UK Government website offline after hack infects thousands more worldwide

Thousands of websites globally have been hijacked by code which made computers run cryptocurrency mining software.

By Nick Stylianou, Defence & Technology Producer

Thursday 15 February 2018 16:43, UK

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration
Image: Hackers have infected thousands of websites worldwide
Why you can trust Sky News

More than 5,000 websites have been hacked to force visitors' computers to run software that mines a cryptocurrency similar to Bitcoin.

Users loading the websites of the Information Commissioner's Office, the Student Loans Company, as well as the council websites for Manchester City, Camden, and Croydon - and even the homepage of the United States Courts - had their computers' processing power hijacked by hackers.

Malicious code for software known as "Coinhive", a program advertising itself as "A Crypto Miner for your Website" would start running in the background until the webpage is closed.

Security researcher Scott Helme was alerted to the hack by a friend who sent him antivirus software warnings received after visiting a UK Government website.

:: North Korean hackers target cryptocurrency Monero

The ICO also took its site down
Image: The ICO also took its site down

He said: "This type of attack isn't new - but this is the biggest I've seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.

"Someone just messaged me to say their local government website in Australia is using the software as well."

More from Science & Tech

The Coinhive script was inserted into a popular third-party accessibility plugin "BrowseAloud" which is used to help blind or partially-sighted people access the web.

Texthelp, which operates the compromised BrowserAloud plugin, confirmed to Sky News that their software was hacked at 11.14am on Sunday and remained active for four hours.

The software has now been taken offline until midday on Tuesday.

Texthelp data security officer Martin McKay said: "Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline.

"This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.

"Texthelp can report that no customer data has been accessed or lost." Mr McKay also announced that an independent security consultancy will begin a security review of the company's systems.

The code in purple is malicioius. Pic: Scott Helme
Image: The code in purple is malicioius. Pic: Scott Helme

Mr Helme says that unlike Bitcoin, where wallet addresses are stored on a publicly-available database, it is impossible to find the location of the account profiting from the code.

But, he added, there was a simple way to defend against the attack. He said: "Every single website I run has an 'Integrity Attribute', which is a tiny change in how the script is loaded but is there because I'm worried about exactly this type of thing happening."

X This content is provided by X, which may be using cookies and other technologies. To show you this content, we need your permission to use cookies. You can use the buttons below to amend your preferences to enable X cookies or to allow those cookies just once. You can change your settings at any time via the Privacy Options. Unfortunately we have been unable to verify if you have consented to X cookies. To view this content you can use the button below to allow X cookies for this session only.
Enable Cookies Allow Cookies Once

Sky News has learned some of the affected websites, such as the Information Commissioner's Office, have now been taken offline as well as IT teams try and combat the problem.

Sky News contacted the National Cyber Security Centre, which confirmed that their Incidents team is investigating the case.

A spokesperson for the NCSC said: "Technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.

"The affected service has been taken offline, largely mitigating the issue.

"Government websites continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk."