It turned out that a script to let the viewer perform virtual currency mining was embedded in over 4000 government sites

ByChristiaan Colen

More than 4000 government-based websites around the world were hacked and send scripts that do virtual currency mining unknowingly to visitors who visited the site and used them for hacker's virtual currency mining It turned out that it was. As a criminal measure, hackers incorporated scripts for virtual currency mining into the barrier-free function for low vision for government websites.

Thousands of Government Websites Hacked to Mine Cryptocurrencies
https://thehackernews.com/2018/02/cryptojacking-malware.html

In the world of cyber crime, the "Cryptojacking" method of embedding a script that earns cheap currency in a target site by hacking is prevalent, and with this method, many sites and users target have become. With this hacking, more than 4000 government-based websites were damaged, and at the same time, they sent scripts to uncover the encryption currency to the viewers visiting the site for mining. An example of the government site that was suffering this is as follows.

· The City University of New York (New York City University)
· Uncle Sam's court information portal (information portal site of the US Court)
· The UK's Student Loans Company (UK student loan company)
· Information Commissioner's Office United Kingdom Information Committee: ICO
· The Information Commissioner's Office (Secretariat of the Privacy Monitoring Committee)
· Financial Ombudsman Service (UK Financial Supervisory Service)
· UK NHS services (UK National Health Insurance: NHS)
· Queensland legislation (Queensland State Law Office of Australia)
· US government's court system (Legislation Bureau website)

You can check the list of hacked government websites from the following links.

browsealoud.com/plus/scripts/ba.js - 4300 Websites - PublicWWW.com
https://publicwww.com/websites/browsealoud.com%2Fplus%2Fscripts%2Fba.js/

Visitors who visited the hacked government website were hijacked by the power of the machine and mining was done to increase the virtual currency Monero without himself noticing it. The virtual currency unearthed by this Cryptojacking became the hacker who made the hacking crime, hackers are considered to have gained a lot of profit.

In this Cryptojacking, it is clear that hackers had abused the plug-in "BrowseAloud" which improves the accessibility of the site. BrowseAloud is a barrier-free plug-in that helps blind people and amblyoped visitors browse websites and has the ability to read the text of websites as speech. Hacker used Cryptojacking in this BrowseAloud by incorporating the JavaScript code of the service "CoinHive" that can take over the CPU resources of the site viewer.

CoinHive was once used as a popular torrent website "The Pirate Bay" to raise the operating funds, and experiments are being conducted to send browsers scripts and mining without noticing it It was.

You can find a method to continue mining the virtual currency even if you close the browser by secretly borrowing the PC resource of the website visitor - GIGAZINE


Following this incident, Scott Helme, a digital security consultant based in the UK, announced that criminal acts using Cryptojacking on Twitter are spreading.

Ummm, so yeah, this is * bad *. I just had@ phat_hobbitpoint out that@ ICOnewshas a cryptominer installed on their site ...pic.twitter.com/xQhspR 7 A 2 f

- Scott Helme (@ Scott_Helme)February 11, 2018

According to this announcement, Texthelp of BrowseAloud operator immediately started countermeasures. Martin McKay, CTO (Chief Technology Officer) of Texthelp, has made a statement on Texthelp's official blog.

Literacy, Accessibility & Dyslexia Software | Texthelp
https://www.texthelp.com/en-gb/company/corporate-blog/february-2018/data-security-investigation-underway-at-texthelp/

Among them, McKay said, "Texthelp has been taking countermeasures from the viewpoint of recent cybercrime situation, Texthelp has been taking countermeasures since 2017. In one case of this hacking, immediate measures were taken and completed , We have completed the measures for all customers within four hours of discovery. "

In addition, Texthelp took measures to remove BrowseAloud from all sites as soon as hacking was discovered, and emphasized that measures were taken that did not affect customers. We revealed that there was no sign of accessing or erasing the customer's data and announced that we planned to release a modified version of BrowseAloud after the investigation was completed for customers.

ByChristiaan Colen