| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
The article mentions that in December, nearly 1 billion visitors to video sites like Openload, Streamango, Rapidvideo, and OnlineVideoConverter were also being cryptojacked. This indicates a similar incident of cryptojacking affecting visitors to these video sites, suggesting a recurrence of the software failure incident related to cryptojacking within the same organization or its services [67996].
(b) The software failure incident having happened again at multiple_organization:
The article reports that thousands of sites, including the UK’s National Health Service and the UK’s data protection watchdog, were affected by the cryptojacking attack. Additionally, other government sites in Australia such as the City of Casey council, City of Bayswater council, City of Unley council, and the office of the Queensland Public Guardian were also impacted by the same incident. This indicates that the software failure incident of cryptojacking has occurred at multiple organizations, affecting various government and non-government websites [67996]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase was due to a vulnerability in the popular browser plug-in Browsealoud, which was compromised by hackers inserting a script known as Coinhive into the software. This vulnerability allowed the hackers to exploit the processing power of users' computers to mine cryptocurrency without their permission, affecting government websites in Australia and other countries [67996].
(b) The software failure incident related to the operation phase was due to the operation of the compromised Browsealoud plug-in on government websites, including the Victorian parliament's website, the Queensland Civil and Administrative Tribunal, the Queensland ombudsman, and others. The operation of the plug-in allowed the cryptojacking attack to take place, impacting thousands of users who visited these websites [67996]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident, in this case, the cryptojacking attack on Australian government websites, was primarily caused by a vulnerability within the system. Hackers exploited a vulnerability in the popular browser plug-in Browsealoud, which was used by the government websites affected. The malware was inserted into the Browsealoud software, allowing the hackers to hijack the processing power of users' computers to mine cryptocurrency without their permission [67996]. Additionally, the affected websites could have implemented better defense mechanisms to prevent such attacks, indicating that the failure was within the system due to inadequate security measures [67996]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurred due to non-human actions, specifically through the compromise of a browser plug-in called Browsealoud by inserting a script known as Coinhive. This script hijacked the processing power of users' computers to mine the cryptocurrency Monero without their permission [67996].
(b) The software failure incident also involved human actions as the hackers exploited a vulnerability in the Browsealoud plug-in, which was made by a third-party company called Texthelp. The security researcher, Scott Helme, mentioned that government websites could have done more to prevent the attack by implementing better defense mechanisms when loading software from third parties [67996]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles was primarily due to contributing factors originating in software. The incident involved a malware attack known as cryptojacking that affected Australian government websites, including the Victorian parliament's site, due to a compromised browser plug-in called Browsealoud [67996]. The hackers exploited a vulnerability in Browsealoud to insert a script (Coinhive) that hijacked users' computers to mine cryptocurrency without their permission. This incident highlights how vulnerabilities in software can lead to security breaches and impact hardware systems by utilizing their processing power for malicious activities. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. Hackers compromised government websites, including the Victorian parliament's, by inserting a script known as Coinhive into the Browsealoud software, which hijacked users' computers to mine cryptocurrency without their permission [67996]. This act of cryptojacking was done with the intent to generate profits for the hackers, indicating a malicious objective behind the software failure incident. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident of the Australian government websites being compromised by malware for cryptojacking was due to poor decisions made by the third-party browser plug-in, Browsealoud. The plug-in, made by Texthelp, was compromised by hackers who inserted the Coinhive script, leading to the unauthorized mining of cryptocurrency on visitors' computers [67996].
(b) The intent of the software failure incident related to accidental_decisions:
- The accidental decisions or unintended consequences in this software failure incident are not explicitly mentioned in the provided article. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in this case was not due to development incompetence but rather due to a vulnerability in a popular browser plug-in called Browsealoud, which was exploited by hackers to insert a script known as Coinhive. This script hijacked the processing power of users' computers to mine the cryptocurrency Monero without their permission [67996].
(b) The software failure incident was accidental in nature as it was caused by hackers compromising the Browsealoud plug-in made by a third-party, Texthelp. The hackers inserted the Coinhive script into the software, leading to the cryptojacking attack on various government websites in Australia and other countries. Texthelp took the Browsealoud plugin offline to address the security breach, indicating that the incident was accidental and not intentionally caused by the developers [67996]. |
| Duration |
temporary |
(a) The software failure incident in this case was temporary. The malware attack that led to cryptojacking on government websites, including the Victorian parliament's, was active for a period of four hours on Sunday [67996]. The affected Browsealoud service was temporarily taken offline, and the security breach was addressed [67996]. |
| Behaviour |
crash, omission, timing, value, other |
(a) crash: The software failure incident in the articles can be categorized as a crash as the malware injected into the government websites caused the system to lose its state and not perform its intended functions. The malware, known as Coinhive, hijacked the processing power of users' computers to mine cryptocurrency without their permission, leading to the websites being compromised and not functioning as expected [67996].
(b) omission: The incident can also be categorized as an omission failure as the system omitted to perform its intended functions at an instance(s) due to the injection of the cryptojacking script. The affected websites failed to provide their regular services to visitors as they were unknowingly used to mine cryptocurrency, omitting their primary purpose [67996].
(c) timing: The timing of the failure can be considered in this incident as well. The system performed its intended functions, but too late in addressing the security breach. The Browsealoud plugin was taken offline on Monday morning after the attack had already occurred on Sunday, indicating a delayed response in mitigating the issue [67996].
(d) value: The incident can also be related to a value failure as the system performed its intended functions incorrectly. Instead of providing the usual services to visitors, the compromised websites were generating profits for the hackers by mining cryptocurrency using visitors' computers, which was not the intended function of the websites [67996].
(e) byzantine: The byzantine behavior is not explicitly mentioned in the articles.
(f) other: The other behavior observed in this software failure incident is unauthorized behavior. The malware injected into the websites caused the system to engage in unauthorized activities, such as mining cryptocurrency without users' consent, which deviated from the legitimate and authorized functions of the websites [67996]. |