UK, US Government Sites Hacked by Cryptocurrency Miners

UK, US Government Sites Hacked by Cryptocurrency Miners

The value of (along with some lesser-known cryptocurrencies, such as Ethereum and Ripple) recently slumped, leading to some predictions that the “bubble” of its inflated value is beginning to pop, that , in general, is on its way out.

, however, do not believe it, they’re all in on crypto. They’re in so deep, in fact, that they’re hijacking thousands of websites, including those that belong to reputable entities like the United Kingdoms’ National Health Service and the United States court system, to mine the stuff, according to The Register.

What do these sites have in common that enables ease of penetration by this ? They all use a plug-in called Browsealoud, which allows blind or partially-sighted people to listen to the text that appears on the screen. That’s what the used to hijack the websites.

The culprits exploited accessibility software to mine . Real classy.

UK, US Government Sites Hacked by Cryptocurrency Miners

In the early hours of February 11, 2018, malware intended to mine lesser-known monero was added to Browsealoud’s code. It ran on some 4,200 affected websites for several hours. So whenever an unsuspecting visitor accessed those sites, the mining script would run in their web browser, without the users’ consent, generating for the . By the afternoon, Browsealoud’s team had realised the issue and shut down its service while it repaired its code.

RELATED:   “Bitcoin Buyers Should Prepare To Lose All Their Money” – UK Financial Conduct Authority.

Authorities aren’t yet sure who the are. But the company at least has been clear: the ’ actions were illegal.

The breach is bad news for more than just Browsealoud, and for the sites that use it. It reveals a weakness of the modern internet as a whole. Most websites rely on just a few providers of various services — almost half of the websites that track user activity via cookies, for example, use the same software. That means that if can crack that one common software, they can take advantage of thousands, or even millions, of sites that rely upon it.

The websites themselves have little control over it. And even though Browsealoud had been preparing for such a breach over the past year, according to a company statement, there wasn’t much their clients could do after the attack.

Yes, breaches are bad, but ultimately, consumers didn’t suffer too much from this one. The didn’t steal any user information (that could be particularly bad for users typing in their most personal identifying information to government websites), they didn’t infect computers with buggy software. They just mined some and probably made the environment just a bit worse off for it.


Leave A Reply

Your email address will not be published.