Skip to content
Naked Security Naked Security

Have federal nuclear supercomputer? GO CRYPTOMINING!

News of arrests at a Russian nuclear physics lab for "unauthorised cryptomining" reminded us of SETI@work in the 1990s...

Here’s some fun for the weekend – with a serious side.
What would you do with a really powerful computer?
Wait…
…don’t answer that question just yet – we’re going to do some time-travelling first.

What would you do with a really powerful computer if it were 1998?
We were about to say, “Try to get a copy of every song on Napster for bragging rights about the size of your digital jukebox,” but Napster only came out in 1999.
We also nearly said, “Learn how to download the internet over the university’s network,” but Google had that more or less wrapped up by then.
Or maybe you were community-spirited, and decided to lend out your home computer’s processing power while you were asleep or at work, by contributing to projects such as distributed.net or SETI@home.
Distributed.net is a project to carry out brute-force cryptographic cracking and see how well it goes, to act as a yardstick to keep track of how many bits of encryption we’re likely to need in real-life.
SETI@home is the Search for Extraterrestrial Intelligence, churning through masses of background data from radio telescopes, just in case aliens (or their conquering AI overlords) had already called us but we’d been too self-obsessed to notice their call at all, let alone to answer it.
As you can imagine, back in the 1990s, lots of work PCs were used at night for these at-home projects – at least, the users were at home, but the computers weren’t.
These “donations of computing resources” frequently (OK, almost always) happened without the permission, or even knowledge of, the company that actually owned the computers and paid the electricity bills.
(Both the abovementioned projects are still going strong, by the way. So far, the answers are, “72 bits” and, “Apparently not.”)

What would you do with a really powerful computer if it were 2008?
We reckon the obvious answer would be, “Build the world’s biggest online Dungeons and Dragons multiverse.”
Or, perhaps, “Run enormously dramatic climate simulations that start with a butterfly flapping its wings in Africa” – 2008 was, after all, still firmly in the afterglow of Al Gore’s kerosene-burning global journey to promote environmental change.


OK, now we’re back in 2018.

What would you do with a really powerful computer today?
Let’s be more specific: what would you do if you were a sysadmin with access to 1,000,­000,000,­000,000 floating point operations per second, or 1 petaFLOP for short?
FLOPs are a measure of power used mainly when ranking supercomputers.
Very loosely put, “floating point operations per second” refers to “the amount of actual number-crunching you can do in any given time”, not merely how many low-level computer instructions you can execute.
A 3GHz Intel CPU, at its peak, can do tens of billion instructions per second (most modern CPUs have multiple processing cores), but a calculation such as “divide the US national debt in cents by the number of angels that can dance on the head of the Seattle Space Needle” might need dozens of clock cycles, or even more.
If you’ll allow us to carry out some rather hand-waving comparisons, we’ll take a quick look at the combined power of the Folding@home project, a contemporary distributed computing project much like SETI@home, but focused on disease research rather than on possible messages from outer space.
Folding@home has about 50 petaFLOPS at its disposal from around 100,000 participating computers, typically with well-above-average processing power, for an average of 2000 computers per petaFLOP.
So a 1 petaFLOP computer all of your own would be something like having a botnet of 2000 top-end gaming rigs dedicated entirely to your computational commands.

Where to get a 1 petaFLOP computer?

But where would you get a 1 petaFLOP computer?
Well, let’s say you knew the sysadmins who ran a supercomputer for a bunch of nuclear scientists…
…what would you do with all those spare processor cycles?
Better yet, what if you were those sysadmins, and you thought no one would mind all the unaccounted-for megawatt-hours on the next electricity bill? (Or at least hoped they wouldn’t notice?)
According to Russian news agency Interfax, the moonlighting activity of choice for a bunch of rogue workers at the All-Russian Research Institute of Experimental Physics, was cryptomining.
Who would have thought?
If Google’s machine translation is to be trusted, the Institute’s director Tatyana Zalesskaya officially stated:

There was an attempt to make unauthorised use of office computing capacity for personal purposes, including for so-called cryptomining.

We don’t know what cryptocurrency or currencies were involved – but if we were given to gambling, we’d guess at Bitcoin, Monero or both.
Zalesskaya is also reported as saying that “similar attempts have recently been noted in a number of big companies with large computing capacities.”
We don’t know whether that makes it sound better (because it’s not just physicists struggling to control computer usage) or worse (because it’s already a widespread problem).

Mostly harmless?

It’s like 1998 all over again, where work computers are being “donated”, without permission, to carry out “home hobbies”.
It sounds mostly harmless at first – cryptomining doesn’t need to read your personal data, or even to access to your filing system at all, so what’s the downside?
To be fair, there isn’t much of a downside, as long as you ignore:

  • The unbudgeted operating expenses from powering computers to work for someone else.
  • The opportunity costs because legitimate works gets slowed down.
  • The security risks from who-knows-what untrusted programs and network connections.
  • The reputational and regulatory costs of reporting, investigating and explaining the intrusion.

Anyway, now we know what supercomputers get up to when there are no new subatomic particles to be discovered, MMORPG multiverses to be explored, or interstellar aliens to get in touch with.
CRYPTOCOINS!
You couldn’t make this stuff up… and, sadly, you don’t need to.

8 Comments

As a young computer tech back when SETI came out, my boss, a Star Trek fan, asked me to set up SETI on our Windows 95 computers. After about a month I began uninstalling it because of the noticeable slowness of the machines. He continued to run it on his computer but as far as I could tell, his administrative assistant ran the place, and he was on the phone most of the day.

Nothing new about this. I served in the US Army in 1971-2. We had a Univac 1108 for nuclear simulations. I was working on a Master’s at the time and the university computer was overloaded with terrible turnaround times. So (with permission) I used the 1108 to do the research for my Master’s thesis when it wasn’t being used for nuclear simulations.

Spacewar?
(The “with permission” makes a big difference. Also, electricity was cheaper back then :-)

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?