Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Cloud Bitcoin The Almighty Buck

Cryptocurrency Miners Are Now Abusing the Free Tiers of Cloud Platforms (therecord.media) 75

An anonymous reader shares a report: Over the course of the last few months, some crypto-mining gangs have switched their modus operandi from attacking and hijacking unpatched servers to abusing the free tiers of cloud computing platforms. Gangs have been operating by registering accounts on selected platforms, signing up for a free tier, and running a cryptocurrency mining app on the provider's free tier infrastructure. After trial periods or free credits reach their limits, the groups register a new account and start from the first step, keeping the provider's servers at their upper usage limit and slowing down their normal operations...

The list of services that have been abused this way includes the likes of GitHub, GitLab, Microsoft Azure, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut, and Okteto.

GitLab and Sourcehut have published blog posts detailing their efforts to curtail the problem, with Sourcehut complaining cryptocurrency miners are "deliberately circumventing our abuse detection," which "exhausts our resources and leads to long build queues for normal users."

In the article an engineer at CodeShip acknowledges "Our team has been swamped with dealing with this kind of stuff."
This discussion has been archived. No new comments can be posted.

Cryptocurrency Miners Are Now Abusing the Free Tiers of Cloud Platforms

Comments Filter:
  • by Anonymous Coward on Saturday May 22, 2021 @09:43AM (#61410144)

    Oh my. The nerve of abusers deliberately circumventing detection! What has become of the earlier generation of gentlemanly abusers, who would take no steps to avoid detection? I swear, the manners of kids these days.

  • And that's why... (Score:5, Insightful)

    by Mitreya ( 579078 ) <mitreya.gmail@com> on Saturday May 22, 2021 @09:48AM (#61410160)
    ... we can't have nice things.
  • by Yo,dog! ( 1819436 ) on Saturday May 22, 2021 @09:57AM (#61410182)
    fuck off! It's a pyramid scheme, facilitates crime and money laundering, and is a terrible use of energy.
    • It could be a legitimate system in the future but the electrical usages is definitely a problem right now. However, cryptomining is a ravenous plague without cause and can not be sated.

      • Re: (Score:3, Insightful)

        by gweihir ( 88907 )

        Not anymore. It is tainted beyond all recovery by criminals and greedy assholes.

        • Isn't that true about literally every financial system?

          • by gweihir ( 88907 )

            Isn't that true about literally every financial system?

            No. It is true for some currencies that are unstable and where the assholes in charge just print more money to fuel their corruption.

        • It's actually a honeypot but needs to start being utilized as such. When people advocate cryptocurrency it should be noted about them.

          • by gweihir ( 88907 )

            Possibly. After all, depending on variant, all transactions ever made can be traced. BTC has that as a fundamental principle, and it does not get more anti-privacy unless you require clear names for every wallet. Without professional money-launderers, BTC would be completely unusable for crime.

    • It's less of a pyramid scheme than our current monetary system is and our current monetary system had all those same issues as well. Paper currency also uses a lot of paper, ink, and rare metals to manufacture and produce. What's your real issue with crypto because they issues your purported are issues with ALL currencies, not just crypto.
  • It seems like such activity is easy see and block

  • by xack ( 5304745 ) on Saturday May 22, 2021 @10:05AM (#61410198)
    Since cheap stuff gets abused. Cheap graphics cards, cheap games consoles, cheap housing all taken by the exploiters who call themselves market optimizers. It is why cryptocurrency has the illusion of value of the first place.
    • by Anonymous Coward
      Pay to play, baby. Pay to fucking play.
      • $0.01/year would likely get rid of these people. If you can't get a credit card, mail in a penny. We'll even give you 8 cassette tapes for FREE when you sign up (additional charges may apply)!
        • by MrL0G1C ( 867445 )

          It'd probably work, it depends on how much stolen credit card people charge ... A quick search says $0.11 to $1k with most being a dollar or two. I'd guess the 0.11 cards are mostly duds.

          Lots of chargebacks could potentially be even worse than giving away some capacity for free.

      • Works for p0rn sites.

    • Right. Except in that biased list (other people are the abusers) the behavior of the consumer when presented with cheap and free items isn't covered. [ibtimes.com]

    • Re: (Score:3, Insightful)

      Since cheap stuff gets abused. Cheap graphics cards, cheap games consoles, cheap housing all taken by the exploiters who call themselves market optimizers. It is why cryptocurrency has the illusion of value of the first place.

      It's called arbitrage and has always existed and always will. Vendors are themselves trying to optimize and profit by selling things for one price in one market and another price in another. It's a bit ripe of them to complain when clever people take advantage of that.

  • If you're under a certain CPU usage for a period of time, like daily/weekly/monthly (which cryptominers won't stay under), you're "free"; but go over a certain amount, and you have to pay - either you get charged right away, with a CC on file, or else you have whatever is running throttled.

    Of course, there's the issue of a stolen CC being used to deal with, but that's not a new problem, and is likely easier to detect already (there's already an infrastructure for that).

    • by MobyDisk ( 75490 )

      You just described *precisely* how it works today.

      • by Sebby ( 238625 )

        Then they clearly missed a step - actual monitoring and charging; I can't see cryptominers being "cautious" about the CPU usage - the summary even states it negatively affects other customers, so it should be easy to spot the abusers (constant 90%+ usage, instead of occasional spikes). I'm sure the style of usage should also be easy to detect

        If they throttled the cryptominers unless there was enough payment for the CPU usage, it wouldn't become profitable for them to abuse it.

        • by MobyDisk ( 75490 )

          They are monitoring and charging. The cryptominers create new accounts when they run out of free credits and start to get billed.

  • Like this wouldn't have been happening the whole effing time?
    • My impression is that nobody bothered with this idea because the amount of processing power available per free account was so miniscule, but I suppose if they can handle these accounts en masse the equation changes...

  • What if I told you, that by merely investing the smallest amount of physical effort to take advantage of the generosity of free service providers, you could initiate mathematical calculations that have no value but to facilitate criminal activities, thereby keeping a percentage of the earnings as your reward? What if I further told you that depending upon the economies of your place of residence, those percentages could significantly compete with the wages you would have earned exerting the greatest amount

    • by kenh ( 9056 )

      What if you just simply said what mean?

      • Impoverished economies stand to gain much more by cryptomining. If they have the capabilites of even small scale mining, they stand to make more by mining than by any other opportunities available to them. Think of places where the average person live on less than $2 a day. For example, my $130 GTX 1660 makes around $1 a day.
        • by kenh ( 9056 )

          Think of the electricity grid in these developing countries - should it really be consumed by cryptomining?

          Struggling to imagine how a person subsisting on $2/day could afford the hardware and electricity costs to "generate" money.

  • ... and assumed I was behind the times. I figured - come on, that's so obvious, sombody must have thought of that, and figured out a way to detect, and prevent it.

    FFS, my employer can prevent me from running mining apps on our behemouth (totally under-utilized) servers - I've tried - why can't the geniouses at GitHub and the like do the same ?

  • How are they getting access again once banned?

    I already used up my free tier of AWS, years ago. Is it possible to get it again?

  • What services offer free tier usage with GPUs? Answer: none.

    Can someone explain how CPU mining is in any way producing profits for the exploiters?

  • Only allow certain executables and only allow scripting languages. Ban arbitrary native binaries on free tier. Problem solved.

  • Are they bangin' in the hood packing a Glock when they are not cryptoin'?

      Gangs are scary, so calling a bunch of kids taking advantage of cloud computing trials "gangs" gets people all excited and aroused, and it generates clicks as well as giving law enforcement to try out their big scary toys.

  • I should just spin up some EC2 instances with my company's AWS account and load some of these miners...

Beware of all enterprises that require new clothes, and not rather a new wearer of clothes. -- Henry David Thoreau

Working...