UK Government website offline after hack infects thousands more worldwide

Monday, 12 Feb, 2018

A series of Australian government websites, including the Victorian parliament's, have been compromised by malware that forces visitors' computers to secretly mine cryptocurrency, as part of a worldwide security breach.

Users loading the websites of the Information Commissioner's Office, the Student Loans Company, as well as the council websites for Manchester City, Camden, and Croydon - and even the homepage of the United States Courts - will have their computers' processing power hijacked by hackers.

Thousands of websites, including ones run by US and United Kingdom government agencies, were infected for several hours on Sunday with code that causes web browsers to secretly mine digital currencies, technology news site The Register reported.

"If you want to load a crypto miner on 1000+ websites you don't attack 1000+ websites, you attack the 1 website that they all load content from", Helme said.

On Monday morning, Texthelp took the Browsealoud plugin offline, which meant that new visitors to the affected sites would no longer load the cryptojacking script.

The attack took place at about 11.15am yesterday.

Australian sites among thousands hacked to include mining script

"Texthelp can report that no customer data has been accessed or lost".

But, he added, there was a simple way to defend against the attack: "every single website I run has an "Integrity Attribute", which is a tiny change in how the script is loaded but is there because I'm anxious about exactly this type of thing happening". He said: Every single website I run has an "Integrity Attribute", which is a tiny change in how the script is loaded but is there because I'm anxious about exactly this type of thing happening.

"The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency".

Both federal and state government websites locally are included in the list.

Ther UK's National Cyber Security Centre said it was investigating the issue. "The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00 GMT". At this stage there is nothing to suggest that members of the public are at risk.