Cryptocurrency-mining hackers attack government websites including UK and US
Scott Helme, a UK-based security researcher, discovered that more than 4,200 websites, including several government ones, were infected on Sunday with a virus that helps criminals mine cryptocurrencies.
Apparently, hackers managed to inject Coinhive cryptocurrency-mining code in theย U.S. and U.K. government websitesย that forces web browsers to secretly mine cryptocurrency. As a result, innocent visitors who visited these compromised websites would have their computers and phonesย commandeeredย in order to mine cyrptocurrencies for the criminals.
According to reports, websites that were infected with virus include those belonging to the Information Commissionerโs Office (ICO), Student Loans Company and Scottishย NHSย helpline among others. The list of 4,200-plus affected websitesย can be found here.
In fact, ICO, the website of UKโs data protection watchdog, was taken offline after they were warned that hackers were taking control of visitors’ computers to mine cryptocurrency. The ICO said: “We are aware of the issue and are working to resolve it.”
Helme said he was informed by a friend who had received a malware warning when he visited UK government site, ico.org.uk. He found that the website was using the Coinhiveย in-browser mining (cryptojacking) script that caused the visitors machines to use their CPU to mine the digital currency calledย Monero.
On investigating further, Helme found that several other government websites from various countries such as uscourts.gov, gmc-uk.gov, nhsinform.scot, manchester.gov.uk, and many more too had started injecting a Coinhive miner.
The affected code injected in the above websites was a malicious version of a widely used text-to-speech accessibility script known as Browsealoud, which is used to help blind and partially sighted people access the web, the report says.
British tech company Texthelp, the company which makes the plug-in, confirmed that the Browsealoud script was compromised but no other Texthelp services were affected.
In a statement, Martin McKay, Texthelp’s Chief Technology Officer (CTO), in a statement saidย the compromise was a criminal act and an investigation is underway.
โUsers who visit the hacked sites will immediately have their computers’ processing power hijacked toย mine cryptocurrencyย – potentially netting thousands for those responsible. Government websites continue to operate securely.
โThe company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency,โ it said.
โThe Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00 GMT.
โAt this stage there is nothing to suggest that members of the public are at risk.โ
Talking about the attack, Helme said, โThis type of attack isnโt new โ but this is the biggest Iโve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.
โSomeone just messaged me to say their local government website in Australia is using the software as well.โ
A spokesperson for the National Cyber Security Centre (NCSC) said: โNCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.
โThe affected services has been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.โ