While we have all been locked down Cybercriminals have been hard at work developing and perfecting tools that will leach your CPU resources, bandwidth, and electricity. Google Chrome users won’t be bothered by these soon when they release a new feature that neuters these abusive crypto-jacking ads that covertly leach your CPU resources, bandwidth, and electricity. I will tell you all about it and more.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine Generated Transcript:
Craig Peterson: Hey, welcome back everybody. Craig, Peterson here. We’ve had a busy hour this afternoon as we’ve been running through some of the top stories of this last week we talked about website attacks, how they’ve become more persistent, more prevalent, and even quieter than they were before. What you should be doing as a business owner.
[00:00:26] If you have a website, and by the way, the answer is patch, patch, patch, and use a really good credit card processing service. I tend to like Stripe. They are certainly the best out there. PayPal is pretty good. Square’s pretty good. We also talked about the identity-related breaches. They are certainly hitting us as consumers, but it turns out companies are having problems with this as well.
[00:00:54] And of course we were just talking about the coming disruption to college. What I think is going to happen and what the experts are saying as well. So hopefully you were able to follow along, if not. Visit me online, Craig peterson.com if you look at this, excuse me, this morning’s newsletter. You’ll see links to all of these segments for today, including the ones that are coming up.
[00:01:21] We’re going to be talking about your Chrome browser right now. Some challenges with VPNs. It’s time to relaunch a remote team. What should you be doing? We’ve got some phishing templates. What are the bad guys doing? What are phishing templates? Britain’s hard-lesson about blind trust when it comes to “science.” Okay, so Chrome’s going to soon block these resource-draining ads. Now, if you’ve attended some of my training courses, you know, I’ve talked many times about how to block some of these ads now. The people who run the websites that are based on ad revenue or, Hey, I get it right, these, these poor people, they need the ad revenue.
[00:02:10] On the other side, there are so many ads and so many of them are heavy graphics and even worse, so many of them are videos that it’s substantially slowing down our web browsing experience. And I showed in one of my pieces of training here that something as simple as Ublock origin installed on your browser can double, triple, quadruple the speed of a page load.
[00:02:37] Now, that’s particularly important if you’re on a DSL line or maybe you’re on a phone on LTE or four or five G or whatever it is you’re using, it makes a big difference. It’s a noticeable difference. I mean like noticeable. Your page-load goes to about a second down from about 10 to 20 seconds for all of the elements to load.
[00:03:00] So many of us are turning it off because frankly, they’ve gone overboard. With the ads. Maybe they should be charging more for the ads and have fewer of them, I don’t know. But there are too many ads. They are too intrusive and they are just chewing up way too much of our bandwidth and that gets to be a huge, huge problem.
[00:03:23] Now, Google had some ad blockers available through the Google store, the Google Chrome store. They were never really happy about that cause that’s how Google makes its money, is selling your information. So having ads up that they are serving from their webs on different websites makes them money.
[00:03:45] So if you go to a website. And you see an ad, that ad can be coming from a whole bunch of different networks. And frankly, Google could be behind one or more of those networks as well. So, you know, you’ve got to understand that that’s where they’re coming from. Right? So for a while, Google completely blocked.
[00:04:10] All of these ad blockers. Now they’ve decided they’re going to do something a little bit different, and instead of blocking all of the ads that are out there, all of these ads that are on a webpage, Google says, okay, here’s what we’re going to do. There is a problem, although it’s not like a huge problem, there is a problem with some ads using far too much CPU and memory and in fact what the referring to are these Bitcoin or other cryptocurrency miners.
[00:04:48] So here’s how this works. In the Bitcoin and cryptocurrency world, you have people who are mining. They’re using these huge prime numbers in order to solve a mathematical formula, and when they can solve that mathematical formula, it results in this big number. And that big number cannot be reproduced by other people.
[00:05:12] Theoretically. it can’t be hacked. They can’t figure out what it is, particularly once you found it and you put it into your wallet, so now you have in your wallet, you can spend it, you can spend fractions of it, et cetera, et cetera. So that takes a lot of CPU. In fact. I’ve heard numbers that the value of a Bitcoin is actually lower.
[00:05:40] And then what it costs you and electricity and the computing power to mine that Bitcoin, and there’ve been companies who have been in business specifically just to mine Bitcoin. There are companies that make devices specifically to mine, Bitcoin, and other cryptocurrencies. And it’s gotten to the point now where even those companies, as efficient as they are using specialized hardware.
