Hackers “hijack government websites” to mine cryptocurrency

//Hackers “hijack government websites” to mine cryptocurrency

Hackers “hijack government websites” to mine cryptocurrency

By Lauren Howells

Hackers have reportedly hijacked government websites in order to mine cryptocurrency, according to the Evening Standard.

Thousands of websites were reportedly infected with malware

The Evening Standard reported on Monday that as many as 4,700 internet sites around the world could have been “infected” by a malware known as Coinhive, including the Information Commissioner’s Office (ICO) and the Student Loans Company’s websites.

According to the BBC, Coinhive had been added to a plug-in made by Texthelp, which helps partially sighted and blind people access the internet. Coinhive “mines” for cryptocurrencies using the power of a user’s computer.

Mining for cryptocurrencies is the process by which new “coins” are made. This is done by using software to solve mathematical problems. The process uses large amounts of power, so if hackers can use other people’s computers to mine for the “coins” instead, this can save them processing power and therefore save on electricity costs.

“Texthelp Browsealoud product was compromised during a cyber attack”

Coinhive "hijacks government websites" to mine cryptocurrency

Texthelp confirmed that a JavaScript file which is part of its Texthelp Browsealoud product, had been compromised during a cyber attack and that the attacker had added malicious code to the file in order to use the browser CPU (the Central Processing Unit or the “brain” of a computer) in an attempt to illegally generate cryptocurrency.

“…no customer data has been accessed or lost”

Martin McKay, CTO and Data Security Officer of Texthelp said: “In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year and our data security action plan was actioned straight away.

“Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result, the product was taken offline.  This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.”

Texthelp confirmed that the “exploit” had been active for four hours on Sunday and that no customer data had been lost.

Browsealoud will remain offline until 12 pm on Tuesday.

“A security review will be conducted by an independent security consultancy”

McKay added:

“A security review will be conducted by an independent security consultancy.  The investigation is ongoing, and customers will receive a further update when the security investigated has been completed”.

“At this stage, there is nothing to suggest that members of the public are at risk”

On Sunday, the National Cyber Security Centre (NCSC) said that “incidents of malware being used to illegally mine cryptocurrency” were being investigated by technical experts at the NCSC.

A spokesperson confirmed:

“The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely.

“At this stage, there is nothing to suggest that members of the public are at risk.”

By | 2018-02-13T10:10:51+00:00 February 13th, 2018|Technology|0 Comments

About the Author:

mm
After completing her law degree, Lauren decided to follow her passion for writing. She regularly contributes articles to CLNews on personal finance and general consumer topics.

Leave A Comment