Let’s see them talk their way out of this one!!!

By  | February 15, 2018 | 28 Comments | Filed under: TIME FOR A NEW MAYOR AND 90% of COUNCIL IN 2018

City of Cambridge website hijacked by cryptocurrency miners

 

Thousands of sites around the globe using Texthelp Browsealoud plug-in hacked.

NewsFeb 14, 2018by Jeff Hicks Waterloo Region Record

CAMBRIDGE — A worldwide cyberattack briefly hit the City of Cambridge website last weekend, the city confirms.

During a span of four hours and six minutes on Sunday morning, visitors to Cambridge.ca had their browsers covertly hijacked by cryptocurrency miners while the visitors remained on the website.

How many visitors? An estimated 474, the city says.

Their computers, as silently ordered by a devious secret script, then used their processing power to help hackers solve computational puzzles to create a cryptocurrency called Monero.

The computer owners, who were never asked for permission, had no clue.

The crypto-jacking ended when the user left the city web page or closed it. Still, a weak security link got exploited for the duration of each visit.

The culprit? A text-to-voice plug-in called Texthelp Browsealoud, which is used on the city site to help the visually challenged.

Browsealoud got hacked. Therefore, the city website, and 4,200 other sites using the plug-in around the globe, had been violated too.

Thousands of sites, including the City of Cambridge’s, were compromised. Hundreds of computers — not mobile devices, they don’t have the power to pull off the crypto-deed — got quietly commandeered.

“There was no information stolen from the visitors’ devices,” said George Georgiadis, the city’s chief information officer, on Wednesday.

“At no point was there any attempt to access personal data on the user’s computer,” he added in an email.

That’s what the city is being assured by Browsealoud. No customer data was accessed or lost during the cyber-jacking, which began at 6:14 a.m.

The city says automated security tests by the city’s service provider, eSolutions, detected an issue. Browsealoud was removed from the website at 10:20 a.m.

“These type of incidents are not uncommon,” Georgiadis said.

“It hasn’t happened to us before. But this is not the first time, in theory, that hackers are trying to exploit some sort of vulnerability, in this case it was the Browsealoud vulnerability.”

Texthelp later took down its site while Browsealoud security was to be improved. The site was to remain off-line until Thursday.

“The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency,” read a statement posted online by Northern Ireland-based Texthelp.

“This was a criminal act and an investigation is currently underway.”

International security researcher Scott Helme, according to The Guardian, is credited with pointing out the security breach after a friend detected an issue after visiting a United Kingdom government website.

Thousands of sites, some operated by government agencies, were affected from Australia to Europe to Canada, according to a handful of tech news sources. Other Canadian sites, besides Cambridge.ca, are among them. Oshawa, Pickering and Huron County have Browsealoud on their websites.

In Cambridge, as of Wednesday, it hadn’t been decided if Browsealoud would remain on the city website. That is still to be determined.

“I don’t think it’s really used that much,” city spokesperson Susanne Hiller said. “In fact, we were even questioning whether the tool was needed or not. But, obviously, for accessibility purposes, we want to have these tools available.”

The City of Kitchener doesn’t use Browsealoud on its website. The City of Waterloo removed Browsealoud from its site in early 2017.

“We used to have it on our website, but it was never used,” City of Waterloo spokesperson Janice Works said in an email on Wednesday. “The trend has been that individuals have their own technologies available to assist in reading web pages.”

In Cambridge, where online voting will be used for a second straight municipal election come October, the issue of cybersecurity is likely to be front-and-centre in the wake of the Browsealoud hack.

“When you have an online voting system, it does the same kind of thing where it’s loading resources from other websites,” said Aleksander Essex, a Canadian cybersecurity researcher and online voting security expert.

“Here you are with a situation where they’re loading, inadvertently and through no fault of their own, they’re loading this crypto-jacking sort of JavaScript. And then, within eight months, they’re going to be deploying online voting. It’s a conversation that needs to be had.”

Last April, Essex spoke to Guelph city council about the security perils of online voting as that council rejected digital advance polls in 2018.

Essex, an assistant professor in Western University’s computer engineering department, wants people to be aware of the limitations of cybersecurity in the online voting setting.

“What if, instead of loading a cryptocurrency miner JavaScript, it was delivering a vote-stealing JavaScript?” Essex said.

“The big worry we have in the voting world is — if your website did get hacked and your votes did get changed, how would you know? Because you’re not supposed to know how people voted.”

