Cryptocurrency-mining hackers attack government websites including UK and US
Scott Helme, a UK-based security researcher, discovered that more than 4,200 websites, including several government ones, were infected on Sunday with a virus that helps criminals mine cryptocurrencies.
Apparently, hackers managed to inject Coinhive cryptocurrency-mining code in the U.S. and U.K. government websites that forces web browsers to secretly mine cryptocurrency. As a result, innocent visitors who visited these compromised websites would have their computers and phones commandeered in order to mine cyrptocurrencies for the criminals.
According to reports, websites that were infected with virus include those belonging to the Information Commissioner’s Office (ICO), Student Loans Company and Scottish NHS helpline among others. The list of 4,200-plus affected websites can be found here.
In fact, ICO, the website of UK’s data protection watchdog, was taken offline after they were warned that hackers were taking control of visitors’ computers to mine cryptocurrency. The ICO said: “We are aware of the issue and are working to resolve it.”
Helme said he was informed by a friend who had received a malware warning when he visited UK government site, ico.org.uk. He found that the website was using the Coinhive in-browser mining (cryptojacking) script that caused the visitors machines to use their CPU to mine the digital currency called Monero.
On investigating further, Helme found that several other government websites from various countries such as uscourts.gov, gmc-uk.gov, nhsinform.scot, manchester.gov.uk, and many more too had started injecting a Coinhive miner.
The affected code injected in the above websites was a malicious version of a widely used text-to-speech accessibility script known as Browsealoud, which is used to help blind and partially sighted people access the web, the report says.
British tech company Texthelp, the company which makes the plug-in, confirmed that the Browsealoud script was compromised but no other Texthelp services were affected.
In a statement, Martin McKay, Texthelp’s Chief Technology Officer (CTO), in a statement said the compromise was a criminal act and an investigation is underway.
“Users who visit the hacked sites will immediately have their computers’ processing power hijacked to mine cryptocurrency – potentially netting thousands for those responsible. Government websites continue to operate securely.
“The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency,” it said.
“The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00 GMT.
“At this stage there is nothing to suggest that members of the public are at risk.”
Talking about the attack, Helme said, “This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.
“Someone just messaged me to say their local government website in Australia is using the software as well.”
A spokesperson for the National Cyber Security Centre (NCSC) said: “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.
“The affected services has been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”