follow us on twitter @elitebizmag find us on facebook connect with us on linkedin google+ page

Hack left government sites mining the cryptocurrency Monero

Written by Eric Johansson on Tuesday, 13 February 2018. Posted in Cyber security, Technology

A popular Texthelp plugin has been used to compromise the Information Commissioner's Office’s website, as well as thousands of others around the world

Hack left government sites mining the cryptocurrency Monero

When it comes to cybersecurity threats, no one is safe. Over 4,300 website owners were reminded of this fact over the weekend when a hack hijacked a popular plugin to make both their sites and their visitors secretly mine the bitcoin rival Monero. To make things worse, several governmental bodies – like the Information Commissioner’s Office (ICO), some NHS bodies and the Financial Ombudsman Service – were also affected by the breach.

The attack was first raised on Twitter by Scott Helme, a security researcher and founder of Report Uri, the real-time cybersecurity-reporting startup, who was alerted by a friend who’d received a warning that the ICO’s site was compromised. “They're the people we complain to when companies do bad things with our data,” Helme said. “It was pretty alarming to realise that they were running a crypto miner on their site, their whole site, every single page.”

Digging into the matter, he quickly realised that the compromised script, while hosted by the ICO website, was actually part of a third-party provider: the popular plugin Browsealoud. The program, made by the British software company Texthelp, is a tool that reads and translates website content for visitors with dyslexia or who are foreign-language speakers. The individuals behind the hack had illegally injected the controversial CoinHive software into Browsealoud’s code. CoinHive is one of the most blocked piece of software on the web with over 130 million blocks every week, according to Malwarebytes, the anti-malware firm, and the result of adding it to the code meant that every site hosting the plugin and those sites’ visitor were turned into cryptocurrency miners. Recognising the threat, several of the affected sites shut down for several hours to deal with the situation.

Responding to the severity of the situation, Texthelp took down Browsealoud from the web. Commenting on the breach, Martin McKay, CTO and data security officer at the firm, said: “In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.” The software will remain down until 12pm on Tuesday February 13.

From the WannaCry ransomware attack affecting hundreds of thousands of computers to Uber drivers’ data being compromised, the past few years have seen numerous large-scale breaches. Adding this new hack to the list, it serves as a stark reminder why businesses must take cybersecurity seriously.

About the Author

Eric Johansson

As acting web editor and resident Viking, Johansson ensures EB is filled with engaging and eclectic entrepreneurial stories. While one of our most prolific tech writers, he has sharpened his editorial teeth by writing about entertainment and fitness. Follow him on Twitter at @EricJohanssonLJ to catch up with his stream of consciousness.

Our Partners

Event Media Partners