Georgiadis says Cambridge will use a qualified service provider, one used by a number of municipalities, to ensure secure online voting in October. Also, extra paper ballots will be ready in case the system crashes.

“Security is always a concern,” Georgiadis said.

“The fears of a potential incident — the concern there is not of stolen information. It would be more the concern if something happens and the service is not available.”

 

jhicks@therecord.com

Facebooktwittergoogle_plus
debbie_vitez@rogers.com'

About 

28 Responses to Let’s see them talk their way out of this one!!!

  1. Debbie Duff Vitez February 15, 2018 at 9:57 am

    Here’s the test..

    If this council does not re open all POLLING LOCATIONS, and voting booths and offer only paper ballot without the help of TABULATORS..
    ( this is only February, they have plenty of time to get this done.)

    YOU MUST ASK WHY… WHY THEY WOULD PUT US AT RISK?

    This is more proof of how sensitive electronic ballots truly are..and yet they continue..

    THEY HAVE TO STOP ELECTRONIC BALLOTS.. UNLESS THEY HAVE AN ULTERIOR MOTIVE (?)

  2. kefran@bell.net'
    R. Keffer February 15, 2018 at 10:51 am

    In April 2017, I went before Council as a delegate and spoke directly to Council regarding the use of Internet Voting for the 2018 Election.

    At that time, as well, before the Council Meeting that evening there were people outside Council with signs stating that PAPER BALLOTS were the only way to vote and SAY NO TO ONLINE VOTING.

    I referred to a CBC report from September 8, 2015 where a gentleman by the name of Jean-Pierre Kingsley, who was the Chief Electoral Officer of Elections Canada stated that ‘People want 100% assurance that this (voting) cannot be tampered with.

    He goes on to say ‘I’m absolutely sure we’ll be able to find something, but at this stage, we’re not here yet,’ with reference to the security and secret of online voting.

    Also quoted in my presentation was the Federal NDP’s online voting process that elected Tom Mulcair as leader. That system was hit with a DISTRIBUTED DENIAL OF SERVICE. This is an attack by hackers to so low an online voting process, If hackers can do this, what else can the do to the process?

    Online voting also challenges the INTEGRITY, VERIFYABILITY AND SECRECY OF VOTING.

    While it may be convent to vote at home and save the drive to the POLLING STATION, there isn’t any proof that the online vote was free from intimidation or coercion.

    If a vote is cast in a PRIVATE BOOTH, such an occurrence is less likely to happen.

    Another thing to think about is the fact that the individual casting the vote might not necessarily by who they say they are when they log on to the internet voting website.

    Election are our franchise and the basis of our DEMOCRACY AND NOTHING SHOULD BE LEFT TO CHANCE when electing the leader chosen to act on our behalf for the greater good of the community.

    VOTERS of this City need the ‘TRIED AND TRUE PAPER BALLOT’ form of voting on OCTOBER 22, 2018.

    This is just a portion of the Letter I read to Council that evening.

    After the letter was read, one councillor agreed with the presentation and said that online voting is not a secure way to vote and agreed with the topic presented.

    One Councillor said that he didn’t think PUTIN was interested in our Election system.

    Council then voted as to whether or not to allow online voting and the vote passed so once again ONLINE VOTING is being allowed for 2018.

    On the CTV news that evening, one councillor was interviewed and he actually said ‘I VOTED BECAUSE STAFF RECOMMENDED IT’.

    He also admitted in Council that evening that he prefers to vote using a PAPER BALLOT. HMM.. really makes you wonder why he would vote for something ‘BECAUSE STAFF RECOMMENDS IT.’
    I

  3. Debbie Duff Vitez February 15, 2018 at 11:17 am

    I think the interesting thing to watch here is this…

    With the Provincial Election coming up.. you will see all polling locations and booths fully open and PAPER BALLOTS..

    My bet is all residents will receive their voter registration cards in time for the Election..
    Something Cambridge conveniently missed during past municipal elections..

    Mistake..?? you decide.. This city does everything in their power to make it hard for you to cast your ballot.. again I ask.. Why is this? This is not only my personal opinion.. google past elections in Cambridge and wake the hell up Cambridge

  4. mjqsmith@bell.net'
    Maggie February 15, 2018 at 11:53 am

    Wow – all the information is there & in paper articles about fixed internet voting. When will people wake up to this???
    PAPER BALLOTS is the only safe way to go.

    I wonder what areas of Cambridge were missed during past elections? Would be good to know what sections – like maybe sections that would not have voted for the present Mayor. Would be most interesting.

