UK Government Websites Hit by Monero Mining Malware Could Have Been Much Worse
In 2018, Hackers are designing malware not just to steal your personal information on your computer, but also to take over its processing power to mine cryptocurrencies. From this, we can glean that the value of cryptocurrencies and their importance is rising while governments and security companies need to focus exponentially more on these types of malware attacks.
Government Websites Infected
This most recent attack was not centralized to one specific computer or website. Reports indicate that the UK’s data protection website, NHS Services, the Student Loans Company along with many English councils were all infected.
It wasn’t until February 11, 2018, that the UK’s data protection watchdog, the Information Commissioner’s Office (ICO), was taken down to handle the issue after it reported a malware breach had indeed taken place.
This move seems exceptionally ironic as one of the office’s main tasks is to monitor data, malware, security threats, and they were hacked, forcing users of their many websites to mine cryptocurrencies.
When visitors visited the infected sites, the malware on the site would force the user’s computer to mine cryptocurrency. The more processing power dedicated to mining, the more cryptocurrency produced. The length of time of the malware infection is still not entirely known.
The question remains, how were so many websites hacked without anyone noticing?
BrowseAloud and Coinhive
The crypto mining malware was injected into website codes through BrowseAloud, a software that helps the visually-impaired access the web. From there, the Coinhive mining script is executed to mine Monero via users’ CPU. While embedding the script into software unawares to users is becoming common practice for many malicious agents in the crypto space, there are others who have also been levering mining techniques for profit.
One such instance being Salon’s decision to offer content with ads, or without ads, but supplement the latter with mining software while visitors read articles.
Another, reported on by BTCManager in November 2017, asks visitors of Bail Bloc to “volunteer [their] computer’s spare power to get people out of jail.”
The National Cyber Security Centre (NCSC) stated how members of the public were not at risk following this malware attack. The author is skeptical they know what they are talking about as many of their websites were infected with malicious software without the computer security team even noticing.
Further, BrowseAloud is run by Texthelp, which immediately took its website down following the release of the news. The site remains down while they attempt to resolve the problem.
One of the more interesting twists is that no IT security expert working for the UK government noticed this hack. It was an individual by the name of Scott Helme.
https://twitter.com/Scott_Helme/status/962684239975272450
The renowned IT security consultant received a message from a friend whose antivirus software noticed an issue after visiting a UK government website. This tip immediately raised red flags to Helme, and he contacted the UK authorities. He confirmed:
“This type of attack isn’t new. But this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland, and the United States.”
The size of this hack is just beginning to be understood as no information from the United States has been released.
A significant positive, however, is the hack did not compromise data on the actual computers being forced to mine. As long as this remains true, the worst thing that happened was computers were compelled to mine for a third party while visiting a government website. Had every identity, along with the crypto wallet balances, been stolen this would have been a problem of epic proportions possibly collapsing cryptocurrency markets worldwide.
Fortunately, that is not what took place; The hack supposedly only forced mining for the short term. The result could have been far worse than your computer’s processing power being hijacked for a few minutes while you visited a Council Member’s page on a UK site.
NCSC is quoted as stating, “[The center’s] technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.” They went on to state how the impacted services and sites had been taken offline. The group is hoping this will mitigate the issue while they investigate how to continue to operate safely.
Their final statement was that the public was not at risk and that this was a focused attack solely attempting to mine cryptocurrency.
Conclusion
This hack could have been far worse than what is currently being reported. If malware was capable of taking over the processing power of computers across the UK without anyone noticing for days, the question must be asked what type of antivirus software and security experts are employed there? How did it take a user with antivirus software on his computer to notice a major hack of thousands of UK websites?
The positive news is that had crypto balances been wiped and identities were stolen this information would have already been publicly released. The crypto world along with the UK government was able to escape relatively unscathed, and hopefully, future malware attacks will be as innocent as hijacking the processing power of an unaware user for a few minutes while they mine cryptocurrency.
To read the King’s prior articles, to find out which ICOs he currently recommends, or to get in contact directly with the King, you can on Twitter (@JbtheCryptoKing) or Reddit (ICO updates and Daily Reports).