Australian Government Websites Were Being Hijacked To Mine For Cryptocurrency

15 February, 2018, 01:19 | Author: Archie Newman
  • The code in purple is malicioius. Pic Scott Helme

Hijackers have targetted thousands of government websites, including NHS services, forcing users' computers to mine cryptocurrency while on the site.

"We are aware of the issue and are working to resolve it".

Over 4,200 websites are in the victims list [link], including The City University of NY, the U.S. court information portal (uscourts.gov), Lund University, the privacy watchdog The Information Commissioner's Office (ICO), and several other government, health and educational websites across the world.

Scott Helme, a UK-based security researcher who discovered the malware, said government websites could have done more to prevent the attack.

The hijacking script uses Coinhive, a popular mining script itself is not meant to be malicious-at least according to its creators-but has gained a reputation for being used in these types of attacks, often referred to as cryptojacking.

Australian government websites using the same plugin were also compromised.

According to The Register, which first reported the story, the problems reportedly started just before midday yesterday when the malicious code was inserted by hackers into a popular website plugin called Browsealoud, made by British firm Texthelp.

Weekend weather could be 'impactful' for Riverbend
Total snow accumulations of two to three inches are possible with some areas hitting four inches, mainly near higher terrain. National Weather Service still has Winter Storm Warnings and Winter Weather Advisories up locally through 5 pm tonight .


The Rob Porter scandal has exposed the real John Kelly
Shah said that there was nothing unusual in Porter's working as staff secretary without yet having a security clearance. But Kelly handed Porter more responsibilities to control the flow of information to the president.


Jerome Powell takes oath as sixteenth president of the Fed
Powell also said that the "financial system is now far stronger and more resilient than it was before the financial crisis". Janet Yellen may have been replaced as Federal Reserve Chair, but she's not joining the ranks of the unemployed.


According to BBC News, the programme was used to mine for a cryptocurrency called monero - a bitcoin rival used for anonymous transactions.

"The affected services has been taken offline, largely mitigating the issue".

The plug-in had been tampered with to add a program, Coinhive, which "mines" for Monero by running processor-intensive calculations on visitors' computers.

While currency miners are more of a nuisance than a threat, simply drawing on users' processing power, Helme said the hackers could have implanted more unsafe code if they had chosen to do so. Organizations that want Browsealoud to work on their sites must add its code to their source code, and the hackers took advantage of that relationship to co-opt the computing power of visitors to those sites. It hides in a website's code and steals the processing power of its visitors' devices to mine cryptocurrency.

Websites affected included the Student Loans Company, Barnsley Hospital and other worldwide companies and sites. The technology is used by many websites, including those belonging to the US Courts, the General Medical Council, and some local councils. "This was a criminal act and a thorough investigation is now underway", he said.

"The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers' CPUs to attempt to generate cryptocurrency", it said.

TextHelp, which runs the Browsealoud service, is believed to have enacted its cyber-attack action plan after the incident, and is now consulting with an independent agency about a review of its security.

Recommended:



Popular

All-New 2019 BMW X4 Coupe-Style SUV Arrives this Year
The new X4 is longer and wider than its predecessor , with more space in-between its front and rear axles. That means boot capacity is up to 525 litres and there's a shade more rear passenger legroom.

United Kingdom inflation in focus as equities recovery continues
At the pumps, petrol prices rose by 1.1p per litre on the month to 121p per litre, while diesel rose 1p to 124.5p per litre. Sterling rose 0.5% against the dollar to 1.39 United States dollars following the news.

Revenue Estimates Analysis Of FireEye, Inc. (FEYE)
Fireeye Inc (NASDAQ: FEYE)'s price sits -3.14% off from its SMA 50 of $14.84 and -6.69% away from the SMA 200 which is at $15.22. Zacks Investment Research raised FireEye from a "sell" rating to a "hold" rating in a research report on Tuesday, January 16th.

Ex-Trump aide Omarosa warns things 'bad' inside White House
McCain then chimed in, where she called out Omarosa for hopping the fence from defending Trump to slamming him on reality TV. However, she lost her title when " The Cosby Show " star Keshia Knight Pulliam won the first-ever Right to Recast.

Death of ex-Cardinals linebacker 'preventable' with stricter illegal immigration laws
A little more than two years later, in March 2009, he was again arrested in San Francisco and then deported that May. Manuel Orrego-Savala, a citizen of Guatemala, leaves a court hearing Tuesday, Feb. 6, 2018, in Indianapolis .

Investor Focus on Active Signal: NVIDIA Corporation (NVDA)
After paying the bills, NVIDIA came away with a profit of $3.05 billion for the full year, and $1.12 billion for the quarter. Eli Lilly and Company had 95 analyst reports since July 23, 2015 according to SRatingsIntel. (NASDAQ:EEFT) or 55,947 shares.

Willie Reed acquired by the Bulls for Jameer Nelson and then waived
Nelson is playing his 14th season in the National Basketball Association , averaging career lows in most major stat categories. That much was clear the moment they traded for Blake Griffin on January 29 and embarked on their current five-game win streak.

White House confirms Trump eyeing parade
And furthermore, they'll liken him to Hitler and every other dictator in history who's held a parade as a show of strength. City Council - which is dominated by Democrats - mocked the idea of the city hosting a parade featuring military hardware.

EPL: Giggs tells Mourinho best position to play Pogba
Speaking on Saturday, Mourinho was asked about new signing Alexis Sanchez before branching off to discuss the crowd. Jose Mourinho recalled Sir Alex Ferguson's response when Chelsea won their second Premier League title in 2005-06.

How will new iPhones handle energy? Apple's response to senator raises questions
Finally, Carmichael Hill & Associates Inc. acquired a new position in Apple during the 4th quarter valued at about $4,164,000. The investment giant mostly services corporate clients and this deal might help them grow their consumer bank.