Hackers Hijack Government Websites To Mine Crypto-Cash

BBC reports: The Information Commissioner's Office (ICO) took down its website after a warning that hackers were taking control of visitors' computers to mine cryptocurrency. Security researcher Scott Helme said more than 4,000 websites, including many government ones, were affected. He said the affected code had now been disabled and visitors were no longer at risk. The ICO said: "We are aware of the issue and are working to resolve it." Mr Helme said he was alerted by a friend who had received a malware warning when he visited the ICO website. He traced the problem to a website plug-in called Browsealoud, used to help blind and partially sighted people access the web. The cryptocurrency involved was Monero -- a rival to Bitcoin that is designed to make transactions in it "untraceable" back to the senders and recipients involved. The plug-in had been tampered with to add a program, Coinhive, which "mines" for Monero by running processor-intensive calculations on visitors' computers. The Register: A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.

JavaScript considered harmful

It's ironic that the attack vector here was a blob of JavaScript designed to make the web more accessible, when JavaScript itself has done more to destroy accessibility than any technology in the history of the web (with the possible exception of Flash).

Unless your site is itself an application (leaving aside whether the web is a good app platform), you don't need JS at all. HTML+CSS is enough. Your site will automatically be more accessible, more compatible, use less battery and CPU, and will be more secure. It will also load much faster and be friendlier to people on crappy net connections.

Re:JavaScript considered harmful

[coofercat]

I'm not sure of the details of the Javascript in question, but assuming it doesn't 'phone home' to some third party server, then it could be comfortably hosted on the same CDN as the host website. That would have mitigated this problem almost entirely. This is something akin to making copies of images you got from third parties rather than using them directly in your <img%gt; tags - if you don't host it yourself, you're at the whim of the third party.

I do find it slightly heartening that the UK ICO (https://ico.org.uk/) was affected - if they come a-knocking after GDPR kicks in at the end of May, then the first line of defence for a lot of people will probably be "yeah, but you guys slipped up too!?" ;-)

Information Commissioner's Office

[mentil]

The hackers were trying to get early access to an Initial Coin Offering, but ended up in a different ICO instead.

Re:Information Commissioner's Office

Jackers gon' jack

Re:Information Commissioner's Office

[hraponssi]

Exactly. Irony++. Government tries to ICO but it goes all wrong, they give the monies to someone else, not the other way around.

This ICO of theirs also seems to be related to protecting citizen data, privacy and stuffs. That's what I get from Wikipedia anyway, since the ICO website is down now. Guess the ICO domain gives it irony+2. So we get a blessed Vorpal Blade of Irony + 2. OK, old nerd overflow, sorry about that.

In an upcoming twist, there is a cryptocurrency that is built also just for this purpose. So you can embed their one-liner to your own website and have your customers pay you with their CPU/GPU power instead of advertisements. Oyster Pearl.

Them cryptos. Where will it all go.

WebDAV exploit

Had this happen to a client of mine still running a Server 2003 box. Microsoft issued a KB on it with a patch available to plug the IIS WebDAV hole. Crafty fuckers, mining coin on a web server.

https://javiermunhoz.com/blog/2017/04/17/cve-2017-7269-iis-6.0-webdav-remote-code-execution.html

Headline reads

like an anarcho-capitalist wet dream

Re:Headline reads

I wonder what a leftist progressive commie wet dream would be?

Lena Dunham squirting on you?

Re:Headline reads

Basic income funded at no taxpayer cost on the Fed's balance sheet, with indexation of incomes to price rises to negate potential inflation's unwanted effects. Ppl relax, learn more, need less, consume less, GDP goes down, tree farms go to old growth, neoliberals move to Mars or whatever, Earth recovers ...

In case it's not obvious

The ICO in the UK is the government agency responsible for issuing and enforcing fines from companies that have breaches of customer data, in other words the take away from this news should be "irony."

Re:So what?

Does it ever get tiresome being a dullard?

Stop embedding shit in your web sites

External resource domains on this page:
crsspxl.com
d3tglifpd8whs6.cloudfront.net
google-analytics.com
janrain.com
licdn.com
ml314.com
pro-market.net
rpxnow.com
stack-sonar.com
stacksocial.com
taboola.com
truste.com

Those are just the ones that are filtered. They may load more if they are allowed. None of those are needed to use Slashdot, and every one of them could at any time run malware on your site. Trusting so many third parties not to fuck up your web site is sheer lunacy.

Re:Stop embedding shit in your web sites

But ... money. Comments don't just throttle themselves! Someone has to get paid to introduce scarcity.

The metaphor of screen space as real estate leads to selling off parts of the screen for ad space, so that content is restricted to a smaller and smaller area. The purpose of advertising is to manipulate you into making irrational choices. Why do we rely for funding on money created by the private sector and allocated to salesmen selling oversupply to unwitting marks? Neoliberalism is a nightmare vision for the world. We must have an exit to neoliberalism. Neoliberalism will result in the Black Mirror episode where you have to pay to avoid ads, and if you don't pay they track your eyes and annoy you with loud tones until you watch the ads.

