Hack left government sites mining the cryptocurrency Monero

A popular Texthelp plugin has been used to compromise the Information Commissioner's Office’s website, as well as thousands of others around the world

Hack left government sites mining the cryptocurrency Monero

When it comes to cybersecurity threats, no one is safe. Over 4,300 website owners were reminded of this fact over the weekend when a hack hijacked a popular plugin to make both their sites and their visitors secretly mine the bitcoin rival Monero. To make things worse, several governmental bodies – like the Information Commissioner’s Office (ICO), some NHS bodies and the Financial Ombudsman Service – were also affected by the breach.

The attack was first raised on Twitter by Scott Helme, a security researcher and founder of Report Uri, the real-time cybersecurity-reporting startup, who was alerted by a friend who’d received a warning that the ICO’s site was compromised. “They’re the people we complain to when companies do bad things with our data,” Helme said. “It was pretty alarming to realise that they were running a crypto miner on their site, their whole site, every single page.”

Digging into the matter, he quickly realised that the compromised script, while hosted by the ICO website, was actually part of a third-party provider: the popular plugin Browsealoud. The program, made by the British software company Texthelp, is a tool that reads and translates website content for visitors with dyslexia or who are foreign-language speakers. The individuals behind the hack had illegally injected the controversial CoinHive software into Browsealoud’s code. CoinHive is one of the most blocked piece of software on the web with over 130 million blocks every week, according to Malwarebytes, the anti-malware firm, and the result of adding it to the code meant that every site hosting the plugin and those sites’ visitor were turned into cryptocurrency miners. Recognising the threat, several of the affected sites shut down for several hours to deal with the situation.

Responding to the severity of the situation, Texthelp took down Browsealoud from the web. Commenting on the breach, Martin McKay, CTO and data security officer at the firm, said: “In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.” The software will remain down until 12pm on Tuesday February 13.

From the WannaCry ransomware attack affecting hundreds of thousands of computers to Uber drivers’ data being compromised, the past few years have seen numerous large-scale breaches. Adding this new hack to the list, it serves as a stark reminder why businesses must take cybersecurity seriously.

Eric Johansson
Eric Johansson

Share via
Copy link