Tech & Science Government websites fall prey to cryptocurrency mining hijack

15:06  12 february  2018
15:06  12 february  2018 Source:   engadget.com

UNICEF recruits gamers to mine cryptocurrency for Syrian kids

  UNICEF recruits gamers to mine cryptocurrency for Syrian kids It hopes to appeal to young people's desire to do social good.Game Chaingers uses your graphics card's power to mine for cryptocurrency, which then goes straight to UNICEF's account. Of course, the more participants there are, the more coins it can mine -- if the hundreds of millions of gamers around the world help out, the organization can raise a considerable amount. UNICEF says it created the project out of a need to find new donors, since most of its benefactors are already over 50. By asking to borrow PCs' processing power instead of straight-out appealing for cash, even those who wouldn't usually give to charities could contribute.

It's not just private companies' websites falling victim to cryptocurrency mining hijacks . In this article: australia, browsealoud, coinhive, cryptocurrency , currency, gear, government , hijack , internet, mining , monero, security, texthelp, uk, web .

In this article: australia, browsealoud, coinhive, cryptocurrency , currency, gear, government , hijack , internet, mining , monero, security, texthelp, uk, web . Government sites like the UK’s Information Commissioner’s Office also took pages down. Government websites fall prey to cryptocurrency

a clock on a table © Provided by Engadget It's not just private companies' websites falling victim to cryptocurrency mining hijacks. Security consultant Scott Helme and the Register have discovered that intruders compromised over 4,200 sites with Coinhive's notorious Monero miner, many of them government websites from around the world. This includes the US court info system, the UK's National Health Service and Australian legislatures, among others. The intruders spread their JavaScript code by modifying an accessibility plugin for the blind, Texthelp's Browsealoud, to inject the miner wherever Browsealoud was in use.

Apple's iOS 11.3 may use iCloud as a single sign-on for websites

  Apple's iOS 11.3 may use iCloud as a single sign-on for websites You might not have to log in to your favorite websites one at a time in the near future. There's also an element in the beta which uses the camera app to scan for a QR code and ask for your Apple ID, although there's even less known about how that would work.

© Provided by Engadget It's not just private companies' websites falling victim to cryptocurrency mining hijacks . Security consultant Scott Helme and the Register have discovered that intruders compromised over 4,200 sites with Coinhive's notorious Monero miner , many of them government

It’s not certain who’s behind the attempt, but these hijacks tend to be the work of criminals hoping to make a fast profit. And there’s no indication that many websites , whether government or private, are in a rush to implement it.

The mining only took place for several hours on February 11th before Texthelp disabled the plugin to investigate. Government sites like the UK's Information Commissioner's Office also took pages down in response. As with most of these injections, your system wasn't facing a security risk -- you would have just noticed your system bogging down while searching for government info. The mining goes away the moment you visit another page or close the browser tab. The biggest hassle was for the site operators, who are now discovering that their sites are vulnerable to intruders slipping in rogue code without verification.

It's not certain who's behind the attempt, but these hijacks tend to be the work of criminals hoping to make a fast profit.

The big problem: this might continue to happen for a while. Although antivirus tools can catch Coinhive, a more definitive solution would be to use a fingerprinting technique (subresource integrity) that verifies of outside code and blocks any modifications. And there's no indication that many websites, whether government or private, are in a rush to implement it.

Scott Helme (Twitter)PublicWWW

Tesla cloud account hacked to mine cryptocurrency .
An unidentified outside hacker infiltrated Tesla's Amazon cloud account and used its systems to quietly mine for cryptocurrencies, a cybersecurity firm announced Tuesday.  The hack also potentially exposed the electric car company's data.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!