Cryptocurrency mining continues on university campuses

Across the country, some students are still using university resources to mine cryptocurrencies like bitcoin, and administrators are continuing their efforts to stop them.

The University of Michigan has been outspoken in its notices to students about safe computing to stay away from mining cryptocurrency, calling it a violation of university policy. On that campus, people are prohibited from using university resources — including computer hardware, network services and electricity — for cryptocurrency mining outside of faculty-approved research and coursework, according to the notice, which likens the activity to theft.

Ravi Pendse, vice president for IT and chief information officer at University of Michigan, said his team finds “occasional” bitcoin mining activities on university systems, and while the instances are periodic, successful attempts can disrupt regular computing routines.

“In some cases, attackers use phishing techniques to trick victims into clicking links that load cryptocurrency mining code on their computers, or infect websites with malicious code,” said Pendse, who was appointed to his position in May. “The only sign of this that victims may notice is a slowing of their computer’s performance.”

He added in an interview that mining can siphon resources from the sprawling campus, which covers more than 3,000 acres and counts roughly 46,000 scholars among its student body.

“Cryptocurrency mining can leave openings for attackers to exploit, increases electricity and computing costs, and ends up using valuable time for IT staff who otherwise could be assisting the University of Michigan community,” he said.

According to a report from Vectra, a cybersecurity company based in California, 60 percent of cryptocurrency mining instances occurred in higher education, with sectors such as technology and healthcare trailing behind.

With easy access to free electrical power and internet access, it can be easy for tech-savvy students’ cryptocurrency mining operations to go unnoticed.

According to the report, which was released in March, “University students are exploiting free electricity on campus to do cryptomining while others become unsuspecting victims by visiting nefarious websites that take over their devices to process cryptocurrency hashes.”

Cornell University and Stanford University have also issued warnings to their students, with Stanford stressing that school resources “must not be used for personal financial gain.”

“Cryptocurrency mining is most lucrative when computing costs are minimized, which unfortunately has led to compromised systems, misused university computing equipment, and personally owned mining devices using campus power,” Michael Duff, Stanford’s chief information security officer said in a blog post.

Both Stanford and Cornell noted upticks in university systems being hacked, often through phishing schemes, to process and accrue cryptocurrency.

Pendse emphasized the need for educating the entire university community about the risks.

“Education and awareness is needed for every member of our community and we produce regular reminders, alerts, and promotional materials to continuously remind our community of the steps they can take to remain safe online,” he said.

On a daily basis, Pendse monitors not just cryptocurrency mining activity, but cyberattacks and threats in general that could upend campus systems. He said he needs to balance swift responses with openness and accessibility.

“Universities are unlike almost any other entity,” he said. “We are a school, a research organization, a healthcare provider, a sports and entertainment provider, and more. On top of that, we always must balance an environment that provides for an open and inquisitive community, while also protecting our institutional data and assets.”

He added that faculty, staff and students all share the responsibility for information security.

“We face a variety of threats, from organized hacking activities and nation-state actors, to everyday identity thieves,” he said. “It takes an entire community to keep everyone safe, working collaboratively and supporting each other.”