‘Taking your CPU for a joyride’: Why this week’s cyberjacking raises online voting concerns

By  | February 20, 2018 | 19 Comments | Filed under: uncategorized

Hack was used to ‘borrow’ computing power to mine digital currency and expert says it points to flaws

By Andrew Lupton, CBC News Posted: Feb 15, 2018 7:00 PM ETLast Updated: Feb 15, 2018 7:00 PM ET

A cybersecurity expert at Western University says a new method of hacking that affected websites in Canada and around the world this week raises security concerns for Ontario municipalities that plan to use online voting in elections later this year.

Aleksander Essex runs Western’s Whisper Lab, a small research group with a specialized focus on cyber security. 

He says in a cryptojacking attack, hackers don’t steal information or install malware. Instead, they surreptitiously use the computing power of the target’s computer to mine digital currencies.

“It’s like they’re taking your CPU for a joyride,” he said.

On Sunday, visitors to government websites had their web browsers hijacked into running a Javascript called Coinhive, which is used to mine the cryptocurrency Monero. More than 4,000 sites were affected worldwide including municipalities, public libraries, school boards and public health organizations. More than 200 websites in Canada were affected, including Ontario’s Information and Privacy Commission, the city of Cambridge, Ont., and the city of Yellowknife.

The hackers targeted a plug-in called Browsealoud which reads web content for visually impaired users. The hackers switched the Browsealoud Javascript with one that runs the crypto miner.

International cybersecurity researcher Scott Helme spotted the hack and began to alert operators of the targeted websites. Within a few hours, Browsealoud was pulled down. It remains offline while the hack is investigated.

Hack used to mine digital currency

But for a few hours, visitors of the affected sites may have unknowingly had their computers used to mine Monero, which Essex said is popular among the “dark web” because it’s a more anonymous digital currency than Bitcoin.

In public statements, operators of many of the affected sites were quick to point out that no user information was stolen in the hack. Also, no malware was installed on users’ computers.

A statement from Ontario’s Information and Privacy Commissioner was typical: “We know that no data was accessed or lost, and the script has been disabled.”

City of Cambridge spokesperson George Georgiadis said it wasn’t a hack in the “traditional sense” because no user data was stolen.

But to Essex, the hack is worrying because it shows how easily municipal websites can be compromised, particularly when many Ontario municipalities plan to use online voting in this fall’s elections. 

“You could have had a scenario where instead of a crypto miner, they downloaded a vote stealing Javascript,” said Essex. “Yes, the hackers were making money today, but maybe in October they’re stealing votes. From a technical standpoint, it’s something to be watching for and to be concerned about.”

Toronto said no to online voting

Essex has consulted with municipalities interested in exploring online elections.

Toronto for example, looked at the idea but opted to stay with paper ballots.

“They studied the problem and concluded that the threats to the cybersecurity side of things were just too great,” said Essex.

Guelph used online voting in 2014 but will return to paper ballots this year. Pickering, Ont., a city whose website was affected by this week’s attack, plans to have online voting this fall.

‘Cyberthreats happen all the time’

Cambridge used online voting in 2014 without a problem and plans to use it again in this fall’s election.

Georgiadis said Cambridge will use a third-party provider called Dominion Voting Systems. He’s confident the company has the proper protections in place to ensure the integrity of the vote.

Still, he said Cambridge will print paper ballots in the weeks leading up to the election so if any cyber threats pop up, they can revert to traditional voting.

“Cyberthreats happen all the time,” he said. “If there’s a high risk, we won’t go with [online voting].”

Elections Canada abandoned plans to experiment with an online voting pilot project before the 2015 general election due to budget cuts.

Essex said municipalities placing trust in third-party providers should also consider what’s called “penetration testing,” essentially hiring others to test the security by trying to hack it. 

“Municipalities should fundamentally understand what the limitations of today’s internet truly are,” he said. “Because guess what, it’s not unhackable because these cities did get hacked and moving from that to vote stealing is a one step move.”




