Hackers hijacked the website of Portland community radio station KBOO last month, injecting rogue code into the site in order to use the radio station's servers to mine cryptocurrency.
The attack infected computers on April 28, during the last week of the station's spring fundraising drive, says Jenka Soderberg, the web and new media coordinator for the station. KBOO's website is still down.
"The objective of these scripts that were injected into our site seems to be to be part of a cryptocurrency mining scheme—which could be random, or could be that someone suggested our site to the hackers as one they should target," Soderberg wrote in an email to station staff and volunteers.
"We do not know who these hackers are, but have logs that trace their IPs to all over the world," she wrote. "We are working on figuring it out, but it's not easy to do that."
Soderberg tells WW the station usually brings in between $6,000 and $7,000 each day during a drive, but after the attack those numbers were much lower as potential donors struggled with a slow website that kept timing out. Station members' personal and financial records were not accessed in the hack, and the station set up an external donation site to try to recoup some of its losses.
The community station's site has been down intermittently to "disinfect" the code and remove the hostile software. Soderberg says the station hopes to have the website back up on Friday or Saturday.
The breach is part of a massive attack that targeted hundreds of websites, including sites for Lenovo, the University of California at Los Angeles, and the US National Labor Relations Board, that failed to patch a vulnerability in the Drupal content management system. The injected code drained 80 percent of the computing power of infected devices, using the stolen resources to mine cryptocurrency. The hack is being called "Drupalgeddon2".
In the email to staff and volunteers, KBOO said none of its files were accessed. The hackers had IP addresses located across the globe, but the station does not know who is behind the attack.
"It's costing money to fix it," Soderberg says. "It's pretty worrisome."