Groups Similar Search Look up By Text Browse About

Government websites fall prey to cryptocurrency mining hijack

The US, UK, Australia and other countries were affected. It's not just private companies' websites falling victim to cryptocurrency mining hijacks. Security consultant Scott Helme and the Register have discovered that intruders compromised over 4,200 sites with Coinhive's notorious Monero miner, many of them government websites from around the world. This includes the US court info system, the UK's National Health Service and Australian legislatures, among others. The intruders spread their JavaScript code by modifying an accessibility plugin for the blind, Texthelp's Browsealoud, to inject the miner wherever Browsealoud was in use. The mining only took place for several hours on February 11th before Texthelp disabled the plugin to investigate. Government sites like the UK's Information Commissioner's Office also took pages down in response. As with most of these injections, your system wasn't facing a security risk -- you would have just noticed your system bogging down while searching for government info. The mining goes away the moment you visit another page or close the browser tab. The biggest hassle was for the site operators, who are now discovering that their sites are vulnerable to intruders slipping in rogue code without verification. It's not certain who's behind the attempt, but these hijacks tend to be the work of criminals hoping to make a fast profit. The big problem: this might continue to happen for a while. Although antivirus tools can catch Coinhive, a more definitive solution would be to use a fingerprinting technique (subresource integrity) that verifies of outside code and blocks any modifications. And there's no indication that many websites, whether government or private, are in a rush to implement it.

Government websites have quietly been running cryptocoin mining scripts

A security researcher has discovered thousands of legitimate websites — many belonging to local governments and government agencies — running scripts that secretly force visitors computers to mine cryptocoins. In the UK, both the websites of the Information Commissioners Office and the Student Loan Company have found to be affected. The mining scripts were also found on the websites of the General Medical Council and NHS Inform. Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… On the other side of the pond, the websites belonging to the Indiana Government and the US courts system were also discovered to be running the CoinHive mining software. The issue stems from a piece of software called BrowseAloud, which is embedded on all affected sites. BrowseAloud offers accessiblity services, assisting those with literaracy or visual impairments to access government services and information. There is no suggestion of wrongdoing by the aforementioned sites, nor TextHelp (the owner of BrowseAloud). It appears that at some point on Sunday, an unknown third-party modified BrowseAloud to covertly inject the CoinHive mining software. TextHelp has since withdrawn the BrowseAloud plugin while it addresses the issue. It seems like the @texthelp script file was modified between Sun, 11 Feb 2018 02:58:04 GMT and Sun, 11 Feb 2018 13:21:56 GMT according to the @internetarchive: Cryptojacking is a problem most commonly associated with the seedier aspects of the Internet. Some sites often struggle to attract typical advertisers: like those in the porn and file sharing spaces. In order to keep the lights on, they instead resort to using their visitors spare CPU power to mine cryptocoins. On one hand, cryptojacking is less visibly intrusive than traditional advertising. Thats not much off a defense though, and it comes with several major downsides. Users with these scripts running find their computers inexplicably slower. Their machines might also run hot. If theyre on a mobile device, battery life will be adversely affected. Its pretty astonishing to see cryptojacking scripts running on legitimate government webpages. In this case, security researchers identified the issue quickly. The biggest takeaway from this episode is that, no matter your browsing habits, cryptojacking is a threat you should protect yourself from. The most well-known content blocker that explicitly deals with cryptojacking is No Coin. This plugin is available for Firefox, Chrome, and Opera. Should you want something thats baked deeply into the browser, both the desktop and mobile versions of Opera come with cryptojacking protections baked in.