Voir en

français

Computer Security: The problem with crypto-mining

Following on from Java, app programming, Raspberry Pi, cloud computing and machine learning, the latest trend for computer engineering students is blockchains. One particular application of blockchains is “crypto-currencies”, i.e. virtual money. The past year has seen the birth of a plethora of crypto-currencies. Bitcoin is the best known, but there are also Ethereum, Litecoin, Dogecoin and many more (see Wikipedia for an even longer list). Even some famous football players are considering creating their own currencies. All these currencies have one thing in common; in order to obtain coins, there are just two legal methods: you buy them or you “mine” them. The latter is based on a complex mathematical calculation, which eventually results in more coins being added to the total pool and to your digital purse. So here is the problem: what about crypto-mining at CERN?

In order to answer that question, one has to distinguish between crypto mining for professional or private purposes, and whether you’re using a CERN-owned computer or a private computer. CERN’s Operational Circular No. 5 (OC5) on the “Use of CERN Computing Facilities” stipulates that the private or personal use of those facilities is tolerated or allowed as long as “it does not constitute […] profit-making activity” (OC5 “Rules for personal usage” 3c). However, the fundamental nature of crypto-mining is exactly this: making money. Hence, OC5 and its “Rules for personal usage” do NOT allow any kind of crypto-currency mining. Any violation could have serious consequences (see our Bulletin article on "Computing power for professionals… only!").

When using CERN resources (computers, laptops, servers or virtual machines), mining for professional purposes lacks any reasonable professional justification. While the potential additional demand for electricity is debatable, crypto-mining blocks CERN resources from performing their professional tasks as it takes away CPU cycles, storage memory and network bandwidth. Given that, for Run 3 of the LHC, CERN’s computing needs will grow exponentially, our computing resources should be invested wisely and not wasted. Hence, as the “CERN computing facilities are intended for the attainment of the Organization's aims” (OC5 II 6.), crypto-currency mining on CERN owned hardware is completely forbidden. Exemptions are possible under the authorisation of CERN’s Computer Security Officer, e.g. for stress testing computing hardware or computing power benchmarking. However, experts would need to justify why globally-recognised tools like those provided by the HEPix benchmarking working group are not suitable. And in any event, any money generated in this way belongs to CERN and should be transferred to the appropriate CERN budget code.

_______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.