The Information Technology in-charge at the county administration, Vyacheslav Kovalenko says that “the attack was the first of its kind on government digital assets.” The attack, it was discovered by Vyacheslav and his team, began in May.
The attacker’s embedded malicious code in pages of the county government’s official website. Any page clicked would stealthily redirect to an anonymous website and secretly launch the mining software on user computers.
This method is a commonly used subversive activity by cryptocurrency miners to augment the processing power for new currency mining.
10-day crypto-jacking stunt
The malicious code on the government website was discovered and removed after a successful run of 10 days, local media reported.
The government regulator recommended all users of the official website should change the settings on their browsers to ‘block pop-up windows,’ as a preventive measure.
The website is a standard official set-up and typically has the average traffic of 600 visitors. It lists information about government activities, announces official events and other routine administrative posts.
This 10-day crypto-jacking episode is of the many such recent break-ins by ardent cryptocurrency miners, searching for more power and processing capabilities to mine more bitcoins and its cousins.
High incidence of C-Jacking
It is seen that the number of such crypto-jacking (C-Jacking) incidences have been on the rise, especially in technology-deep countries such as Russia. In February last, a scientific organization, one of the major nuclear research organizations in the country, Scientific Research Institute for Experimental Physics supercomputer mining power was exploited by its own employees.
Earlier in September, similar exploitation of government official IT facilities such as an office building in Crimea to install mining hardware by managers of the organization was busted.
Similarly, in December an oil transport company in Russia, Transneft, saw its employees misusing facilities of Information Technology. Specifically, it was found that the employees were using the official facilities to establish cryptocurrency processes.
In another incident, which had major security implications, the aircraft operator of Vnukovo airport, near Moscow installed mining farm at the airport itself. This called for major legal action, and the operator was eventually arrested by authorities.
It is found that there was only punitive action against such illegal cyber activities. Though, it included only the exploitation of high computing power, in order to mine more cryptocurrencies, the illegal harnessing of government property has to be reviewed perhaps in a different framework.
Though there have been arrests of such operators, it does not prove to be a major dissuader, considering the socio-economic conditions of miners in such areas. The former communist bloc of countries is also home to technically adept and skilled information science workforce.
The lack of free and un-monitored, un-regulated facilities in these countries does pose a major problem for legitimate miners and those who mine for personal reasons. Crypto-jacking is increasing in its incidence and calls for immediate preventive measures by concerned authorities.