Crypto Heist: The Aftermath of a Government Website Cryptojacking Attack • Scott Helme • GOTO 2023

Learn from the aftermath of a government website cryptojacking attack, where an attacker exploited the site's vulnerabilities for over a year, and discover the importance of robust security measures like CSP and SRI to prevent such attacks.

Key takeaways
  • Cryptojacking, a type of cyber attack, is an increasing threat to governments and organizations around the world.
  • The attack on government websites is a significant breach, making it difficult to balance the need for protection and convenience.
  • Content Security Policy (CSP) is a native browser functionality that allows you to specify which sources of content are allowed to be executed within a page.
  • Sub-resource Integrity (SRI) can detect and prevent attacks by comparing the expected hash of a resource to its actual hash.
  • Cryptojacking uses JavaScript to load a miner script that uses the victim’s computer power to mine cryptocurrency.
  • The attack on the UK government website was not detected for over a year, and it was only uncovered by a researcher who noticed strange activity on his laptop.
  • The researcher sent a tweet about the attack, and then continued to investigate and report on it.
  • The attack was later confirmed by the UK’s Information Commissioner’s Office (ICO), which fined both the government and the third-party supplier for their roles in the attack.
  • The incident highlights the need for robust security measures, including CSP and SRI, to prevent cryptojacking attacks.
  • The researcher recommends using native browser functionality, such as CSP and SRI, to prevent cryptojacking attacks, rather than relying on JavaScript plugins or libraries.
  • The incident also highlights the importance of transparency and accountability in addressing cyber attacks.
  • The researcher argues that the incident was a result of complacency and a lack of understanding about the risks of cryptojacking.
  • He also suggests that the incident may have been prevented if the government website had implemented stronger security measures, such as CSP and SRI.
  • The incident may have also been prevented if the third-party supplier had taken steps to protect against cryptojacking attacks.
  • The researcher concludes that the incident was a wake-up call for governments and organizations to take action to prevent cryptojacking attacks.

More talks

SAINTCON 2024 - Day 3 - Livestream

Public or Private Blockchains - How to evaluate which is the best for your business

SAINTCON 2024 - Day 1 - Livestream

Open Source Stories: Beginnings - Sharan Foga

The evolution of Feature Stores [PyCon DE & PyData Berlin 2024]

SAINTCON 2016 - Jeremy Cox (supertechguy) - Getting Involved with the Lawmaking Process

Privacy in Practice with Smart Pseudonymization: Lessons from the Belgian Public Sector by Verslype

SAINTCON 2023 - Wally Prather - Turning Data into Intelligence with Russian Data Dumps