Hackers added code to the sites that hijacked your computer’s processing power, rather than defacing government sites or stealing data from them.
A new form of hacking has been becoming increasingly prevalent in India, and it uses websites to target your computer in order to ‘mine’ for Bitcoin. Now, this cryptojacking has spread to numerous Indian government websites, according to a report.
Security researchers said hundreds of sites including that of the director of municipal administration of Andhra Pradesh, the Tirupati Municipal Corporation, and Macherla municipality, have been affected—and when people visit any of these sites, their computer’s processing power gets taken over in order to carry out the complex computations required to create new Bitcoin and other cryptocurrencies. Earlier, when websites were hacked, it was to deface them, or to steal data, but cryptojacking is a way by which the hackers can make money while keeping a low profile.
And while that might seem like a relatively harmless attack, these miners are actually harming your device in a number of ways. It slows down and heats up your laptop, and consumes additional electricity, and can drain the battery on your smartphone and make it less responsive. It can even damage your smartphone by overheating components.
This remains a lucrative opportunity for hackers because although Bitcoin has seen a drop in value, it’s still the most expensive cryptocurrency, priced at $6,333 per Bitcoin (around Rs 4.60 lakh). At its peak though, Bitcoins were worth more than three times that.
However, generating new Bitcoin is now a huge challenge—some estimate that it could take up to 98 years to generate one ‘block’ of 25 Bitcoin using the computing power of a single laptop. By cryptojacking multiple websites that see thousands of visitors daily, the hackers can pool together the processing power of millions of computers to gain coins quickly.
Security researchers Shakil Ahmed, Anisha Sarma and Indrajeet Bhuyan discovered the vulnerabilities. “Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them … Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money,” Bhuyan told ET.
It’s not just government websites that can be affected. In May, it was found that over 2,000 computers at the Aditya Birla Group were affected. The official website of Information and Technology Minister Ravi Shankar Prasad was also compromised in the same way. Security company Quick Heal said in its annual threat report 2018 that overall 14 million cryptocurrency miners were detected, of which 10 million were script miners of this sort.