19 Responses to ‘Taking your CPU for a joyride’: Why this week’s cyberjacking raises online voting concerns

  1. T J T February 20, 2018 at 7:07 am

    So maybe this COUNCIL should RECONSIDER their decision from last APRIL and come back and VOTE for PAPER BALLOTS

  2. mjqsmith@bell.net'
    Citizen February 20, 2018 at 10:21 am

    There is no “maybe” – it should be corrected immediately. With all the info on hacking elections – cannot understand the Mayor & Council’s thinking – oh sorry – yes we can – WE DO KNOW WHY THE MAYOR DOES NOT WANT PAPER BALLOTS.
    We just might finally get an honest election since 2010 & 2014.
    Mayor & Council – change this immediately. Let’s be fair this 2018 Election.
    Read the above and all the other articles on hacking.
    You just had your City hacked.
    Wake up!!$$

  3. T J T February 20, 2018 at 11:10 am

    This is a case of putting the cart before the horse. It all sounds good..Online voting will engage more people and encourage more people to vote because they can vote from home and don’t have to go out and socialize at all. How convenient. But really is this a practical approach to voting? It is a proven fact that using online voting does not significantly increase the percentage of the vote so really why is internet voting necessary?
    It is also interesting to note that people such as Jean-Pierre Kingsley who was the Chief Electoral Officer of Elections Canada said that people want 100% assurance that voting cannot be tampered with and he says that we’re not there yet…that speaks volumes about internet voting. Then Aleksander Essex points out the fact that even if the City of Cambridge uses a qualified serve provider for internet voting in October , there is no way to guarantee or even compelling evidence that the election results are correct.
    That should tell everyone that the Internet is NOT the way to VOTE.
    We live in such a busy society today that we have come to be impatient creatures..But if you have to stand in line for a few minutes to cast your vote, think about saying hello to that stranger…who knows..you could make a new friend on election day!!
    Think about it…Come out and cast your vote by going to the polls and taking the time to exercise your Democratic Right…After all would you want that taken away from you?

  4. Concerned March 4, 2018 at 7:17 am

    Well I don’t think the officials of this fair city want to believe all the things that can happen. They seem to be living in a fairy tale world.
    The City website getting hacked is just an example that it can happen.
    Of course their excuse is the fact that it was a program that got hacked so they think it wasn’t their website. This just shows you that no matter what anything can be hacked. No personal information was taken by the visitors to the website but that isn’t the point, and our city official seem to miss that all the time.
    The whole point of this is fat fact that a website can be hacked..even one that they think is secure…which leads into the validity of the City using online voting in 2018.
    The city wants to lead the people to believe that when they vote this will be safe…but they cannot guarantee it..and anyone who votes online will never know.
    And there is another fact that this City will not tell you…and that is the fact that they do know who actually voted online even though they tell you they do not know…Here is another one of their lies. When you sign on to you computer and then go to the website to vote, you get a password to enter and they know immediately who you are through the IP address that is provided..So is it really a secret ballot?? I think not!! Does the vote go to the party you intend? You do not know!! Think of all these things before you cast your ballot online..and oh yes one other thing…your computer could even get a virus or malware by voting online….

  5. lvann_11@sympatico.ca'
    Tom Vann March 4, 2018 at 5:24 pm

    There is a lot of things going on at the moment and the city wants to know what I am thinking. Well, here it is … Riddle me this….what is black with white and lays in the dark with green that can blind you. Ta da.

  6. lvann_11@sympatico.ca'
    Tom Vann March 4, 2018 at 6:46 pm

    Is there nobody out there that used to watch Batman? Casino Poker! Duh. Black-white…chips on green table felt…on the blind. Is there nobody in this city that wants to know what I’m thinking. I’m bringing in the Riddler and Penguin to sabotage the internet on election day. Rob Ford will win as mayor and the 7 dwarfs will become council. I need my medication. Ole’.

  7. Debbie Duff Vitez March 4, 2018 at 7:15 pm

    OMG.. TOMMY..TOMMY.. TOMMY…. what am I going to do with you?.
    One minute you present as sane.. then you totally go off script..
    Reminds me of the US president… but.. we will keep you regardless of your insane rants.. Personally.. I would be afraid to ask what goes on in that mind of yours.. lol

  8. WPT March 5, 2018 at 5:07 am

    Casino Poker…I have a Royal Flush…is that good?? Oh yes .. I think I win….everyone can go home now!!! I get to call the shots!!

