Government websites hit by cryptocurrency mining malware

Australian sites among thousands hacked to include mining script

A list of 4,200-plus affected websites can be found here: they include The City University of NY (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other.gov.uk and.gov.au sites, UK NHS services, and other organisations across the globe.

Scott Helme, an IT security consultant, raised the alarm about the malware after he received a message from a friend whose antivirus software had detected an issue after visiting a United Kingdom government website.

According to the Register, all of the afflicted websites ran British tech company Texthelp's Browsealoud plugin, which reads out websites for people with visual impairments like full or partial blindness or conditions like dyslexia.

"If you want to load a crypto miner on 1000+ websites you don't attack 1000+ websites, you attack the 1 website that they all load content from", Helme said.

Texthelp, which operates the compromised BrowserAloud plugin, confirmed to Sky News that their software was hacked at 11.14am on Sunday and remained active for four hours.

Some of the affected websites have been taken offline as Whitehall IT experts battle to defeat the code.

This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.

"Texthelp can report that no customer data has been accessed or lost". The company added that "This was a criminal act and a thorough investigation is now underway" by an independent security company. He said: Every single website I run has an "Integrity Attribute", which is a tiny change in how the script is loaded but is there because I'm anxious about exactly this type of thing happening.

Information security blogger Scott Helme discovered the hack via the UK Information Commissioner's Office website on the weekend. The UK's National Cyber Security Centre is investigating the incident.

The affected service has been taken offline, largely mitigating the issue.

The website for the parliament of Victoria, and the Queensland government's legislation website, were among thousands of websites that fell victim to a cryptocurrency hack that hijacked their websites to use them to mine for cryptocurrency. At this stage there is nothing to suggest that members of the public are at risk.

Related:

Comments

Latest news

Rikers Inmate Boasted About Plan to Attack Correction Officer
Mayor Bill de Blasio abolished in 2015 the use of solitary confinement as a punishment for inmates age 21 and under. The violent attack occurred inside the department's much-touted specialized unit for younger inmates who act out.

Vanguard MSCI EAFE ETF (VEA) Shares Bought by Bartlett & Co. LLC
Price-To-Cash-Flow-Ratio is a term that indicates the degree of cash flow valuation of the enterprise in the securities market. The latest reading places the stock below the Ichimoku cloud which indicates negative momentum and a potential sell signal.

Reports say 49ers linebacker Reuben Foster arrested for domestic violence
In April, Santa Clara County prosecutors filed felony domestic violence charges against former 49ers cornerback Tramaine Brock. Foster, 23, gave a diluted drug test sample and was then sent home after an altercation with a hospital employee.

Short Interest in Enterprise Products Partners LP (NYSE:EPD) Decreases By 24.5%
Finally, Bank of America assumed coverage on shares of Enterprise Products Partners in a research report on Tuesday, January 9th. The oil and gas producer reported $0.36 EPS for the quarter, beating the Thomson Reuters' consensus estimate of $0.35 by $0.01.

United States women's hockey overcomes Finland, wins first game of 2018 Olympics
But Venla Hovi slid in the puck with just 5.8 seconds left before the break to put the Americans behind at the first intermission. Kendell Coyne added a power-play goal 2 minutes, 31 seconds later and Dani Cameranesi iced it with an empty-netter in the third.

Other news