Cryptojacking Attacks Continue as "Los Angeles Times" Falls Prey to Hackers

The LA Times was unknowingly crypto mining.

Flickr / Christoph Scholz

An unknown hacker or group of hackers have secretly inserted lines of code into the Los Angeles Times server to tap into the publication’s CPU resources and mine the cryptocurrency Monero.

This compromise of the news organization’s website was initially spotted on Wednesday by Troy Mursch, a security researcher at Bad Packets Report. The code he found was an obfuscated Coinhive script, a cryptocurrency-mining company that offers users a JavaScript miner as a way to monetize websites. The miner has since been removed.

While this untraditional method of mining cryptocurrency might prove novel for some, this latest attack, known as cryptojacking, shows how it can be maliciously used to recreate the same type of attack Tesla and Google Chrome have recently fallen victim to.

The crux of what led the LA Times to get hit with this attack was a misconfiguration in the Amazon AWS S3 server — known as an S3 bucket — the publication uses. After digging around the server, Mursch said that it gave anyone the ability to simply insert their own lines of code into the server.

British information security researcher Kevin Beaumont,highlighted that this is a widespread problem with a large number of S3 buckets, which are known to be publicly readable. This means that anyone can view their underlying code, but not edit it. But all it takes is a simple misconfiguration and anyone online would be able to read and write into them.

Beaumont was even able to find a friendly warning in the LA Times S3 bucket that warned the publication that their server was essentially open to the public.

“Hello, This is a friendly warning that your Amazon AWS S3 bucket setting are wrong. Anyone can write to this bucket. Please fix this before a bad guy finds it,” stated the message.

Unfortunately, this friendly hacker’s message did not get across in time and if Beaumont’s own warning is true, there are a lot of servers out there that could be unknowingly mining Monero or being used for other nefarious purposes.

If you’re making use of Amazon’s servers, it would be best make it a habit to check their settings.