  9. lvann_11@sympatico.ca'
    Tom Vann March 5, 2018 at 7:44 am

    WPT. It was all in fun. No one in this city knows what I’m thinking till I do it, so I have fun till I do with bizarre comments. Please don’t confuse me with Einstein. However, as per voting and the election about 1/3 of our group (CPAC) met Sunday. Being more of a rant and java meeting it produced a new member and we had fun. The coffee shop works best, rather than in our homes. Better Cambridge people didn’t attend, maybe on the 25th. Changes are needed. Hacking is a real threat as is vote flipping. The real work begins after the summer holidays so get ready Cambridge changes are coming. Can we trust our mayor and most of council to do the right things? That is why we have a record of important voting choices, film and who voted for them. I can’t wait for the debates. With the lawsuit coming in June the snowball is rolling. Santa has toys for all the good boys and girls. Ole’.

  10. WPT March 5, 2018 at 8:11 am

    Yes good meeting on Sunday…Need to think about what is best for the City…get more voters out to the polls…forget online voting…hacking is too real…City thinks they can guarantee the online site for voting is safe…nothing is safe…everything can be hacked…Putin might not care…hackers do this for fun…so time for real change…need a Council that will listen…Can that happen??

  11. lvann_11@sympatico.ca'
    Brent Taylor March 5, 2018 at 9:03 pm

    You never stop surprising me Tommy. You have your finger in many pies. I hear your running again. Is that true? l hope so. l bet they don’t want you on council to expose them. Go get them bud. Keep the letters coming Christa loves them.

  12. WPT March 6, 2018 at 10:28 pm

    Tommy for Ward 1….Tommy for Ward 6…hey Tommy you need to be cloned then you could be Councillor in both wards…oh that would be great!!! Think about that

  13. Asking March 7, 2018 at 1:25 pm

    On line Vote…how many times can I vote for the same person…will they know?? Is it secure? Can it be hacked?? Will my vote count?? Will I know if it went to the right Candidate?? Hmm so many questions?? What are the answers??

  14. lvann_11@sympatico.ca'
    Tom Vann March 25, 2018 at 8:06 am

    WPT 1st I watch who needs to be replaced the most. Both are winnable and need change. I am meeting a lady today for insight. The wheels are in motion.

  15. lvann_11@sympatico.ca'
    Tom Vann March 28, 2018 at 8:00 am

    Mr. Essex was lights out on his presentation last night and council can be congratulated on allowing him to speak to enlighten us. Thank-you council. This man speaks all over the world about online voting issues. Now we know about the issues, we can only hope changing to paper ballots take place to ensure public trust in our election. Hats off to council.

  16. lvann_11@sympatico.ca'
    Tom Vann March 28, 2018 at 8:08 am

    Hats off to council for allowing Mr. Essex to present his views of online voting problems and security. Thank-you council members for doing so. His speech exposed the lack of security and showed how the host can view how everyone voted. This would take away our secrecy of our vote. Now council needs to study his report and make a choice to hopefully return to the trusted paper ballots which are much more secure and won’t show who and how we voted. This privacy must be protected. I was pleased to see even Donna voted for this. Good for her.

  17. lvann_11@sympatico.ca'
    Tom Vann March 28, 2018 at 8:09 am

    I posted here 2x’s and was kicked out.

  18. lvann_11@sympatico.ca'
    Tom Vann March 28, 2018 at 9:22 am

    Again… I was pleased to see council allowed Mr. Essex the opportunity to discuss the problems with security and corruption if online voting were used. So greater a risk than paper. He told me the greatest computer security programmer in the world stated one can not trust online voting to be secure. It may not be for many years if ever. His presentation was eye opening and we owe council a hat tipping for allowing this to happen. The only 2 that voted to not allow Mr. Essex to speak were the mayor and Pam Wolf. Even Donna Reid voted yes. Good for Donna. The only dark spot of the evening was when the deputy clerk appeared to confront Mr. Essex and my other friend in the hall. I guess out of frustration of not knowing what Mr. Essex knows. Good job council. Now if the information is absorbed a return to paper ballots could be in order. No one can question the problems world wide using computers for voting.

  19. lvann_11@sympatico.ca'
    Tom Vann March 28, 2018 at 9:24 am

    Just posted again and no comment came up.

Leave a Reply

Your email address will not be published. Required fields are marked *