UK, US government websites hacked to mine cryptocurrency

Feb 15, 2018, 01:17
UK, US government websites hacked to mine cryptocurrency

The Information Commissioner's Office website is still offline. Coinhive hijacks the processing power of a user's computer to mine Monero.

The code is now disabled and websites are no longer affected but the hackers had affected over 5,000 websites.

Rather than focusing on cryptocurrency, the earlier incident saw many NHS trusts targeted, with software shutting down individual terminals and demanding a specific sum of money to restore access.

In December The Guardian reported that almost 1 billion visitors to the video sites Openload, Streamango, Rapidvideo and OnlineVideoConverter were also being crypto-jacked.

Scott Helme, a UK-based security researcher, has uncovered that a cryptocurrency mining script was injected in Text Help's accessibility services plugin called BrowseAloud.

"There's a technology called SRI (Sub-Resource Integrity) created to fix exactly this problem, and unfortunately it seems that none of the affected sites were using it".

"In the case of scripts like Coinhive, it means being able to inventory all the third party code running on your web assets, and being able to detect instances of threat actors leveraging your brand on their illegitimate sites around the internet". Sometime last weekend, a third-party made modifications to BrowseAloud by adding the Coinhive mining software.

It seems that we won't be escaping the cryptocurrency headlines anytime soon, as this week the United Kingdom government suffered from a major security breach.

Helme said he initially verified that about 20 Browsealoud clients carried the code, but he provided a list of 4,275 sites around the world that carried the Browsealoud script, and as such were likely to have been infected.

"If you want to load a crypto miner on 1,000 websites you don't attack 1,000 websites, you attack the one website that they all load content from".

Hackers trying to mine the digital currency Monero exploited thousands of websites, including those for educational institutions in the US and elsewhere. Closing the window stops the code from running.

Some Australian government websites appear to have been used by hackers in crypto-jacking, in which computers are secretly forced to mine cryptocurrency. It was originally developed as a way for website operators to decrease their reliance on advertising, but has since been widely abused by hackers.

Martin McKay, Chief Technology Officer and Data Security Officer for TextHelp added, "A security review will be conducted by an independent security consultancy".

The National Cyber Security Centre said that they were investigating the incident.

YOU MIGHT ALSO LIKE
  • Pochettino has advised Alderweireld he should get fitter

    Pochettino has advised Alderweireld he should get fitter

    The fans and the players have to work with each other as we did in those games and from then forward we've been really strong. He added: "I think last season he played so well, and then at the end of the season he suffered a problem in his ankle".
    Russian jet 'crashes' after Moscow take-off

    Russian jet 'crashes' after Moscow take-off

    The plane was carrying 65 passengers and 6 crewmembers, majority Russians, and was heading for the southern Russian city of Orsk. Russia's Interfax news agency said the Saratov Airlines AN-148 jet crashed near the village of Argunovo in the Moscow region.
    Leader Nordcorea Kim invita presidente Sudcorea Moon a Pyongyang

    Leader Nordcorea Kim invita presidente Sudcorea Moon a Pyongyang

    In precedenza era stato riferito che Moon Jae-in si sarebbe incontrato con Kim Yong-nam alla cerimonia di apertura delle Olimpiadi di Pyeongchang .
  • BMW reveals new X4 SUV

    BMW reveals new X4 SUV

    The BMW ConnectedDrive will offer Real-Time Traffic Information, On-Street Parking Information and the Concierge Services. The answer to the question nobody asked is back again, with BMW set to launch the second generation of its X4 crossover.
    Donald Trump Plans To Replace Food Stamps With Food Boxes

    Donald Trump Plans To Replace Food Stamps With Food Boxes

    Currently, SNAP beneficiaries can buy what they want with all of their monthly benefits as long as it falls under the guidelines . SNAP participants would receive domestically-sourced and produced food in lieu of a portion of their SNAP benefits .
    Helicopter Crashes In The Grand Canyon

    Helicopter Crashes In The Grand Canyon

    The Federal Aviation Administration and the National Transportation Safety Board will investigate, Kenitzer said. Three people died when a helicopter crashed in the Grand Canyon in Arizona, Saturday, police confirmed to CNN .
  • Will Ed Sheeran Play at Prince Harry and Meghan Markle's Wedding?

    Will Ed Sheeran Play at Prince Harry and Meghan Markle's Wedding?

    Mark said: "We thought it fitting to open our doors to the public for a screening of the Royal Wedding ". That would make any normal couple scream, but they're not normal.
    Nigerian Inflation drops to 15.13 % in January

    Nigerian Inflation drops to 15.13 % in January

    It means prices are still rising faster than wages, according to the latest data, and have been for a full 12 months. Petrol prices rose by 1.1p per litre on the month to 121p per litre, while diesel rose 1p to 124.5p per litre.
    Greig Laidlaw one of six Scotland changes for France clash

    Greig Laidlaw one of six Scotland changes for France clash

    And it soon went from bad to worse for the home side, Maxime Machenaud slotting a penalty to make it ten points in ten minutes. Laidlaw could have reduced the arrears after sprinting clear from an attack, but the scrum-half knocked on close to the line.
  • New Jersey Man Who Set Off Bombs Gets Multiple Life Sentences

    New Jersey Man Who Set Off Bombs Gets Multiple Life Sentences

    Rahimi shared bomb-making instructions and speeches by terrorist leaders like Osama bin Laden and Anwar al-Awlaki. Two days after the bombs went off, police ended a manhunt for Rahimi with a shootout in Linden, New Jersey.
    AIMPLB to issue Hyderabad Declaration on Feb 11

    AIMPLB to issue Hyderabad Declaration on Feb 11

    Babri Masjid is a Masjid and it will remain a Masjid till eternity, " the AIMPLB said in a release. The meeting also discussed key agendas like the Triple Talaq Bill pending in the Rajya Sabha.
    Steven Merrell, Financial Planning: A little perspective on market volatility

    Steven Merrell, Financial Planning: A little perspective on market volatility

    BIGGEST TWO-DAY SPIKES IN THE VIX A historical look at the VIX suggests that spikes such as the ones witnessed on Monday are rare. But during the market rout on Monday, it soared to 38.8, its highest level since August 2015, and rose by a record amount.
popular