Showtime Networks apparently has mined the websites of online viewers using the same Coinhive technology that The Pirate Bay recently used in a test run on its site.
A subsidiary of CBS, Showtime is a premium television network that offers professional boxing, feature films, original scripted television shows like Ray Donovan and other programming.
Showtime is one of several major cable networks to offer direct streaming subscriptions to viewers who prefer to watch online instead of using a cable or satellite service. It offers a direct subscription for US$10.99 per month.
Twitter user @SkensNet first discovered the problem, according to information security analyst Troy Mursch of the Bad Packets Report.
@Showtimeanytime @Showtime https://t.co/3OO1i4RdOi looks to have been hacked. In your source code – "https://t.co/D6uFZJgzSe"
— SkensNet (@skensnet) September 23, 2017
It is unclear whether Showtime was aware of or involved in planting the Coinhive mining technology into its source code.
Showtime declined to comment, said Erin Calhoun, senior vice president of corporate communications.
Not New Relic’s Doing
Source code found on the site also appears to be linked to Web analytics firm New Relic; however, the firm has denied any direct involvement in the incident.
“We take the security of our browser agent extremely seriously and have multiple controls in place to detect malicious or unauthorized modification of its script at various points along its development and deployment pipeline,” said spokesperson Andrew Schmitt.
After reviewing its products and code, the firm found that “the HTML comments shown in the screenshot that are referencing New Relic were not injected by New Relic’s agents,” Schmitt told the E-Commerce Times.
It appears that the code was added to the website by its developers, he suggested.
Tech Support Scams
Trend Micro researchers identified about 990 sites that were compromised by injecting malicious code that diverts users to the tech support site. Coinhive recently was added to those sites.
Cryptocurrencies like bitcoin and monero are operating in a kind of Wild West environment, where the rules are still not quite settled, noted Jessica Groopman, principal analyst at Tractica.
“To some degree, companies like Showtime and Pirate Bay are seeing what they can get away with,” she told the E-Commerce Times. “The problem with this trend is it lacks user consent.”
Companies may be reluctant to inform users, Groopman said, because that might incentivize them to demand a share of the monetization.