PolitiFact has been an invaluable resource for debunking politicians' misstatements and falsehoods. But now, it seems, some unknown actor is trying to profit off the website's popularity — by hooking visitors' computers into a virtual currency mining operation.
The hack was discovered Friday by security researcher Troy Mursch, who noticed that visiting Politifact.com caused his computer's CPU to run at its maximum capacity.
— Bad Packets Report (@bad_packets) October 13, 2017
The anomaly left telltale signs of Coin Hive — a piece of code that can be installed on websites that, when active, diverts unused computational power on visitors' computers toward generating a Bitcoin-like currency called Monero. Under ordinary circumstances, said Mursch, Coin Hive is used by some websites as an alternative to advertising. But in the case of PolitiFact, somebody has programmed the site to run multiple versions of Coin Hive simultaneously, basically bringing any visitor's computer to a processing halt.
The phenomenon was soon confirmed by security journalist Brian Krebs.
Politifact[dot]com is not fun to visit right now. Spawned 2 dozen instances of Coinhive monero harvesting scripts. CPU to 100% instantly pic.twitter.com/LVJhPtW2MK
— briankrebs (@briankrebs) October 13, 2017
The issue may be related to a third-party ad provider, said Aaron Sharockman, executive director of PolitiFact, which is owned by the Tampa Bay Times.
“It's frustrating,” he said. “I'm escalating now with our ad and IT folks and I'll get back to you.”
Virtual currencies such as Monero run on digital “coins” that get created when one or more computers that are controlled by a person successfully solve a math problem. Throwing more computational power at the problem means solving it faster — and the more efficiently you can be awarded a new coin.
This isn't the first time we've seen Coin Hive being deployed on major websites. The premium cable channel Showtime was recently discovered to have been running the script, though it has since been deleted from the site. The peer-to-peer filesharing site the Pirate Bay has also experimented with it.
To track the status of PolitiFact's Coin Hive problem, Mursch set up a tool to monitor whether the code was still present. By about 4 p.m. Eastern on Friday, it appeared as though PolitiFact had scrubbed the offending software from its site. “The source of the problem was identified and removed We are reviewing how malicious code got on the site and taking necessary steps to secure the site from bad actors,” a statement from PolitiFact said.