Greed is eternal

There are, I am told, a few people who are irked that CBS expects you to subscribe to their All Access service to see episodes of Star Trek: Discovery. However, this new stunt has all the earmarks (so to speak) of a Ferengi scheme:

The websites of US telly giant CBS’s Showtime contained JavaScript that secretly commandeered viewers’ web browsers over the weekend to mine cryptocurrency.

The flagship Showtime.com and its instant-access ShowtimeAnytime.com sibling silently pulled in code that caused browsers to blow spare processor time calculating new Monero coins — a privacy-focused alternative to the ever-popular Bitcoin. The hidden software typically consumed as much as 60 per cent of CPU capacity on computers visiting the sites.

The scripts were written by Coin Hive, a legit outfit that provides JavaScript to website owners: webmasters add the code to their pages so that they can earn slivers of cash from each visitor as an alternative to serving adverts to generate revenue. Over time, money mined by the Coin-Hive-hosted scripts adds up and is transferred from Coin Hive to the site’s administrators. One Monero coin, 1 XMR, is worth about $92 right now.

Shlubs like me aren’t privy to such things: my attempt to look at the Hive got me a Blocked message from Malwarebytes.

Did the Eyeball Network pull these shenanigans deliberately? Probably not:

[I]t’s extremely unlikely that a large corporation like CBS would smuggle such a piece of mining code onto its dot-coms — especially since it charges subscribers to watch the shows online — suggesting someone hacked the websites’ source code to insert the mining JavaScript and make a quick buck.

The JavaScript, which appeared on the sites at the start of the weekend and vanished by Monday, sits between between HTML comment tags that appear to be an insert from web analytics biz New Relic. Again, it is unlikely that an analytics company would deliberately stash coin-mining scripts onto its customers’ pages, so the code must have come from another source — or was injected by miscreants who had compromised Showtime’s systems.

But just in case, you ought to blow the dust off that book of Rules of Acquisition.

4 comments

  1. fillyjonk »

    26 September 2017 · 2:24 pm

    Yeah, maybe CBS didn’t do it intentionally, but I am betting cube-drones Michael Bolton, Peter Gibbons, and Samir Nagheenanajar figured it was a great way to maybe eventually be able to quit their jobs…

  2. McG »

    26 September 2017 · 2:46 pm

    The scripts were written by Coin Hive, a legit outfit

    I don’t think that word means what the author thinks it means.

  3. fillyjonk »

    26 September 2017 · 3:43 pm

    Apparently “shady” is the new “legit.”

  4. McG »

    26 September 2017 · 3:50 pm

    Move over, Slim Shady — it’s time for Lanky Legit!

RSS feed for comments on this post