The rise in value of cryptocurrency appears to be tempting public employees in technology departments across the country to violate the public trust. In recent months, several news stories have come to light about the prosecution or termination of government employees who were allegedly caught cryptomining on the government's dime.
Cryptocurrency miners solve computational puzzles to verify digital coin transactions and add them to the blockchain. Anyone with access to the Internet and suitable hardware can participate in mining. The miner who first solves the puzzle gets to place the next block on the blockchain and claim rewards, which include incentives like a portion of transaction fees and a newly released coin. The act of cryptomining takes a good deal of energy and requires a server farm to run the mining function.
And the temptation to take advantage of available government resources to those in state technology departments to earn more money is obvious to some. The Check Point Software Technologies blog estimated that a cryptominer who validated a bitcoin transaction in the blockchain would earn 12.5 BTC, which at the then-current exchange rate (March 7, 2018) would be valued at $10,515.
The California Department of Technology (CDT) quickly acted when it found two software systems specialists using its technology in 2016.
According to CDT spokesman Bryce Brown, the employees’ criminal actions were discovered between October and November.
“We identified the activity using our primary network monitoring, and all the appropriate administrative action was taken including notification of law enforcement, in that case,” he said.
The CDT employs 950 people and offers technology services to all state agencies in addition to ISP services throughout the state of California for state, local government and educational agencies. Anyone with access to the California network is also monitored by the department.
“We are constantly monitoring state computer networks and tech systems to ensure that those folks that have access ... adhere to our written policies and procedures,” said Brown. “If there is suspected criminal activity, like there was in this case, we notify the appropriate law enforcement."
Security expert Avi Rembaum, vice president for security solutions with Check Point, said government is no more insulated from this activity than the private industry, where cryptomining activity has also been on the rise.
Some employees, he explained, might have the mindset that allows them to ignore the violation of public trust. The fact that they are only stealing resources and not introducing software into the system may allow them to justify what they are doing. For example, he said, an employee might think, “I didn’t do anything. I didn’t steal anything. All I did was use a piece of software, and the software used the available computation cycles of that machine.”
“What they are doing is misusing government resources and goes against the use agreement that they signed as an employee of a government agency,” he said.
While it is difficult to determine the attitudes of public employees breaking basic guidelines — and the law — many agencies do not know when their systems have been accessed for the purposes of cryptomining or whether the employees in charge of the department are in on the scheme.
Rembaum compares cryptomining to a typical malware attack.
“In this instance, the malware is not stealing credentials from the machine or watching keystrokes,” he said. “Instead, the software takes advantage of the resource capacity of the server.”
