Hackers hijack government websites to mine crypto-cash

Government websites hijacked by cryptomining plugin

Government websites hijacked by cryptomining plugin

Security researcher Scott Helme was alerted to the hack by a friend who sent him antivirus software warnings received after visiting a UK Government website.

The software has now been taken offline until midday on Tuesday.

Locally, affected websites Mr Helme found included the Queensland Government's legislation website, the Queensland Civil and Administrative Tribunal and the Victorian Parliament.

Users loading the websites of the Information Commissioner's Office, the Student Loans Company, as well as the council websites for Manchester City, Camden, and Croydon - and even the homepage of the United States Courts - had their computers' processing power hijacked by hackers.

"The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency".

Government websites were infected with the malware on Sunday after a browser plug-in made by a third-party was compromised.

The problem stems from a website plug-in called Browsealoud that helps blind and partially sighted people access the web.

Mr Helme said: "It's a very lucrative proposal".

Texthelp, the company which makes the plug-in, confirmed that the product was affected for four hours by malicious code created to generate cryptocurrency.

The plug-in had been tampered with to add a program, Coinhive, which "mines" for Monero by running processor-intensive calculations on visitors' computers.

In a statement, Martin McKay, Texthelp's chief technology officer, said the compromise was a criminal act and was being investigated.

Mr Helme said using the same technique, malicious actors could have injected a range of malware into the websites.

"Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline", he added.

For example, they could have installed a keylogger that tracks people entering usernames and passwords, or a virus. "It was only limited by the hackers' imaginations". They infect one website and it infects close to 5,000.

Many websites use outside providers for everything from fonts to accessibility tools, which provide an additional gateway for bad actors.

He said: "This type of attack isn't new - but this is the biggest I've seen".

"At this stage there is nothing to suggest that members of the public are at risk".

The Australian Cyber Security Centre has been contacted for comment.

Notícias recomendadas

  • Railways Group D Recruitment 2018 Begins

    Railways Group D Recruitment 2018 Begins

    Minimum percentage of marks for eligibility in various categories: UR -40%, OBC-30%, SC-30%, ST -30%. Get latest news & live updates on the go on your pc with.
    Canada wins its first two medals at PyeongChang Olympics

    Canada wins its first two medals at PyeongChang Olympics

    Inside at curling, the third day of mixed doubles play starts with a meeting between two of the favorites to win the gold medal. The Olympic athletes of Russian Federation also took their first medal as Semen Elistratov finished in third place.
    These Images Were Captured Nearly 3.8 Billion Miles From Earth

    These Images Were Captured Nearly 3.8 Billion Miles From Earth

    Voyager 1's cameras were turned off shortly after that portrait, leaving its distance record unchallenged for more than 27 years. It's not the first time New Horizons has managed an unprecedented feat.
  • US Vice President Mike Pence

    US Vice President Mike Pence

    Warming ties between the Koreas could complicate Seoul's ties with Washington, which wants to maximize its pressures on Pyongyang. Otto was returned to the U.S.in an unconscious state, but died a week later at the University of Cincinnati Medical Center.
    Manhunt for sex attacker of 10-year-old in Openshaw

    Manhunt for sex attacker of 10-year-old in Openshaw

    The fearless girl managed to flee after the man, aged in his 20s, attempted to assault her in Openshaw, Manchester. Police are speaking to witnesses and examining CCTV, but want to hear from anyone who might have information.
    Ted Potter Jr. holds off Dustin Johnson to claim Pebble Beach win

    Ted Potter Jr. holds off Dustin Johnson to claim Pebble Beach win

    Johnson lost a share of the lead with a tee shot that sailed over the cliff on the par-3 fifth and never caught up. Potter chipped in for birdie on No. 7 and didn't drop a shot the rest of the way.
  • Hope Hicks: Trump's confidante finds herself center stage in scandal

    Hope Hicks: Trump's confidante finds herself center stage in scandal

    Wallace pointed out that by saying that, Mulvaney made it sound like those discontent with Kelly worked in the West Wing. Conway said it was a "blessing" to be at the White House and anyone who didn't feel that way shouldn't be there.
    #MeToo shuts out eroticism, director says

    #MeToo shuts out eroticism, director says

    The director, who has made 12 feature-length films including The White Ribbon (2009), is not accused of any misconduct himself. Oscar-winning Austrian film director Michael Haneke called it a "witch hunt" that "poisons" the social climate.
    Pence, Moon speak after Moon invited to visit North Korea

    Pence, Moon speak after Moon invited to visit North Korea

    Blue House spokesman Kim Eui-kyeom cited Moon as replying: "Let's create the environment for that to be able to happen". He is the father of Otto Warmbier, who was arrested in North Korea and died a year ago after returning to the U.S.
  • You Can Get The Old Snapchat Back But It's A Hassle

    You Can Get The Old Snapchat Back But It's A Hassle

    For iOS devices, including iPhones and iPads, Twitter user Clare James shared instructions on how to bring back the old Snapchat . It is hard for the user to get back to the old design and there is less likely that company will go back to previous design.
    Donald Trump, Kim Jong Un impersonators thrown out of Olympics

    Donald Trump, Kim Jong Un impersonators thrown out of Olympics

    The meeting is the most significant diplomatic encounter between the two sides in more than a generation, CNN said. In their Olympic training, South Korean team played exhibition games against top US college teams.
    South Korea's Moon hosts North Korean talks as Pence keeps up pressure

    South Korea's Moon hosts North Korean talks as Pence keeps up pressure

    Korea or exchange pleasantries w/ the most oppressive regime on earth", he wrote. The left-wing Kyunghyang newspaper called the actions "deeply disrespectful".

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.