On June 6th, Forbes reporter Kashmir Hill wrote about an NSF researcher who misused NSF-funded supercomputing resources to mine Bitcoin valued between $8,000 and $10,000. The article points to a student at London Imperial College and a researcher at Harvard University who are also alleged to have used their University’s computers to mine a similar virtual currency called Dogecoin.
As a CISO, your first reaction might be that inappropriate uses of your organization’s resources should be stopped, but this is probably not your highest priority. Someone using your computer(s) and network to mine virtual currency is a bit like someone charging his or her electric car from a power outlet on your home. Yes, they are using your electricity without permission or reimbursing you. However, they aren’t stealing something of high value and threatening your life or livelihood. Still, this is something we probably want to know about and stop if we can.