    OKAY CAMBRIDGE VOTERS – WAKE UP – DEMAND PAPER BALLOTS.

    DEMAND CLOSED POLLING BOOTHS BE REOPENED. LETS HAVE AN HONEST ELECTION THIS OCTOBER.

    I personally think 2 terms is plenty for same Mayor – otherwise it is the same old thing. Nothing new or good happens. Just same old crap (for Galt).

    Let’s get a Mayor in that will FIX broken Dams in Preston and quit building monstrosities that are unneeded.

    WAKE UP CAMBRIDGE VOTERS$$$$$$$
    We need BUSINESSES in town not more mega homes which is taxing our systems.

    And our SPORTS COMPLEX must be built in Cambridge – not on someone elses land!$

  5. Debbie Duff Vitez February 15, 2018 at 12:38 pm

    I drove thru downtown Preston yesterday and seen the dam.. My first thought was, why is this stupid Mayor dumping so much of taxpayer money into the Galt core.. ( I do know the answer to that one) but.. he needs to invest in Preston as well..
    He is the supposed Mayor for Cambridge, not just his Galt monied friends.

    VOTE HIM and his cronies out COME OCTOBER.. (if you can)..

  6. lvann_11@sympatico.ca'
    Tom Vann February 15, 2018 at 2:10 pm

    I trust no politician seeking re-election unless I know them personally. I have seen such a malicious, self serving group during the past few years to rate them as the worst I have ever seen. Now 2 are involved in a huge lawsuit. Mann and Monterio should be asked by council to step back until their case is over but they won’t. So what does this tell you about the present council, Dyke, and mayor included. Internet voting must not be allowed to be used. We saw what they did with the George Bush machines in 2010. This was a wake up call.

  7. kefran@bell.net'
    Frustrated February 15, 2018 at 4:11 pm

    A wake up call…do you think Dyke, and Du Lillo actually know what a WAKE UP CALL is Tom? We are voting electornically again because some members of our COUNCIL ARE TOTALLY SPINELESS!! Hmmm..Maybe if they get TURFED in October the ELECTORATE will get a Councillor that Votes the way the electorate would want them to vote rather than the way STAFF RECOMMENDS THEY VOTE!!
    CAMBRIDGE…TAKE CHARGE…The Councillors you VOTE for in the end DECIDE HOW YOUR TAXPAYING DOLLARS ARE GOING TO BE SPENT…
    It’s ironic that the CITY WEBSITE WAS HACKED!!
    If the CITY website can be HACKED….OUR ELECTRONIC VOTING CAN BE HACKED TOO!!

  8. lvann_11@sympatico.ca'
    Tom Vann February 15, 2018 at 5:20 pm

    Hello Pam. Pam Wolf is getting destroyed in town talk because of the development going in. Being a decent fellow I won’t print it and risk city hall calling or sending the cops again. I stuck up for Pam when her DUI was mentioned and how she got off. Some mentioned it looks good on the people in that area for voting for again. I did mention that many nice homes are going up for sale there. Wait till litter covers the streets, a SIS goes in to her ward, and traffic becomes really bad before more homes go up for sale. Soon no more wet lands and tons of dead Turtles will have to be defended. Look also for many more homes to come than the 1,600 going in. The explosions will be coming from ward 5 peoples heads in anger. Cheaper home values seem just around the corner in ward 5. Poor old Pam. Good thing she voted for internet voting. Maybe running in ward 5 would be a good choice. So many options this year for people. Has anyone seen Mike Mann out in public lately?

  9. lwhetham@live.ca'
    Linda whetham February 15, 2018 at 6:22 pm

    I know this may sound petty, but here is how I was treated by the Tech Department at the City, When I lost the Election in October of the year, you still have to sit as a Councillor until the end of December, When my Daughter gave Birth in Dec of that year she was rushed into Emergency Surgery and gave Birth to a 2 lb.girl who was 2 1/2 months early, the only photos that we had of this little girl was on my Blackberry which was owned by the City and used by myself until the end of Dec. the City demanded the Blackberry back and so I told them that I would like to get the photos on to a flash Drive before I gave the phone back, and I was told by the head of this Department that he would do that for me as long as I would give him the Blackberry, which I did, when I asked for the photos, I was told to go before Council and ask if I could have the photos and the Head of the City at that time said No.

  10. lvann_11@sympatico.ca'
    Randy Toner February 15, 2018 at 6:49 pm

    l have also heard people are upset with her.