[00:06:08] Have found that they just can’t do it. They can’t mind effectively and make money. So what are the bad guys doing while the bad guys are sneaking stuff into ads? So they’ll buy an ad on one of these advertisement networks, and once you’ve got an ad on one of those advertising networks and the ad plays on that person’s computer.
[00:06:33] They are actually delivering some, I guess you could call it malware, right? But they’re delivering some software’s part of this ad that now uses your electricity, your computing power, all of your competing resources to mind for the cryptocurrency. Because if they can use your browser. To mine for cryptocurrency.
[00:06:59] That’s free, right? That doesn’t cost them anything. Now we’re just going to cost you a lot. It’s going to obviously slow down your computer. In the case of these Android phones out there, there have been cases of them not only getting hot because they’re so busy trying to mine the cryptocurrencies for the bad guys, but they actually have caught fire as well, so this is a difficult thing.
[00:07:26]for you as a user, cause you, how do you know this? You can’t really block it. And to conceal the scam, the bad guys are obfuscating this code. They’re making it look like legitimate code is legitimate ad everything’s just fine. And the only thing you notice is all of a sudden all of the fans on your computer has gone to full bore.
[00:07:48] Right? Or if you’re on a laptop or a smartphone. Your batteries are shot, they just burn right through them. And also, if you’re really paying attention, you’re going to see that your network resources also get overloaded. So in a post published on Thursday. this last week of the Chrome project manager’s name is Marshall Vale said that while the percentage of these abusive ads is extremely low, somewhere around a half a percent, they account.
[00:08:22] For 28% of CPU usage in 27% of network data. I’m looking at a graph that’s published here over on ARS Technica looking at all of these numbers and he says, we’ve recently discovered that a fraction of a percent of ads, consumer disproportionate share device resources such as battery network data without the user.
[00:08:47] Knowing about it. So to kind of put an end to this, you can do a few things. You can do what I’ve suggested in my, in some of the webinars I’ve done, the free webinars, I’m going to try and start doing some Facebook lives as well, or we talk about this, but Chrome is limiting the resources a display ad can consume before user interacts with it.
[00:09:13] So the idea is you’ve got an ad frame, and if it starts all-of-sudden chewing up a lot of resources, Google Chrome is going to show a thing that says the ad was removed. Because it’s using a lot of resources and you haven’t even clicked on it yet, so then I think that’s going to be a very good thing.
[00:09:36] They’ve tried to figure out what’s the right threshold here for disabling an ad because again, some of them are downloading video, some of them are, are actually drawing. Things on your screen. A little thing of animation, like a Disney film, they’re drawing this on your screen that requires a lot of CPU and they’re drawing it specifically for you based on what they know about you.
[00:09:59] Maybe they put your name into it or some product that you really like, but Google is saying that ads that use more CPU resources or network data, then the average of other ads. In fact, it’s not just the average. It’s ads that use more than 99.9% more than other ads. It’s going to get shut off. So that means more than four megabytes of network data or 15 seconds of CPU usage.
[00:10:30] So we’ll see what happens here. Chrome developers are going to have to kind of play with the limits over the next few months. If you’re developing ads that are going to be showing up on Chrome, you got to kind of be careful of this. They’re doing kind of a slow delayed rollout so that ad creators and tool providers that are, that are really trying to be good guys here aren’t nailed.
[00:10:53] Now I’ve got this ad. I’ve got this article up on my website and you can find it there. You can find it on ARS Technica. There’s an article by Dan Gooden over there, but also in Craig peterson.com, there’s a flag that you can turn on if you want to start doing this immediately. So the flag is called enable dash heavy dash intervention. If you have a recent version of Chrome, it’s going to work. Now, Firefox last year. Added a mechanism for blocking crypto-jacking, and it’s doing it based on the known crypto-jacking domain. So it’s pretty useful, but this is kind of a whack-a-mole approach.
[00:11:43] They’ve got to know about it in order to shut it down. That’s one of the reasons, by the way, I love the way Cisco does it. Security, like those systems I mentioned earlier, to help restaurants to expand. Into the parking lot and keep their patrons safe online. They gather information over a billion points a day in order to track what’s going on.
[00:12:07] But anyhow, so that’s what’s going on with Chrome. Stick around at the top of the hour a week, come back. We’re going to talk about four challenges. With the existing VPNs, what you need to know, what you should do. This could be a problem for a lot of people out there, frankly, but we’ll get into that when we get back.
[00:12:25] Also, in the next hour, we’ll be talking about launching a remote team, some themed phishing templates, how the bad guys are doing it in this day and age, and Britain’s hard lesson about trust in the so-called scientific approach. You’re listening to Craig Peterson. stick around cause we’ll be right back.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: