Hackers secretly made UK Government websites force visitors' computers to mine bitcoin alternative monero

As well as being used to earn money for criminals, victims' machines would also slow down as a result

Aatif Sulleyman
Monday 12 February 2018 23:52 GMT
Comments
The Monero cryptocurrency logo is seen in this illustration photo January 8, 2018
The Monero cryptocurrency logo is seen in this illustration photo January 8, 2018 (REUTERS/Thomas White)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Several Government websites have been secretly forcing visitors’ computers to mine bitcoin alternative monero for cyber criminals.

One of the affected sites – that of the Information Commissioner’s Office – was temporarily taken down as a result.

The Student Loans Company’s website was also affected, as were NHS websites, the Pensions Advisory Service, the Financial Ombudsman Service and many more.

Security researcher Scott Helme traced the issue to Browsealoud, software that makes it easier for blind and partially sighted people to use the internet.

It was recently compromised by cyber criminals, who added a cryptojacking script to it.

As a result, everyone who visited a website that ran Browsealoud would secretly have their computer’s processing power used to earn money for cyber criminals, by mining monero.

Texthelp, the company behind Browsealoud, has taken the service down temporarily.

“At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber attack,” it said.

“The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency. This was a criminal act and a thorough investigation is currently underway.”

It says the exploit “was active for a period of four hours on Sunday”, and adds that no customer data was stolen or lost as a result of the hack.

Cryptojacking incidents, in which people’s devices are quietly hijacked and forced to mine digital currencies for other people, have become increasingly common since bitcoin’s spectacular price rise in 2017.

The trend is likely to continue, as successful attacks can help criminals earn a significant amount of money.

“NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency,” the National Cyber Security Centre said.

“The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”

We’ve teamed up with cryptocurrency trading platform eToro. Click here to get the latest Bitcoin rates and start trading. Cryptocurrencies are a highly volatile unregulated investment product. No EU investor protection. 75% of retail investor accounts lose money when trading CFDs.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in