Crypto Hackers Hijack Government Websites To Mine Cryptocurrency

Adjust Comment Print

Hackers infected the websites with a programme called Coinhive, which hides inside a site's code and mines digital currencies by hijacking the processing power of visitors' computers.

The ICO said it was aware of the problem and was working to resolve it. Various governmental departments in Australia and the United Kingdom were found frantically calling the tech guys over the weekend as their websites were compromised.

On Sunday, computer security researcher Scott Helme discovered the latest incident after a friend received a malware alert when visiting the ICO's site.

In a report last month, cybersecurity firm CrowdStrike highlighted the rise of cryptocurrency mining, a relatively new flavor of attack. What all the affected sites have in common is that they use an accessibility plugin called Browsealoud - which ordinarily facilitates easy speech, reading and translation tools.

It makes transactions in it "untraceable" between the senders and recipients involved.

Facebook's new Lists feature focuses on more personal posts
A recent eMarketer report indicates that Facebook lost approximately 2.8 million US users aged under 25 years in 2017. In fairness, why would you want people's grocery shopping lists clogging up your Facebook feed?

Scotland ring changes for France clash
France , meanwhile, had their hearts broken owing to a 83rd-minute Johnny Sexton drop-goal at Stade de France last week. Scotland led early thanks to a Stuart Hogg try before the home side replied through Gaël Fickou on the half-hour mark.

Who Is Priya Prakash Varrier? Oru Adaar Love (2018) Heroine Memes
Looks like we are not over her as we are getting to know different facets of her personality as we dig further into her life.... Interestingly, Priya Prakash Varrier's winking video has caught the attention of Telugu superstar Allu Arjun as well.

Although responsibility ultimately lies with Texthelp, Helme suggested government websites should be held to a higher security standard if they use third-party services, such as Browsealoud.

It's believed that over 5,000 websites have been affected by the malware.

Browsealoud is used on a huge number of websites, according to search engine PublicWWW, including manchester.gov.uk, newham.gov.uk, york.gov.uk, croydon.gov.uk and at least 32 other websites on the '.gov.uk' domain. Other U.K. websites that were infected include the National Health Service (NHS), several English councils, and the Student Loans Company. Many websites use "plug-ins" like Browsealound - third party apps which perform a specific task and save the trouble of writing code from scratch.

The code injected leads back to Coinhive, a program created to allow website owners to utilize the CPU resources of visitors. It then affected thousands of websites, including the ICO's, which used it.

An investigation to try and uncover the perpetrator is now underway and technical experts are examining data from the incident, said a spokesperson for the National Cyber Security Centre in a statement. According to the company's CTO, Martin McKay, "no customer data has been accessed or lost" and the modified file was only used to mine cryptocurrency during a four hours window on Sunday. While mining for the Monero cryptocurrency, the code also hijacks a victim's computer processor - causing higher power usage and, at least with some Android versions, potentially even destroying the phone.

Comments