The first issue with running a coin miner is using company resources for your own profit. Your own system, using your own electricity, go for it. Running it on a company owned laptop, while at a company building, burning electricity the company is paying for. Ya, that starts to get uncomfortably close to fraud or theft. There is also that whole, “running unauthorized software on a company system, doing who knows what else in the background.” There is a very real possibility that the coin miner has unknown vulnerabilities which could allow remote code execution; or, just outright be malicious and contain a remote access trojan. Maybe he was smart enough to audit all the code it was using and be very sure that’s not the case. More likely, he just grabbed a random implementation of XMRIG, put his wallet in the config file and ran it. Either way, he also made a point of refusing to remove it, so we escalated up to management. With the recent ransomware outbreak having been in the multi-million dollar (possibly low tens of millions) damage range, refusing to remove unauthorized software went over about as well as a lead balloon. There may have been other factors at play; but, the unauthorized software and being a dick about removing it was what got him out the door.
Kinda, but not as a firable offense.
Using the company car for uber would raise the odometer, wear the tyres, use fuel, risk crashing, etc…
As long as things are within thermal limits, it won’t risk damaging the device.
I guess it could make the battery degrade quicker, but it seems so insignificant in comparison.
Am I just stupid or does that seem like an extreme reaction?
Apart from the ~0% profitability these days, what’s the issue with running a coin miner?
The first issue with running a coin miner is using company resources for your own profit. Your own system, using your own electricity, go for it. Running it on a company owned laptop, while at a company building, burning electricity the company is paying for. Ya, that starts to get uncomfortably close to fraud or theft. There is also that whole, “running unauthorized software on a company system, doing who knows what else in the background.” There is a very real possibility that the coin miner has unknown vulnerabilities which could allow remote code execution; or, just outright be malicious and contain a remote access trojan. Maybe he was smart enough to audit all the code it was using and be very sure that’s not the case. More likely, he just grabbed a random implementation of XMRIG, put his wallet in the config file and ran it. Either way, he also made a point of refusing to remove it, so we escalated up to management. With the recent ransomware outbreak having been in the multi-million dollar (possibly low tens of millions) damage range, refusing to remove unauthorized software went over about as well as a lead balloon. There may have been other factors at play; but, the unauthorized software and being a dick about removing it was what got him out the door.
Analogous to someone using the company car to make some extra money as a uber/lift driver. Do you still not see the problem?
Kinda, but not as a firable offense.
Using the company car for uber would raise the odometer, wear the tyres, use fuel, risk crashing, etc…
As long as things are within thermal limits, it won’t risk damaging the device.
I guess it could make the battery degrade quicker, but it seems so insignificant in comparison.
Besides the general security risk of they run trojaned clients, if they run it in the office they’re spending the company’s electricity