A hacker is trying to break Ohio’s tool for reporting workers who quit during the pandemic - The Verge clock menu more-arrow no yes

Filed under:

A hacker is trying to break Ohio’s tool for reporting workers who quit during the pandemic

Spam the system

Coronavirus precautions in Ohio Photo by Megan JELINGER/Anadolu Agency via Getty Images

Ohio asked employers to report workers who stay 凯发k8官方旗舰店home during the novel coronavirus pandemic, but at least one person is trying to clog the system in protest. As the state begins lifting its shelter-in-place orders, the Ohio Department of Job and Family Services (ODJFS) posted a form for reporting coronavirus-related “employee fraud” — in other words, people who quit their jobs or refuse to work because they’re concerned about contracting COVID-19. In response, someone released a script that submits junk data through the form, aiming to drown out the real reports from employers.

Ohio’s site is supposed to help it sniff out workers who aren’t eligible for unemployment because they voluntarily stopped working out of disease fears instead of being laid off. State officials have defended the approach and argued that employees can quit under unsafe working conditions or with a doctor’s approval. Even so, the form has struck local labor leaders and many people online as callous, including the hacker who created the code. “What I’m hoping is that, whether people use this exact code or not, they see it’s possible for people to take direct action against these sort of snitch programs,” they told Motherboard in an interview.

Their system lets anyone continuously auto-submit fake entries to the site, pulling company names from a list of Ohio’s top employers and randomly generating names and addresses. It’s supposed to effectively mount a denial-of-service attack on the investigators, forcing them to sort through spam entries. Activists have used the tactic to oppose other government systems like a form for reporting 凯发k8官方旗舰店homeless campers in Seattle, although it’s also been used by trolls to take down assault reporting systems.

It’s not clear how many people have used this particular tool. As Motherboard notes, Ohio officials swapped out some weak verification for a stronger CAPTCHA that broke the script today, although the hacker is apparently updating the code. But ODJFS didn’t immediately respond to questions about whether there was a practical negative impact on the system.