Hackers hijack thousands of government websites to mine Bitcoin
THOUSANDS of government websites have been targeted by hackers to mine cryptocurrency, in a process known as “cryptojacking”, it has emerged.
The sites, including the Information Commissioner’s Office (ICO), the Scottish NHS helpline and the Student Loans Company – along with hundreds of other central and local government sites – appear to have been running a power-pinching program that uses hacked computers to mine cryptocurrencies such as Bitcoin or Ethereum.
The websites were infected with malware called Coinhive, which works by hiding in a website’s code while stealing the processing power of devices to mine Bitcoin.
People may notice a warning from antivirus software when visiting infected sites and may experience a slowing of their computer or smartphone.
It is unclear how long the sites had been infected but following an inquiry from The Daily Telegraph, the ICO took its website offline. The discovery raises concerns about security of official websites visited by millions of Britons, less than a year after the debilitating Wannacry attack struck the NHS.
“This is pretty worrying,” said Scott Helme, a security researcher who spotted the malicious software.
“This is really easy to prevent and I’m disappointed that government organisations have not taken the incredibly easy steps available to them to stop this from happening.”
Mr Helme said there were plenty of defence mechanisms that are readily available, so the failure to use them should raise concerns about the Government’s larger security priorities. More than 4,700 websites, including the US courts’ official home page, were infected.
Virgin Care, Virgin’s private healthcare service, along with UK Power Networks and a variety of local council sites across the UK, were also affected.
Mr Helme said he believed the source
of the malware is a third-party piece of software used by each of the organisations to make the websites more accessible for blind people. “Rather than hacking thousands of organisations separately, hackers tend to target thirdparty services because they are often the weak link in the chain,” Mr Helme added. This allows hackers to infect thousands of websites in one swoop.
The value of Bitcoin – and with other digital currency such as Ethereum and Litecoin – has soared. A Bitcoin was initially worth $1 (72p) and peaked at just under $17,000 (£12,300), creating several “Bitcoin billionaires”. Last night, the value of one Bitcoin was around $8,300 (£6,000). Mining is the process of creating fresh units of digital currency, a reward for donating computer power to the network, which needs to remain online to perform mathematical calculations. But it takes a lot of power to create the digital units, so hackers are increasingly infecting websites to try to steal power from others.
The organisations are not the first to fall victim to this type of attack. Youtube recently shut down any cryptojacking adverts on its platform after users complained their computers were slowing down when visiting the site.
The ICO said: “We are aware of the issue and are working to resolve it. We will be taking our website down as a precautionary measure.”
A spokesman for the National Cyber Security Centre said: “The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely.”