Hackers sneak code onto Oulu city website to mine cryptocurrency | News

The malware, which caused the computers of visitors to the city’s official webpage to generate cryptocurrency without their knowledge, was detected and removed over the weekend.

A lot of computing power as well as electricity is needed to create more cryptocurrencies. In order to generate virtual currency efficiently and affordably, hackers use a method — known as cryptojacking — to cause victims’ computers to do it, according to internet security firm Kaspersky. Image: Henrietta Hassinen / Yle

Hackers recently hijacked the City of Oulu’s website in an effort to mine cryptocurrency with the devices of people who visited the site, according to the city.

The hack was discovered over the weekend, according to the city’s IT security manager, Kari Nykänen.

“Our service provider went through the sites’ servers and found the script,” Nykänen said, adding that the hackers’ code was on the system for less than a day.

Cryptocurrency is digital or virtual currency generated by computers and then traded between investors. The most commonly-known cryptocurrency is Bitcoin, but there are thousands of other varieties of virtual currency.

Cryptojacking

A lot of computing power as well as electricity is needed to create more cryptocurrency. In order to generate virtual currency efficiently and affordably, hackers use a method — known as cryptojacking — to cause victims’ computers to do it, according to internet security firm Kaspersky (siirryt toiseen palveluun).

The code used in the City of Oulu cryptojacking was to generate a cryptocurrency called Monero.

The malware was used via victims’ computers as they visited the city’s website, but was only active when the site was being accessed, according to Nykänen.

“The malware was active as long as the site was being viewed, but did not install anything on users’ computers,” he emphasised, adding the offending script had been removed and that the city’s system was fully operational on Monday.

The city became aware of the incident after Yle’s IT security team noticed suspicious traffic coming from the city-run site over the May Day weekend.

The origin and cause of the hack was still being investigated on Monday, according to Nykänen, who added that it may be a question of a security vulnerability, but that it was still unclear.

Cryptojacking has been used for a few years now. In some cases, operators of shady websites install the mining scripts themselves, but legitimate websites can also be hacked for such purposes, according to Yle’s IT security manager, Kim Johansson.

Let us know what you think in the comments below. You’ll need an Yle ID to join the discussion, sign up here. Comments are open between 10 and 17:30 each weekday, on a trial basis until 13 May.