CC info, or your login information for your bank/PayPal) or they might just want you to click their link to download malware onto your computer.  In general, it’s all bad and you could lose valuable information and money.  Or your time and patience while you try to get it back.

An Example of Phishing

I’ve attached an email below that we got that isn’t quite as obvious.  It has many errors in it, but they aren’t too noticeable, and on first glance it seems like it might be a legitimate email from PayPal.  I have to respond/handle legitimate emails like this pretty regularly, so it’s not hard to believe that someone could get tricked.  Catch someone before their first cup of coffee and they might just fall for it completely!  Here is the unedited email in question:

As you can see, this email is impersonating PayPal, saying you need to click the link to verify your account because some illegal activity has been going on in your account.  At first glance, this looks fine, like something PayPal might send out.  However, there are several mistakes/signs that this email isn’t correct.

The Errors

There are actually many small errors throughout the email that should tip you off that something is wrong, on top of the fact that the URL the link will take you isn’t PayPal.  Let’s go through them.

  • The logo is wrong.
    • PayPal uses mainly two versions of their logo, one of which looks a lot like this, but it is slightly different. I didn’t notice this at first, so if you didn’t, don’t feel bad.
  • Broken English
    • “…from different country followed by some illegals buys . we think that you’re not who do that, so we have suspended your account.”
      • When you look closely, it becomes pretty obvious that this is written in broken English. Notice that the last bit “so we have suspended your account” is perfect though, so if you just skimmed the email you could totally miss that.
  • “We will give you 1 Day to update your informations or we will suspend your account forever.”
    • More broken English. But suspend my account FOREVER? Okay well Paypal wouldn’t do that… that just doesn’t make sense.  But if you don’t pause to think about it, you could get spurred to action.
  • Lastly, the link doesn’t go to PayPal.
    • You can highlight the link they want you to click and see where it’s going to take you. It’s not Paypal, so wrap it up and call it a day.  The email is fake.  I don’t know if they wanted you to just click the link and it would download malware, or if they wanted you to input your Paypal information so they could get access. It doesn’t matter, don’t click the link.

Why do Phishing emails have errors?  Are they not trying hard enough?

The assumption is that for most scammers, English is not their first language so there’s a greater chance of typos and improper grammar. However, there is speculation that emails like this are typed a little poorly on purpose to get specifically the uneducated/lazy/tired individuals that are less likely to make a big fuss if they give up their information.

This is why we all laugh at the old “Nigerian Prince” scam, but it was/is moderately successful! We all think “who falls for this stuff…” but it’s because they want to get the gullible and uneducated to work with them.  They don’t want everyone to respond to the emails, because that would be a waste of time for them.  They only want people who are likely to actually fall for their tricks – thus poor grammar and spelling are very common. People who will overlook the obvious issues in the email are more likely to just give their information without questioning it.

Now I know everything about Phishing and will never get got by it!

Well, no.  Unfortunately, being cautious is pretty much the best advice we can give you on how to protect yourself, but it’s impossible for us to guarantee that that will keep you completely protected.  However, as long as you are careful, potential hackers/scammers won’t want to waste their time with you.