author photo
By Clare O’Gara
Mon | May 18, 2020 | 7:15 AM PDT

These are unusual times.

Our social lives are potentially deadly. Handshakes are a thing of the past. And don't even get me started on toilet paper.

Now, one hacker is taking matters into his own hands (or keyboard) because of how people and governments are reacting.

Hacker attacks Ohio unemployment insurance website

Unemployment is a particularly touchy subject surrounding COVID-19.

Of course, the pandemic has led to a massive rise in joblessness as businesses shutter and companies trim their number of employees.

But some employees are also afraid to work during a time where physical interactions are potentially dangerous. And those concerns create tensions between workers, management, and the government.

The Ohio unemployment insurance website, and particularly the site's "fraud reporting" form, was a perfect example of these tensions, according to Vice:

"State officials created the form to encourage companies to snitch on workers who are refusing to work under unsafe conditions, drawing outrage from workers and labor rights advocates."

The fraud form was supposed to prevent employees who refused to work from receiving unemployment benefits during a global pandemic.

So one hacker decided to advocate for labor rights by doing exactly what the form wants... sort of.

"An anonymous hacker has released code that allowed anyone to automatically submit junk data to Ohio's controversial COVID-19 Fraud website."

The computer code script allows anyone to easily submit a fraud reporting form with false data. The goal?

"To overwhelm the site with a flood of fake submissions, making it harder to process claims and thus deny people their benefits.

"It's easy enough to go to the page and fill it out, but that wouldn't amount to enough data to make these particular gears of the state grind to a halt," the anonymous hacker told Motherboard. "It needs to be so much data that their ability to investigate these 'fraud' cases is hampered."

Software engineer David Ankin allegedly made the script easier to use by developing a simple command line tool that allows your computer to continually submit forms in the background.

"If you get several hundred people to do this, it's pretty hard to keep your data clean unless you have data scientists on staff," said Ankin.

How Ohio responded to the unemployment cyber attack

As it turns out, the hacker's plan seemed to work.

After Vice reported the story, Ohio started to reconsider the decision, putting a pause on the form:

"No benefits are being denied right now as a result of a person's decision not to return to work while we continue to evaluate the policy," said Ohio's Department of Job and Family Services director Kimberly Hall.

Related podcast: Geopolitics influence cybercrime and nation-state attacks

The politics of COVID-19 is doing more than impacting hacking at a local level. CNN analyst and retired USAF Colonel Cedric Leighton says it is accelerating the way real world events impact cyberattacks:

"We will know that the Chinese, the Russians, the North Koreans, even the Iranians are going to continue to be active in cyberspace. They will take advantage of new work modes that may outlast the coronavirus pandemic. And those new work modes lead to new vulnerabilities. There's new vulnerabilities will lead to new methods of exploitation by these and other bad actors."

Listen to the SecureWorld podcast here, or on all major podcast platforms:

Tags: Hackers,