Employees used the government's supercomputer to mine, but earned less than $10,000 after a month of continuous mining

Author | Fergus Hunter

Translator | Nuka-Cola

A former CSIRO employee has escaped jail after using a government supercomputer to mine cryptocurrencies, depriving key scientific projects of the necessary computing power.

Mining for one month, earning $9420

The former employee, Jonathan Khoo, worked as a contractor for a federal government scientific research agency from January to February 2018. Taking advantage of his position, he installed and ran 2,903 command scripts in two supercomputers to mine cryptocurrencies for personal gain.

It is understood that in addition to the CSIRO, one of the supercomputers is also used by a number of other government and research organisations, including the Royal Australian Navy and the Victor Chang Cardiac Research Institute.

Khoo, 34, used the supercomputer to mine for more than a month, earning $9,420 worth of cryptocurrency, which he deposited into his Ethereum and Monero digital wallets. CSIRO estimates that the mining activity cost them $76,668 worth of computing power and other resources.

Khoo's illegal activities were discovered in February 2018 and CSIRO immediately fired him. The Australian Federal Police executed a search warrant in March of that year and charged him a year later. Khoo admitted his crimes almost immediately after being searched and expressed "deep regret".

No need to serve time in prison

On September 11, Magistrate Erin Kennedy sentenced the Sydney resident to 15 months in prison, but ordered him to serve his sentence in his community rather than in prison. Khoo also needs to complete 300 hours of community service and continue to be questioned. Based on the 300 hours of community service, Khoo's secret mining earned him the equivalent of $23 per hour.

Commenting after the sentencing, AFP Cyber ​​Crime Commander Chris Goldsmid said such conduct undermined public trust in government and compromised the ability of CSIRO supercomputers to carry out important legitimate tasks. He explained: "The actions of those involved have resulted in supercomputer resources being unable to carry out a number of important Australian scientific research projects, including pulsar data array analysis, medical research and climate modelling."

Khoo's lawyer Avni Djemal stressed in court that his client had no previous criminal record, confessed his illegal actions during police interrogation, showed a sincere attitude of admitting guilt, was willing to bear the consequences of his actions, and also lost his job after the case was exposed.

Reading out the verdict at Downing Centre Local Court, the judge said Khoo's guilty plea and other performance were indeed worthy of recognition, but still stressed that the verdict must have a general deterrent effect.

Kennedy pointed out that Khoo's case was indeed less serious than other cases where offenders hacked into government systems, but the losses suffered by scientific research institutions such as CSIRO were still losses and the corresponding punishment must be implemented.

It is reported that the maximum penalty for such crimes in Australia (including unauthorized tampering with data and causing damage) is ten years in prison.

Goldsmid said malicious cyber activity, including from within organizations, is increasing in both size and severity, and he urged companies and government agencies to build a strong cybersecurity culture and continually improve their ability to detect breaches.

Further reading:

https://www.smh.com.au/national/nsw/former-csiro-worker-avoids-jail-for-using-supercomputers-to-mine-cryptocurrency-20200918-p55x03.html