While the cost of energy is the number one criticism against miners of cryptocurrencies today, Another problem has arisen in cloud computing platforms in recent months, since some groups of miners are abusing free levels of cloud service platforms to mine cryptocurrencies.
Previously cited in attacking and hijacking unpatched servers, various Continuous Integration (CI) services are now complaining about these gangs, which register free accounts on their platform before moving to new free accounts up to the limit of trial periods.
Although cryptocurrencies exist only in the digital world, a gigantic physical operation called "mining" takes place behind the scenes.
Gangs operate by registering accounts on certain platforms, Signing up for a free tier and running a cryptocurrency mining application on the provider's free tier infrastructure. Once trial periods or free credits have reached their limit, groups register a new account and start step one again, keeping the provider's servers at their upper usage limit and slowing down normal operations.
The list of services that have been abused in this way includes services like GitHub, GitLab, Microsoft Azure, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut and Okteto. Over the past few months, developers have shared their own stories of similar abuse that they have seen on other platforms, and some of these companies have come forward to share similar experiences of abuse.
Most this misuse occurs in companies that provide continuous integration services (CI). Continuous integration is the practice of automating the integration of code changes from multiple contributors into a single software project. This is a leading DevOps practice, allowing developers to frequently merge code changes into a central repository where builds and tests are then run.
Automated tools are used to verify the accuracy of the new code before its integration. A source code version control system is critical to the CI process. The version control system is also complemented by other checks, such as automated code quality tests, syntax style checking tools, and more.
In practice, cloud-hosted CI is achieved by creating a new virtual machine that performs the build, package, and test process, then transmits the result to a project manager.
Cryptocurrency mining gangs realized that they could abuse this process to add their own code and have this CI virtual machine perform cryptocurrency mining operations to generate small profits for the attacker before the attack. The limited lifespan of the VM expires and the VM is shut down by the cloud provider.
This is how cryptocurrency mining gangs abused the GitHub Actions feature, which offers a virtual infrastructure feature to GitHub users, to mine the site and mine crypto with GitHub's own servers.
GitHub and GitLab aren't the only CI providers who have faced this abuse. Microsoft Azure, LayerCI, Sourcehut, CodeShip, and many other platforms have struggled with this activity, according to the report.
A company like GitLab, due to its larger size, can still afford to keep its offering of free CIs for its users by finding other ways to prevent misuse by crypto miners. But other small IC providers can't. Last Tuesday, in their decisions to protect their paying customers who saw service degradation, Sourcehut and TravisCI said they plan to stop offering their free IQ levels due to ongoing abuse.
But while revoking free tier offers for service providers may be one way to limit the abuse they see, it is not the optimal solution for lone developers using these offers for their open source projects. An alternative solution, as proposed by Berrelleza, would be to deploy automated systems that detect and respond to these abuses.. However, creating such systems requires resources that some companies cannot allocate, nor does it guarantee that these systems work as expected.