As discussed in my recent Linkedin post, the state of Ohio’s COVID-19 fraud reporting website is now under attack from an anonymous hacker.
Under Ohio law, individuals are disqualified from receiving unemployment benefits during the COVID-19 pandemic if they are able to work but refuse job offers or quit their job without good cause. The policy has caused debate because some believe workers are being forced to choose between their livelihoods or health if their employers are not taking enough perceived action to provide a safe workplace.
“It’s a case by case basis, but if you’re just saying ‘I’m afraid of the virus,’ that would not be sufficient. The analysis would need to be that your work environment, the conditions there, are such that you are at risk from a health and safety standard,” said Ohio Department of Jobs and Family Services Director Kimberly Hall in a recent interview regarding the law.
To enforce the law, Ohio launched the Return to Work Dispute Resolution Form for employers to report employees and prevent them from collecting unemployment benefits.
According to VICE news, there is an anonymous hacker that doesn’t like this idea and has taken action against the State. In an effort to sabotage the site, the hacker released a program that inputs fake data into the state website so that state investigators would be swamped with so much data, they won’t know what data is legit versus fake and would make it nearly impossible to deny people their benefits. The program works by submitting information using company names from the top 100 employers from the state of Ohio along with random name and address generators to overwhelm the system with this dummy data.
The anonymous hacker told VICE… “It’s easy enough to go to the page and fill it out, but that wouldn’t amount to enough data to make these particular gears of the state grind to a halt. It needs to be so much data that their ability to investigate these ‘fraud’ cases is hampered.”
The State has since implemented a stronger captcha check, using Google’s re-captcha service, however, the hacker is reportedly tweaking the program in an attempt to work around this.
What are your thoughts?
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts in multiple technical domains. Learn more about our cybersecurity firm and services at www.schneiderdowns.com/cybersecurity or contact us at [email protected].