    • lwhetham@live.ca'
      Linda whetham February 15, 2018 at 9:28 pm

      At that time Randy it was a guy named Frank and the acting C.E.O. was a guy name Steve

  11. mjqsmith@bell.net'
    Cheated February 15, 2018 at 7:13 pm

    That’s just it Linda – cannot trust any of them. Lies lies & more lies.
    That really is a disgusting story. I hope you blasted the guy that promised to develop the photos for you. The Mayor should have stepped in for you – Any human being with a family would understand how important those photos were to you. Really what was the big deal??
    They didn’t trust you but you trusted them & see what happened.
    Those days of trust are gone. We trusted this Mayor to look after this City and not himself, but he sure has made a mess of Cambridge.

    PEOPLE VOTE PAPER BALLOTS – INSIST ON IT – EMAIL YOUR COUNCILLOR – NOW!!

  12. lvann_11@sympatico.ca'
    Tom Vann February 16, 2018 at 8:18 am

    You couldn’t download or send them to your computer Linda? If not, this is not acceptable. I just finished a 10 part documentary about the Viet Nam war and Watergate. Shocking. Dishonest leaders, money for the war machine, election corruption, so many wasted lives, lives that were meaningless to the government vrs. the goals. Of course this kind of corruption would never happen in Canada. Here we get fixed phoney elections, promises to change the election process by our Prime Minister then he reneges, (lies), sending our troops on a witch hunt for W of MD, then abandoning their medical needs and care on their return, opening the doors to refuges and cutting their wait times meanwhile our own homeless live on the streets. I can go on for hours. Votes!!! Re-election!!!! Way more important than doing the right things or keeping you promises. In a lesser light… taking tax dollars and putting them into one section of a city, while other sections of the city go without. Corruption in our professional government unions, and buying the votes with our money is wrong but can be justified. If anyone believes Pat Brown was just a coincidence then ask why one of the girls has now changed her story. He asked; why has he not been charged? Soon none of this will matter

    • lwhetham@live.ca'
      Linda whetham February 18, 2018 at 5:23 pm

      I should have done that However, when Francis said Give me the Blackberry when I was in my Office and I will go and do that for you, I did not think twice about handing it over to him, I know that it was City Property and not mine to use for Photos, but at that time in such an emergency I was the only one with the ability to take a Picture..

  13. mjqsmith@bell.net'
    Chester February 16, 2018 at 10:33 pm

    Well it looks like the Russians did some election interfering so it just proves it can be done. Therefore likely did happen here in 2010 & 2014 and if people don’t smarten up & VOTE PAPER BALLOTS ONLY could happen here in Oct. election.
    There have been far too many proven articles proving voting can be fixed, and presentations were made at Council to use RANKED VOTING and it was turned down but now we know why – CAN BE FIXED!!! Read the articles on Advocate re this.
    It just makes me wonder when I have not spoken to one person that voted for Craig but he got in – so now I know why. PLEASE VOTERS DON’T LET IT HAPPEN AGAIN!! ENOUGH! ENOUGH! WE DEFINITELY NEED CHANGE – NEW IDEAS & trust.

  14. lvann_11@sympatico.ca'
    Tom Vann February 17, 2018 at 8:37 am

    Notice our P.M. lied to us on the voting as well. Translation = we need to get back in so keep it going. Now they have pushed in shorter wait times for relatives of new comers. Soon we will have a turbine on a future leader. Don’t forget the people that went or that are going through the proper channels to come to Canada. See ya in 10 years.
    Our mayor wants a hack-able process for some reason I guess.
    Not 1 Craig sign in our area last election.
    Must have all voted Craig in ward 5.
    How do they like him and Pam now? Maybe we can put a round-a-bout at the Park Hill bridge to help those in ward 5. You voted ’em in. Live with it.

  15. lvann_11@sympatico.ca'
    Tom Vann February 17, 2018 at 10:44 pm

    Dyke needs to tell this city the internet is unstable and they now will use a chalkboard to count votes. All voting will be done in the 3rd floor washroom. This will ensure a safe vote. Ole’ Enjoy the nice weather.

    • kefran@bell.net'
      T J T February 22, 2018 at 5:41 pm

      The third floor washroom..I hope its a dual purpose one…that way we can all go in together

  16. poperingo1@yahoo.ca'
    poperingo February 18, 2018 at 12:13 pm

    70% of eligible voters did not vote in the last election, those are the ones that need to be engaged. Your anger should be at them as their disinterest is a big problem in this community. A majority of citizens have no idea who their local reps are and don’t care, that is what needs to change.

