In-Store WiFi Provider Used Starbucks Website To Generate Monero Coins (hackread.com)

← Back to Stories (view on slashdot.org)

In-Store WiFi Provider Used Starbucks Website To Generate Monero Coins (hackread.com)

Posted by BeauHD on Monday December 11, 2017 @11:20AM from the not-so-free-after-all dept.

hjf writes: On December 2nd, Twitter user Noah Dinkin tweeted a screenshot that showed that Starbucks' in-store "free WiFi" is using their captive portal to briefly mine the Monero cryptocurrency during the 10-second delay splash screen. Starbucks has not yet responded to the tweet, and neither has their wifi provider, Fibertel Argentina. While Dinkin mentioned that the culprit behind the scheme could be Starbucks' in-store wifi provider, it's possible that a cybercriminal could have hacked their website to place CoinHive code secretly. HackRead notes that "just a few days ago researchers identified more than 5,000 sites that were hijacked to insert CoinHive code, yet Starbucks' direct involvement is still unclear." CoinHive is a company that produces a JavaScript miner for the Monero Blockchain that you can embed in your website. Any coins mined by the browser are sent to the owner of the website.

30 comments

Min score:

Reason:

Sort:

We need regulation by gurps_npc · 2017-12-11 11:23 · Score: 2

I have no problem with people doing this, as long a:
1) They tell the owner of the PC what is going on.
2) They do not double dip (i.e. also showing advertising and tracking the customers).
It should be an either/or situation, they either earn money by selling your attention OR they earn money by selling your computer cycles. Not both, and only with notification.

--
excitingthingstodo.blogspot.com
1. Re:We need regulation by Anonymous Coward · 2017-12-11 11:36 · Score: 0
  
  Well, you're happy to be hijacked then. Dumb.
2. Re:We need regulation by omnichad · 2017-12-11 11:36 · Score: 1
  
  This is just plain Malware. If you want to add an exception to the signature, go for it. If you really intend to mine coins, you're going to use native code or even dedicated GPU/ASIC hardware.
  There is no web site worth 100% of your CPU cycles.
3. Re:We need regulation by Anonymous Coward · 2017-12-11 11:59 · Score: 0
  
  There is no web site worth 100% of your CPU cycles.
  Then how am I supposed to load slashdot you insensitive clod?
4. Re:We need regulation by omnichad · 2017-12-11 12:01 · Score: 1
  
  I have 24 tabs open right now, two of which are Slashdot. My browser CPU usage is 0.6%. I don't know where you dug up your Pentium 90, but put it back in the ground.
5. Re:We need regulation by Ichijo · 2017-12-11 12:04 · Score: 2
  
  It should be an either/or situation, they either earn money by selling your attention OR they earn money by selling your computer cycles. Not both...
  
  Or they earn money from your drink. Ads, computer cycles, or drink--pick one.
  
  --
  Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
6. Re:We need regulation by hjf · 2017-12-11 12:34 · Score: 1
  
  That's why Starbucks is a global corporation and you're here on /.
7. Re:We need regulation by rtb61 · 2017-12-11 13:00 · Score: 1
  
  Doesn't matter a crap whether you mind or not, enough dicks are out there, to pretty much guarantee it will end up being banned, including the fake currency. Some dicks always go to far and spoil the game for everyone and you know it is happening.
  PS most people use their computer for more than one task at a time, one process crippling the entire computer, nobody want's it. I have no problem with fake coin miners using other people's computer facing a real custodial sentence.
  
  --
  Chaos - everything, everywhere, everywhen
8. Re:We need regulation by Anonymous Coward · 2017-12-11 16:52 · Score: 0
  
  Computer cycles are not free. Power is not free. This is theft, plain and simple.
9. Re:We need regulation by Anonymous Coward · 2017-12-12 04:47 · Score: 0
  
  Slashdot occasionally javascript bombs my browser. CNN a lot more. I think it's just some silly bug (perhaps a busy wait for something normally instantaneous but might fail) rather than something designed to use a lot of CPU.
Outsourcing At Its Finest by Anonymous Coward · 2017-12-11 11:31 · Score: 0

Use an Argentina WiFi manager and screw the customers.
1. Re:Outsourcing At Its Finest by hjf · 2017-12-11 12:33 · Score: 1
  
  The wifi provider, Fibertel, is one of the country's largest ISPs and the largest cable operator. It's the argentinian equivalent of Comcast.
2. Re:Outsourcing At Its Finest by TimSSG · 2017-12-11 15:08 · Score: 1
  
  Wow, that is really bad. Tim S.
  
