Enterprises are addicted to systems. Large enterprises doubly or triply so. Such commitment brings with it dangers. Curiously, in a quite different way, the humble browser may be an engine for others to reap benefits (though you might also, under some circumstances). This brief commentary will examine:
- two instances where the ‘system’ prevents business
- the case of browsers used for unauthorised cryptocurrency mining.
The sad instances of CaixaBank, Iberdrola and the ‘system’
In Madrid I have had recent experience of two instances where the ‘system’ manifestly inhibited the ability of the human to serve the customer. In the first, CaixaBank issued a ‘Cheque Bancario’ (the equivalent of a guaranteed banker’s cheque). This was for the repayment of a mortgage issued by CaixaBank. (Do not ask why CaixaBank could not transfer direct within itself- a different story not relevant here.)
The Cheque Bancario was presented at the Caixabank which possessed the mortgage registration. While CaixaBank could deposit and accept a Cheque Bancario from Banco Santander it could not accept a Cheque Bancario issued by CaixaBank and payable to CaixaBank. The ‘system’ could not process it and it took 2 hours to resolve. All the time the harrassed CaixaBank employee, courteous to a fault, was having to explain ‘its the system which prevents acceptance’. In other words the ‘system’ ruled, even if it wasted time and prevented an internal transaction.
The second instance involved the energy company, Iberdrola. When asked to add a second metered account to an existing account all seemed simple. An hour later found the equally diligent accounts person unable to link the two accounts. She saw the information for both on the screen. But copying across details and making the link was impossible. The ‘system’ simply rejected the association, with no good reason displayed. On this occasion the ‘answer’ was to create a new account. That solved the issue without addressing the intention.
On discussing the problems with Iberdola employee, I received the distinct impression this was a problem of systems, possibly old ones rolled into new ones. In this case the (unproveable on the spot) impression was the new ‘system’, which was fancier and with far more capability, had ‘absorbed’ (merged?) an older system. Whereas the older system permitted one form of data entry the new one had changed the rules. Ergo old data in the new system prevented actions possible in the new system.
Browsers used for unauthorised cryptocurrency mining
Palo Alto Networks has come out with a report entitled “Unauthorized Coin Mining in the Browser“. This found that cryptocurrency coin mining is often taking place on consumer devices unknown to users. In its analysis, Palo Alto Networks indicate a broad spectrum of ‘victims’ across the globe. The highest impact is in the US and Europe.
Cryptocurrencies have high visibility. Unauthorised cryptocurrency mining means that visitors to websites end up coin mining without their knowledge. Worse, the mined value goes to the site owner who has installed coin mining software.
Is this malicious? That is unclear. In some instances, as the Report discusses, it is possible to receive up to 70% of the value mined. More normally, the installer takes all. Yet, cryptocurrency mining inside browsers may not be overtly malicious by itself. After all, what is the ‘victim’ losing, other than processing power and the electricity associated? On the other hand, this mining can occur without the end user’s consent which should make the practice repugnant.
What does this mean?
The CaixaBank and Iberdola examples are one-off instances of a form of insidiousness that expands. This occurs when the ‘system’ becomes a business inhibitor (preventer in some instances). Employees, and customers, become victims of an ill-seen danger that some obscure programming or data acquisition prevents both from accomplishing what they wish. Furthermore such ‘system’ challenges are unpreditcable, which makes anticipation and resolution even harder.
In the second, in which redeployment of browsers and the underlying computing happens, there is a different form of insidious danger. Affected browser users may not know of browser hijacking. For systematic miners who wish to avoid the massive electricity cost of blockchain mining, taking advantage on a mass scale of others paying for power has its attractions. Whether this can become widespread remains unclear, as the Palo Alto Networks Report explains.
Nevertheless, all three instances of ‘unforeseen dangers’ – of the ‘system’ and in the browser – demonstrate the computing environment becomes ever harder to manage. This applies to both enterprises and individuals.