Bitcoin-mining hackers hit government websites

Visiting public body domains could turn your computer into a cryptocurrency miner

Thousands of government websites have been hit by a cryptocurrency-mining hack, forcing them to run scripts that make visitors use their computer power to mine cryptocurrencies like Bitcoin, Litecoin, Ethereum and others.

These aren't insignificant sites either. In the UK, the Information Commissioner's Office and the Student Loan Company have both been affected, with the General Medical Council and NHS Inform also found running the script. In the US, the Indiana Government and the US courts system were also discovered to be running the crypto jacking script.

The mining script comes from Coinhive, a company that claims its product can help you "monetise your site visitors" by sucking their CPU power and using it to mine cryptocurrencies. It's the same type of script found to be running in YouTube adverts earlier this year, as well as the likes of video streaming sites and torrent website The Pirate Bay.

Coinhive's script was able to run across all of these sites thanks to a piece of software called BrowseAloud. Embedded in all of the affected sites, TextHelp's BrowseAloud software offers accessibility services to those with visual or literacy impairments who are browsing the web. Sometime on Sunday, a third-party made modifications to BrowseAloud by adding the Coinhive mining software.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Since news of the breach came to light TextHelp has withdrawn BrowseAloud while it resolves the problem.

The crypto-jacking script isn't particularly malicious. While it may utilise your computer's CPU power - and therefore slow your computer down - it won't capture sensitive information you may have entered on any of the government sites you've visited.

A spokesperson for the National Cyber Security Centre (NCSC) said: "NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.

"The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk."

If you're worried about becoming a victim of crypto jacking, you can install a content blocker that'll scramble the script and flag the plugin. No Coin for Firefox, Chrome and Opera are your best bet. Interestingly, Opera comes with crypto jacking protections embedded into both its mobile and desktop iterations.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/technology/34286/us-court-orders-alleged-bitcoin-inventor-to-split-his-bitcoin-hoard
Technology

US court orders alleged Bitcoin inventor to split his hoard

28 Aug 2019
Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/digital-currency/30249/what-is-cryptocurrency-mining
digital currency

What is cryptocurrency mining?

6 Jan 2020
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020