This is your website on neoliberalism.

Re: So what?

What does it feel like when your mom has her penis inside you?

More attacks not prevented by APK's work

Here we have even more attacks that were not prevented by APK's work. I'm sure he will be along shortly to tell everyone that once discovered by real computer security people his work can now prevent further damage but that people have to take manual steps to do that. Yet NoScript completely stops this attack and all other similar ones, doesn't require manual steps be taken, and will stop even unknown attacks which are claims APK can never make. Can APK's work ever stop an attack before it becomes well known. Nope and it never will. All his work does is make use of the real work done by others and is at best a very bad janitor that fails to clean up the mess left by an attack.

Re: More attacks not prevented by APK's work

Literally the same argument against antivirus software.

Just as much bs.

Re: More attacks not prevented by APK's work

Except that modern antivirus software at least tries to be proactive and fine unknown threats with pattern and heuristic matching APK's work doesn't even do that so can only even stop well known threats. Granted that doesn't mean antivirus software is good just that it has a chance of stopping an unknown threat.

Fuck russians

[Ryanrule]

Fuck russians

Kim Jung Un's sister

She's a miner.

This just proves mining is unprofitable

The electricity costs and the cost of hardware (see the price of GPUs recently) means that miners now steal resources instead of doing their own dirty work. Next they will be taking candy from babies for an initial candy offering.

Re: This just proves mining is unprofitable

It doesn't prove that at all. It's just MORE profitable to hijack other people's processing power. That doesn't prove that buying your own mining hardware is unprofitable.

Has anyone done this openly?

[joe_frisch]

A site that allowed you to view their content with the agreement that you let them mine on your computer while you are doing so might not be a terrible way to go.

Re:Has anyone done this openly?

[qwerty+shrdlu]

Of course, it would have to be a site you'd trust. Hold on a moment while I go register MAGA.affinityscam.ru. More seriously, the real fun starts when a site that's always been trustworthy before gets hacked.

Re:Has anyone done this openly?

It's been suggested. On 1 April 2017, El Reg ran this story.

It was about 4-5 months later that we started to see the first reports of these scams.

But I haven't heard of anyone doing it for real.

Watch those krells

[Trogre]

A good reminder for us tech-savvy folks to keep an eye on our gkrellm windows when browsing.

A steep climb in CPU usage or GPU temperature could be a sign of one of these jerks using you as a mining rig.

What are those browser extensions?

[at10u8]

The tweets by Scott Helme at https://twitter.com/Scott_Helm... show Chrome with uBlock Origin, but what are the other extensions and which tool is being used to show the infected sites?

Re: So what?

She's bigger than my priest.

Pffffffftttttt Javascript

[MrL0G1C]

Shouldn't they be using WebGL compute ;-) GPU power for the Crypto-miner-hacker win.

Re:Pffffffftttttt Javascript

[MrL0G1C]

Ok I just made that up but it's actually a thing O_o

https://github.com/gnonio/gl-c...
http://gpu.rocks/

List of what to stop via hosts = in article

NoScript doesn't do a FRACTION of what hosts do for you!

Can NoScript block & stall botnet client C&Cs? No.
Can NoScript protect vs. DNS down/poisoned? No.
Can NoScript protect vs. dns request log tracking? No.
Can NoScript protect vs. Dns blocklists? No.
Can NoScript protect vs. spam/phish malicious payloads? No.
Does NoScript speed you up 2 ways: adblocks & hardcodes? No.
NoScript operates slower parsing script src tags in usermode.

Hosts block before ad & 3rd party scripts in kernelmode (not slower usermode compounded in added messagepassing inside a browser & addons slow a browser which shows when stacked w/ other addons more)!

See subject!

APK

P.S.=> See subject: What to block is here https://publicwww.com/websites/browsealoud.com%2Fplus%2Fscripts%2Fba.js/ & YOU LOSE as always vs. me, hosts can stop it easily (especially if 3rd party script delivered) FASTER than NoScript... apk

Re:List of what to stop via hosts = in article

So you admit that your work left people unprotected against this attack until someone other than you did the hard work of discovering the attach and publishing the list of bad domains while users of NoScript were protected before this attack was conceived. Face it APK your software is the security equivalent of a jizz mopper. It comes in long after the deed has been done and tries to clean up the mess. Sorry APK you failed again but you should be use to that. Is it hard being wrong all the time or do your parents still tell you that you are special to comfort your near limitless failures?

Re:List of what to stop via hosts = in article

Hello APK,

Can hosts let me get all content from a server except files served over http from a certain folder?

Maybe only accept content from a server if it's coming in on a certain port?

These are the things I'm looking for, will using hosts in kernelmode instead of an extension is usermode do this for me?

Re:List of what to stop via hosts = in article

Hey Ricky from "Trailer Park Boys" do tell us what a "false negative" is you spoke of apk asked you about here https://yro.slashdot.org/comments.pl?sid=11731129&cid=56109477/ instead LMAO? Only Ricky from Trailer Park Boys (now on netflix, a classic) could come up with something that dumb! I'll answer your questions. Hosts do ports restriction of access by ending a line with :3128 for example. The rest you have to do with the webserverware itself.

