The Australian Broadcasting Corporation (ABC) looked set to become a haven for Bitcoin virtual currency mining last year, after a so-called "miner" placed a piece of code in the production environment, which could have potentially netted to thousands of dollars. The ABC's security systems, however, had other plans.
Bitcoin is a type of virtual currency, created by applying computer processing power and time to solve a particular problem. Bitcoins can be transferred over peer-to-peer networks and can also be used for real-world purchases.
Crikey was alerted, in June last year, that an ABC Innovation staffer, working in IT, had placed a Bitcoin mining code into the organisation's servers and was using the idle CPU cycles from these servers to generate the virtual currency.
The "ABC insider", who contacted Crikey, said that the action was no accident and added that the individual at the centre of the scandal was, reportedly, not being reprimanded, at the time.
The situation caught the attention of Liberal Senator Eric Abetz, who, in Senate Estimates, quizzed the ABC on how this might have happened, how it was rectified and what happened to the staffer.
The ABC responded to the questions on notice, today, first picked up by Delimiter, saying that the Bitcoin miner was detected within minutes of the code appearing in the company's production environment.
"An ABC staff member, with high level IT access privileges, placed the Bitcoin mining code on the ABC website. The placement of the code was detected by internal ABC checks within 30 minutes and was removed immediately," the ABC told Senate Estimates.
The ABC added that, following the code's removal from the servers, the ABC Grandstand website went down for a short time. The organisation hasn't yet received any complaints from users regarding malware on their machines that could be traced back to the ABC, but it still can't rule the possibility out.
"As this software was, for a short time, embedded within pages on the ABC website, visitors to these pages may have been exposed to the Bitcoin software, however, it is not possible for the ABC to ascertain whether any audience computers were affected by Bitcoin software. The ABC has not received any complaints from audience members as a result of this Bitcoin code," it added.
At the time of the Bitcoin breach, the ABC insider told Crikey that funnelling ABC resources into activities that would benefit the bottom line of a single staffer, would be "grounds for instant dismissal". The ABC said in its answer to Abetz's questions, however, that the staffer still had their job, albeit under the close eye of senior management.
"The employee was disciplined and their access to all production systems has been restricted. The employee is being closely supervised by their manager," the organisation wrote.
The ABC hasn't implemented any new IT security strategies following the incident, but has kept the systems that scan and detect anomalies, like the Bitcoin code, active.
"The ABC is cognisant of its responsibilities with regards to IT security. ABC IT systems continue to scan the ABC's equipment for vulnerabilities, and all users of ABC's internet technologies are bound by ABC security policies and codes of practice."