Government websites hit by bitcoin-mining hackers
Thousands of government websites have been hit by a crypto jacking hack, forcing them to run scripts that make visitors use their computer power to mine cryptocurrencies like bitcoin, litecoin, ethereum and more.
These aren’t insignificant sites either. In the UK, the Information Commissioner’s Office and the Student Loan Company have both been affected with the General Medical Council and NHS Inform also found running the script. In the US, the Indiana Government and the US courts system were also discovered to be running the crypto jacking script.
The mining script comes from Coinhive, a company that claims its product can help you “monetise your site visitors” by sucking their CPU power and using it to mine cryptocurrencies. It’s the same type of script found to be running in YouTube adverts earlier this year, as well as the likes of video streaming sites and torrent website The Pirate Bay.
Coinhive’s script was able to run across all of these sites thanks to a piece of software called BrowseAloud. Embedded in all of the affected sites, TextHelp’s BrowseAloud software offers accessibility services to those with visual or literacy impairments who are browsing the web. Sometime on Sunday, a third-party made modifications to BrowseAloud by adding the Coinhive mining software.
READ NEXT: How Bitcoin works
So far, it doesn’t appear to be any wrongdoing by TextHelp, and since the news came to light about the breach it’s withdrawn BrowseAloud while it resolves the problem.
Thankfully, the crypto jacking script isn’t particularly malicious. While it may utilise your computer’s CPU power – and therefore slow your computer down – it won’t capture sensitive information you may have entered on any of the government sites you’ve visited.
Still, it’s surprising to find crypto jacking scripts running on traditionally trusted websites. More often than not it’s the dodgy corners of the internet that run these crypto jacking scripts to pay for site costs in the absence of advertising.
If you’re worried about becoming a victim of crypto jacking, you can install a content blocker that’ll scramble the script and flag the plugin. No Coin for Firefox, Chrome and Opera are your best bet. Interestingly, Opera comes with crypto jacking protections embedded into both its mobile and desktop iterations.