  The wifi provider, Fibertel, is one of the country's largest ISPs and the largest cable operator. It's the argentinian equivalent of Comcast.
Time to get coffe some other place... by Anonymous Coward · 2017-12-11 11:54 · Score: 0

Saxby's for me!
"Has not respnded..." by Anonymous Coward · 2017-12-11 12:02 · Score: 0

How come corporations never respond???
1. Re: "Has not respnded..." by Anonymous Coward · 2017-12-11 18:54 · Score: 0
  
  they arent accountable? what cave have you been living in for 300 years?
2. Re:"Has not respnded..." by iamgnat · 2017-12-12 04:27 · Score: 1
  How come corporations never respond???
  Among other things, because they aren't really given the opportunity. Generally it's something like:
  
  "Journalist": [bangs out story]
  "Journalist": [calls related parties for comment]
  "Journalist": [leaves message for those that don't answer directly]
  "Journalist": [goes ahead and releases article without allowing messages to be returned]
  Even for those where they get a real person, in something the size of Starbucks the answer will invariably be "we'll look into it and get back to you" or "let us find out who you need to talk to". There is still no delay in the publishing though.
  That certainly isn't always true, but it's also not always "[insert big company] is evil and hiding things" either.
3. Re:"Has not respnded..." by omnichad · 2017-12-12 07:35 · Score: 1
  
  "Journalist": [goes ahead and releases article without allowing messages to be returned]
  You left out where they call it "[insert big company] refused to comment" - almost universally used with that exact phrasing.
Trouble keeping up with new cryptocurrencies by Anonymous Coward · 2017-12-11 12:30 · Score: 0

In the future, will everyone have their own cryptocurrency, and trade based on how much of a piece of you people want to own?
1. Re:Trouble keeping up with new cryptocurrencies by DontBeAMoran · 2017-12-11 12:43 · Score: 1
  
  Dude come on it's not that bad. I mean, there's only 927 crypto-currencies listed on coingecko.com so... oh, yeah ok I see what you mean.
  About 900 of those are me-too crap though, you can safely ignore them. Unless they replace Bitcoin one day, in which can you shouldn't ignore them.
  
  --
  #DeleteFacebook
Better than PreRoll Video Ads by Anonymous Coward · 2017-12-11 13:24 · Score: 0

They could charge us 30 seconds of Monero Mining coins (whatever that is) and credit it back if we leave the browser window open for 30 seconds while we do whatever.
I'd rather have that than be forced to watch stupid ads with no volume control. Maybe the newspapers should start doing this.
1. Re:Better than PreRoll Video Ads by AvitarX · 2017-12-11 16:32 · Score: 1
  
  Except that'd be worth not even close to a 30 second video.
  Not even close to a single small text ad.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Simple to avoid by Anonymous Coward · 2017-12-11 13:32 · Score: 0

Use No Coin browser add-on. In addition to using No Coin, I also block all cryptocurrency shenanigans via a self-updating script. Ditto Javascript and so much more.
1. Re:Simple to avoid by Anonymous Coward · 2017-12-12 04:44 · Score: 0
  
  what about using a Hosts file?
2. Re:Simple to avoid by omnichad · 2017-12-12 07:37 · Score: 1
  
  You can host JavaScript anywhere - even on the same domain as the content.
Block ... by CaptainDork · 2017-12-11 13:34 · Score: 1

... coinhive.

--
It little behooves the best of us to comment on the rest of us.
1. Re:Block ... by Anonymous Coward · 2017-12-12 04:51 · Score: 0
  
  Block coinhive.
  Add "0.0.0.0 coin-hive.com" or "127.0.0.1 coin-hive.com" to your /etc/hosts depending on your blackhole and behavioral preference.
  Or filter out "https://coin-hive.com/lib/coinhive.min.js" using your Ad-Blocker.
  Or use your javascript blocker to block scripts from "coin-hive.com".
  Or any combination of the three.
bots... by Anonymous Coward · 2017-12-11 15:04 · Score: 0

I wonder if google and bing's bots would run coinhive if i added to a page on some of my domains? I would mark it as exactly what it is www.blah.tld/coinhive and let all the bots work it. No normal user would find themselves there and it can display a "Do not stay on this page!" warning if someone did.
Slashdot not disclosing cryptocurrency affiliation by Anonymous Coward · 2017-12-11 16:33 · Score: 0

Every ad I've seen on /. today (I disabled my adblocker for shits and giggles) has been for bitcoin.
Slashdot is constantly pushing bitcoin stories that do not appear in the firehose at all.
Slashdot is not disclosing the compensation they are getting for the advertising of this product.
Isn't this technically breaking the law?
Just block it. by thedarb · 2017-12-12 07:30 · Score: 1

Use a good add or javascript blocker that blocks coin hive. Done.

--
This sig intentionally left blank.