Earlier this month, the Department of Homeland Security warned Americans at the Olympics that the event was vulnerable to hacking. As if on cue, the website that hosted the event went down on opening day, among other notable hacks that took place.
Do you go directly to your country’s government website to get information about what’s going on in your country? That’s adorable. It’s also apparently putting you at risk of becoming a cryptocurrency miner.
A hack that affected thousands of websites, including USCourts.gov, the United Kingdom's information commissioner page and numerous Canadian government sites, caused visitors’ computers to mine cryptocurrency on behalf of hackers last weekend.
It’s not the fault of the government websites themselves, but a popular browser plug-in called Browsealoud, which is used on thousands of web pages. Hackers compromised the code by tweaking it so that any computer that came across it would generate the cryptocurrency called Monero. Motherboard described the breach as the largest cryptocurrency hack to date.
On February 9, the day of the Winter Olympics opening ceremony, the event’s web page went down for several hours, impacting visitors’ ability to get tickets or access important event information, among other problems. Officials have not released much information about what happened, but independent experts are piecing it together.
Cyber security experts said a computer virus called the “Olympic Destroyer” was likely used in Friday's attack and was designed to delete critical system files on computers, or essentially knock vulnerable computers offline. Experts also said the hackers appeared to have previously compromised the main IT service provider for the Winter Olympics.
The site CyberScoop is reporting that the same malware behind Friday’s attack had previously hacked other computer systems belonging to the IT firm Atos, which is hosting the Pyeongchang games on its “cloud” infrastructure.
An Italian coin exchange last Friday posted a notice that hackers had stolen 17 million units of its Nano coins.
Air Force (but on purpose)
For the second year in a row, the Air Force has invited hackers to come aboard. The agency on Thursday completed its 20-day Hack the Air Force 2.0 security initiative, a challenge in which security researchers are paid to find vulnerabilities in the agency’s digital assets.
"This is the first time that we've had Department of Defense personnel on site in a live hacking program," one expert told eWEEK. Researchers were paid a total of $103,883 for identifying 106 valid vulnerabilities. Last year, for the inaugural Hack the Air Force program, over $130,000 in cash was doled out.
DNC sued for more information about previous hack
BuzzFeed News is reportedly suing the Democratic National Convention in an attempt to glean more information about the Russian hacking interference that has been the party’s major talking point since Trump was elected into office.
The news organization says in court that the political party has not complied with a subpoena they filed for more information about the infamous DNC hack of 2016, citing privacy concerns.