    I WON’T DELETE THIS POST.. YOU ARE RIGHT 70% DIDN’T OR DON’T VOTE..

    BUT THE 30% THAT DO VOTE, WANT THEIR VOTE TO COUNT.. AND THAT DOESN’T SEEM TO HAPPEN IN CAMBRIDGE!!

    With Craig’s creative elections..

  17. mjqsmith@bell.net'
    Maggie February 18, 2018 at 1:35 pm

    Yes – you are so right. We have people moving into this area that could not care less. BUT for those of us that do care – we should have the right to make sure there is a Polling Booth open for us and that it is paper ballots so it gets delivered on time & that our vote is counted for the right persons.
    They closed up locations last election – so that there were lots of people that could not vote or was mis-directed. It was a mess that so few knew about.
    It is a shame when in this country we have the right to vote and we do not. But I bet those that do not vote are the first ones to complain.
    And yes, I for one, prefer Baseball caps worn any way – this is Canadian.
    HOW DO WE WAKE UP PEOPLE TO VOTE?? BUT THEN AGAIN IF IT IS FIXED WHY BOTHER???$

  18. mjqsmith@bell.net'
    Maggie February 18, 2018 at 7:09 pm

    People don’t vote – do you really think they are going to take time out of their so-called busy lives to attend a meeting & learn something. Come on!
    We have held meetings – mostly concerning the Sports Complex that our idiot Mayor promised Tibbetts to build on Conestoga property. Many meetings & lots of people. But they get tired – which is what the Mayor wants – wear people out & drag it out, then forge ahead with his own wishes.
    People will complain about the Tax rate in Cambridge – very high – but we saw very few people out at the Budget meetings – 3 meetings held.
    So definitely there has been a group of us – and also attended a meeting this aft. Did not see you there.
    Also attending the Council meeting Tues. night at 7 p.m. – on the Code of Conduct. Gee does this mean 2 of them will be asked to leave as they are involved in a sexual harrasment charge. Come out & see what goes on!!
    Invite your family, friends, neighbours – everyone should attend & see what goes on with our money.
    We also held a rally outside of City Hall asking for RANKED VOTING. Where were you? The Mayor turned it down – can’t control RANKED VOTING$$$$$$
    Toques work as well!

  19. mjqsmith@bell.net'
    Maggie February 18, 2018 at 9:14 pm

    An excellent idea. Set it up – advertise & we’ll come.

    Toques are acceptable as well.

  20. lvann_11@sympatico.ca'
    Tom Vann February 19, 2018 at 9:56 am

    poperingo. It is just a humor expression using turbine. Your assumption that I have an issue with it is premature and wrong and I could care less. I have friends that wear them and chuckle at the term I use. This site does just fine as it not meant to be a national outlet for speech. Perhaps I could have them send you a reply via email stating their thoughts on my engagement with them popering. Next.

  21. Debbie Duff Vitez February 19, 2018 at 10:05 am

    Tommy, it must be an election year.. Trump oopsie I mean Craig supporters tend to crawl out of the woodwork.. lol

  22. mjqsmith@bell.net'
    Citizen February 19, 2018 at 10:53 am

    Alter trombenik does not apply here at all.
    It would apply to Craig though.
    Attend Tues. Council meeting 7 p.m. where you will see “Alter trombenik”.
    It is “Code of Conduct” night – really – kind of late!!$$

  23. lvann_11@sympatico.ca'
    Dex February 19, 2018 at 4:48 pm

    Yo, ho, ho and a bottle of rye. Ever wonder why you can’t find anyone that has voted for Craig? Two reasons: no one will admit to making a mistake and no one did. We just need to look at how votes get used by dead people or by those no longer in Cambridge. Mork and Mindy would be proud.

  24. Debbie Duff Vitez February 19, 2018 at 7:08 pm

    Poperingo.. The foil hat gave you away.. Go back to the citizen.. We don’t need your trash on this site..

    all future comments from you will be removed..

  25. lvann_11@sympatico.ca'
    Reggie Stuart February 19, 2018 at 9:07 pm

    Seig hail der mona hopal. This will be the new slogan come election day. l for one was effected by wrong information during a past Cambridge election. l could not vote until l signed a sheet which l refused after years of voting. Only a secure voting method in this city can bring out the voters so confidence can be restored. What is the citizen?

Leave a Reply

Your email address will not be published. Required fields are marked *


Archives