Who’s using your computing power?

A story about PC-based malware, hijacking your computer to mine crypto-currencies for other people, gave me pause for thought today.

Back in the late 90’s I was working with a company on Unix equipment, and I was surprised to find processes running that I hadn’t expected. A little digging and this turned out to be clients for the popular distributed computing experiment SETI@home. This was (is) an attempt to use the power of thousands of home computers to process vast amounts of information from radio telescopes, in the hope of finding candidate signals from intelligent life on other planets.

When I asked the infrastructure manager about this, he said he’d installed it to run when the computing power was idle, so it would generally run overnight and he thought it was a good use of the company’s IT power. At the time, I considered it relatively benign – we hadn’t really learned about multiple vectors of attack from the Internet, and the connectivity was pretty basic back then.

For him, part of the attraction was to get his name up the charts of contributors of computing power to this service – seen as an altruistic effort in the public good.

Fast forward to 2017, and the world is very different. A lot of organisations still host their own server infrastructure. That is shrinking as the big players in the cloud computing world make their offers more compelling, both through the capability and price points of services such as Azure and AWS, but also in Microsoft’s case through increased licensing costs for on-premise tools.

The rewards for using computing power for distributed computing have also changed a lot. Bitcoin uses a lot of computing power to manage the highly encrypted transactions. So it uses the same distributed technology and rewards ‘miners’ for processing these exchanges.

Bitcoin miners can ‘win’ these valuable virtual tokens through the effort they put into the blockchain process – Bitcoin runs a lottery, and the chances of winning bitcoins depends on the number of virtual tickets you have gained through the mining activity.

Exploiting corporate networks and infrastructure to do this work for personal gain has become a way for nefarious individuals to line their own pockets, either from within the organisation or by breaking in from outside.

This can be a problem for you – if you have your own servers, they can be using far more power than they need to and possibly reducing the performance of your critical systems. If you are hosting at a third party, they often charge by unit of power and it’s going to cost you that way. If you’re using cloud services you can be charged for processing cycles, bandwidth, etc.

This can be a hidden cost in many businesses. And if the activity is being carried out by people in your own teams, you might never really know, short of calling in third party auditors to check the power usage and network traffic. As the value of these crypto-currencies increases, so does the temptation.

My recommendation would be to ensure that you have good third-party organisations that can check your infrastructure and keep your tin working on your problems, and not those from the outside world.

Chris Weston

Helping organisations large and small exploit business opportunities through smart technology - #30 in 2016 CIO Magazine top 100 IT Leaders - Working on a number of projects with diverse clients involving Machine Learning, Internet of Things, smart buildings. application development (including off/ nearshore) and business growth planning, from startups through to established service organisations. They say that 'culture eats strategy for breakfast' - very true, but they also say breakfast is the most important meal of the day... I am convinced that a coherent technology strategy makes a huge difference to all organisations. I'm not happy if I haven't done someone a good turn each day, if I can help you with a problem, make a useful connection or provide a second opinion please get in touch, I'd be delighted to help. I'm half of the WB-40 podcast with CIO columnist Matt Ballantine, join us at https://wb40podcast.com/ I'm available for advisory, media or speaking engagements, call me on 07977 011116. Recent speaking highlights 360° Club - Business growth through agility IT Directors Forum - Brexit and the impact on IT Strategy British Computer Society - Winning at the Internet of Things IT Directors Forum Spring - Brexit and the impact on IT Strategy The Service Desk Show - Brexit - Impacts and opportunities for IT teams Finance Directors Forum, Oct 2017 - Betting on Blockchain - stick or twist? British Computer Society - Practical Applications of Artificial Intelligence

Have Your Say: