Crypto-jacker Leaves ICO In Its Wake

Fri, 16/02/2018 - 06:35
Data Protection

Cyber-attacks and ‘hacks’ made regular headlines throughout 2017, and in the UK the Information Commissioner’s Office (ICO), was there to oversee all reparations and ensure organisations had data protection standards at a high level. Early 2018, however, has seen the ICO and a host of government websites, both UK and abroad, fall victim to a cyber-attack in the form of Crypto-jacker.


What is crypto-jacking?

A Crypto-jacker is a strain of malware which can silently mine cryptocurrency via an internet connected device, without knowledge or permission of the owner.

As with many strains of malware, a programme must be accessed or downloaded, typically from a browser, which will then begin to mine cryptocurrency in the background. This will use up resources, CPU and power, and more often than not, will give no benefit to the user whose machine is being utilised. User’s computers are likely to slow down while the mining operation is taking place, and general operations may be affected.


Hands up, this is a crypto-jacking!

It has been revealed that government websites in multiple countries have been compromised by the cryptojacker strain of code. Government sites affected include many British government sites including UK Student Loans, the ICO and also NHS services; US governmental sites were also affected, as was the Australian Queensland Government Portal.

Security researcher Scott Helme was able to trace the code found in the ICO website to a third-party plugin, Browsealoud, which is designed to assist visually impaired visitors on website domains. The plugin's developers, Texthelp, confirmed that the plugin had been compromised to mine cryptocurrency. Following the attack Texthelp have launched an investigation into what occurred – releasing the following statement:

At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber-attack. The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency. This was a criminal act.

Martin McKay, CTO and Data Security Officer went on to say, “In light of other recent cyber-attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.” Continuing to say, “Texthelp has in place continuous automated security tests for Browsealoud - these tests detected the modified file and as a result the product was taken offline. This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.”

Raising the alarm

Following the crypto-jacking Helme, raised the alarm about the malware after he received a message from a friend whose antivirus software had detected an issue after visiting a UK government website.

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” Helme told Sky News. “Someone just messaged me to say their local government website in Australia is using the software as well.”

"If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the one website that they all load content from," Helme noted. "In this case, it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed."

For a period of time the ICO website was unavailable. This only goes to show that cyber Threats are everywhere, with everyone at risk of an attack – even the governing body of the soon to be introduced GDPR legislation.


To learn more about cybersecurity and data protection regulations, such as the upcoming GDPR, get in touch with Redstor today.

Recent Articles

Redstor_secondary_storage_blog Cloud Storage

What Is Secondary Storage?

Data is growing faster than ever. Organisations of all sizes are experiencing this and the associated challenges, having to store data for longer,... read more

March 20, 2018
Redstor_restore_failed_blog Data Backup

3, 2, 1 Restore… Failed

Backup is a key element of protecting data and more importantly ensuring that data can be recovered in the event of loss, breach or corruption. For... read more

March 15, 2018
Redstor_Equifax_blog Disaster Recovery

Equifax Has A Problem That Is Worth Half A Billion

The infamous Equifax data breach has once more expanded, the company announced last week that a further 2.4 million consumers in the United States... read more

March 13, 2018