It seems that we won’t be escaping the cryptocurrency headlines anytime soon, as this week the UK government suffered from a major security breach. Over 4000 government controlled websites were subjected to a cyber attack that took control of visitors’ PCs in order to mine cryptocurrency.
This was confirmed by the UK’s Information Commissioner’s Office (ICO) over the weekend. The hackers managed to inject mining code into these websites through a plugin called ‘Browsealoud’, which is used to help blind and partially sighted people access websites. The plugin was affected for several hours, during this time, those who visited one of the affected sites would have been unknowingly mining Monero coins for the attacker.
Monero is particularly prominent at the moment. It is a cryptocurrency designed to make transactions untraceable, making it a better option than Bitcoin for those wanting to hide from the law.
The code injected leads back to Coinhive, a program designed to allow website owners to utilize the CPU resources of visitors. Website operators can set a limit for how much CPU usage it takes up, as we learned when The Pirate Bay deployed the plugin on its own website to circumvent lower advertising revenue.
As you would expect, an investigation is taking place in addition to a security review, in an effort to plug any additional holes that hackers may exploit.
KitGuru Says: In this instance, the hackers only attempted to mine Monero on the sly, but things could have gone much worse. Personal data could have been stolen, or malware could have wormed its way on to PCs, so we should see tighter security going forward.