Home > Reading Room > Starbucks customer gets more than a coffee and free wifi

Starbucks customer gets more than a coffee and free wifi

Written by Samuel O'Toole on 15 December 2017

« Return to Reading Room

A customer of the American coffee giant in Buenos Aires went for a coffee and got much more than was expected when he connected to the free in store wifi. The customer discovered that whilst he waited for the wifi to connect malicious code had been installed on his laptop. The code wasn’t your usual Trojan Horse, in fact it was malicious code written for the purposes of covert cryptocurrency mining.

Cryptocurrency mining is the process whereby transactions on the blockchain are verified and new ‘coins’ are generated thus giving the miner a cryptocurrency reward. Many cryptocurrencies allow for the mining to be run from a laptop or computers graphics processing unit (GPU). Malicious mining code can hide in a pop-up advert and ‘mine’ perpetually – dramatically slowing down the computer.

Whilst the reward from a single laptop may be negligible, if hundreds of laptops are all running the code the rewards may soon build up.

Recently The Pirate Bay was in the news after it installed a JavaScript miner to its homepage, users only became aware when the CPU usage rose dramatically. Now it’s Starbuck’s go at the game, our bets are that Starbucks wasn’t a party to the mining activity, this is because it is common place for corporations to outsource their free wifi. The site that is presumed to be responsible for the malicious code goes as far as stating that it allows users to “Monetize Your Business With Your Users’ CPU Power”. It is presumed the malicious code was mining Monero, an open source currency that claims to focus on privacy and decentralization.  

With the rise of corporations exploiting code and individuals GPU’s questions are being asked about the legal position of undercover mining.

At first instance, it is likely that there is a liability towards individuals that may seek compensation for damage and distress caused by the unlawful activity. Regulatory sanctions may also come into play on the basis that there is a failure to comply with legal obligations to keep networks secure.

Furthermore, there will almost certainly be reputational damage done to the cooperation; the Starbuck’s case is a good example of this in that it may be required to notify its customers of the undercover mining.

Really, it all comes down to managing the risk. Much can be avoided if the corporations are alert to the risk of undercover mining and other cyber security risks.

Generally it is all about having procedures and precautions in place, and being aware. 

If you'd like to know more about this article please send an email to Michael Coyle quoting the article title and any questions you might have, alternatively call the office number on 02380 235 979 or send an enquiry through our contact form.

Want to speak
to someone?

Complete the form below and we’ll call you back free of charge.

Visual Captcha