The possibility of rogue employees and students running bitcoin mining operations on K-12 computers will decrease over the summer months.
Cryptocurrencies have seen their values slashed by two-thirds over the past four months. But that hasn’t stopped students and rogue government employees from jumping onto the bandwagon to mine for the virtual currencies, in some cases using computer equipment, electrical power and network processing power that belongs to their schools or employers.
Bitcoin mining involves solving complex computational puzzles to verify digital currency transactions. Significant amounts of energy and computer processing power are needed to run the mining function.
But as summer approaches, the threat of rogue employees’ and students’ cryptocurrency mining on K-12 computers is less likely to happen for several reasons, Alan Cunningham, information security officer for the Washoe County School District, told Government Technology.
“The summer would not be a good time to start cryptomining,” he said. “This is the time where, in IT, most K-12 entities have the time to do a computer refresh, so devices are more actively looked at over this period.”
Summer also offers students and employees less access to K-12 resources, buildings, and computers, so the opportunity to load a cryptominer on school computers, servers and data centers is lessened, Cunningham added.
The first sign that bitcoin mining might be happening would be a higher than usual electricity bill, according to Johannes Ullrich, head of the SANS Internet Storm Center.
“In addition, if a cryptocurrency miner is not careful, it will increase the CPU (central processing unit) usage of a system to a point where fans run louder and computers may even fail more often,” said Ullrich. “If the school monitors its network carefully enough, it will see outbound connections to mining pools. Many miners are now flagged as malicious by anti-virus. A well-functioning anti-virus setup should identify and block cryptocoin miners.”
Steps school IT staffs and their cybersecurity teams should consider include monitoring network traffic for mining activity, and monitoring systems for a high sustained CPU load that will help identify affected systems, said Ullrich.
“It is important to setup logging and authentication carefully to be able to hold employees accountable if they try to install a cryptocurrency miner,” he said.
Meanwhile, Cunningham also advised IT teams to take such actions as having procedures in place that prohibit the installation of software on devices by non-IT personnel, do not allow administrator rights to local machines for “standard” users, and actively block cryptomining sites.
The percentage of rogue employees mining for cryptocurrencies on employer equipment is likely higher in government agencies than the private sector, because public agencies tend to have less staff, Cunningham said. But in comparison to K-12 schools, Cunningham believes the percentage is likely lower than the other two.
“Most school equipment is not modern enough to make it worthwhile to mine on,” Cunningham explained.
Ullrich, however, believes schools attract more rogue cryptocurrency mining employees than government agencies.
Government systems usually have tighter controls around the use of their systems and will not only catch misuse faster, but misuse also tends to have more severe consequences, he explained.
In schools, misuse often goes undetected and unpunished, according to Ullrich. “For example, back in 2014, a student at Harvard was caught using a university super computer to mine Dogecoin. In this case, the student was banned from using this super computer in the future,” he said.
Around the same time as the Harvard incident, a number of cases came to light of university researchers using the computers dedicated to research to mine for cryptocurrency, according to Ullrich. “K-12 schools usually do not have the kind of processing powers available that is found at universities, but it certainly happens.”