AV 'heuristics' & wildcards = false positives

AV 'heuristics' & wildcards = false positives galore (that's their problem) - hosts has no such problem by doing specifics!

Per this article, 2 sources of the 3rd party scripts came from these 2 sites to block (of the 100's of affected sites listed in the source article's ACTUAL useful source):

0.0.0.0 www.browsealoud.com
0.0.0.0 browsealoud.com

APK

P.S.=> Bottom-line: My work doesn't produce the horrendous amounts of FALSE POSITIVES "shotgun methods" like wildcards &/or heuristics do & AV, wildcarding tools (like DNS block lists) OR NoScript - which are ALL SLOWER vs. hosts (hosts speed you up 2 ways blocking ads + doing hardcoded favorites @ TOP of hosts for fastest resolution + protection vs. DNS security issues & trackers)... apk

Re:AV 'heuristics' & wildcards = false positiv

Too bad your work produces an almost infinite number of false negatives. I guess you like being a security jizz mopper and coming along after the deed has been done and doing a half-assed job of cleaning up the mess. So here we have yet another case where even if someone had used your work they would have fallen victim but had they used NoScript they would have been protected. Try as you might you can't deny that, but you like to pretend that you could have stopped this if only you had a time machine. I'll stick to things that provide security instead of your after the fact placebo.

Finding script src tags != "hard work" fool

Finding script src tags != "hard work" & hosts don't leave anyone unprotected (hosts work vs. this) https://yro.slashdot.org/comments.pl?sid=11731129&cid=56108355/ NOR do I produce the HUGE false positives amounts by doing 'shotgun generic coverage' wildcards OR heuristics produce.

* 3rd time I've caught you with your pants down saying hosts don't work when they do ( & proof's in that link + my other posts here today) doing MORE vs. more threats for LESS + FASTER vs. other "so-called 'solutions'"!

APK

P.S.=> You TALK a lot but I've yet to see YOU do better than my APK Hosts File Engine 10++ SR-1 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ YOURSELF (you unidentifiable DO-NOTHING "ne'er-do-well" fool)... apk

Re:Finding script src tags != "hard work" fool

At least I can respond to actual statements and use facts unlike you, as I did so above. Also I seem to be able to avoid double posting the same thing multiple times in the same thread, thus not looking like an idiot like you. How do you actually function in life, or do you just post on Slashdot when your parents leave the computer unlocked as they provide for you and make sure you don't drown in your bowl of Cheerios every morning?

Finding script src tags != "hard work" fool

Finding script src tags != "hard work" & hosts don't leave anyone unprotected (hosts work vs. it) https://yro.slashdot.org/comments.pl?sid=11731129&cid=56108355/ NOR do I produce HUGE false positives amounts doing 'shotgun generic coverage' wildcards OR heuristics produce.

* 3rd time I've caught you with your pants down saying hosts don't work when they do ( & proof's in that link + my other posts here today) doing MORE vs. more threats for LESS + FASTER vs. other "so-called 'solutions'"...

APK

P.S.=> You TALK a lot but I've yet to see YOU do better than my APK Hosts File Engine 10++ SR-1 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ YOURSELF (you unidentifiable DO-NOTHING "ne'er-do-well" fool)... apk

LMAO - wtf is a "false negative"?

Finding script src tags != "hard work" & hosts don't leave anyone unprotected (hosts work vs. it) https://yro.slashdot.org/comments.pl?sid=11731129&cid=56108355/ NOR do I produce HUGE amounts of false positives 'shotgun generic coverage' wildcards & heuristics produce.

* 3rd time I've caught you w/ your pants down saying hosts don't work & yes they do ( & proof's in that link + my other posts) w/ hosts doing MORE vs. more threats for LESS + FASTER vs. other "so-called 'solutions'".

(Lastly - since it was SO HILARIOUS - wtf is a "false negative", you moron? Please define THAT - lol!)

APK

P.S.=> You TALK a lot but I've yet to see YOU do better than APK Hosts File Engine 10++ SR-1 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ YOURSELF (you unidentifiable DO-NOTHING "ne'er-do-well" fool)... apk

Re:LMAO - wtf is a "false negative"?

So are you trying to say that host blocks all possible bad sites that are currently out there? If so, you are a lying sack of shit which you probably are anyway. If you are truthful (I know it is hard for you to admit) then you have left your users unprotected from entire types of attack and again are a lying sack of shit as you said you don't leave your users unprotected. NoScript however will stop all script based attacks which is something you can't say.

You can't seem to even do that little bit of work others do. That is the work of researching and finding these attacks, then they put for the actual effort to include them in some hosts file some where. All you can seem to manage is the trivial effort to bring other people's work together and then pretend that you actually are smart. Also if you don't know what a false negative then you really shouldn't be talking about security and maybe should go get an actual education and demand your money back for what ever cert you got out of a box of cereal. A good example of a false negative is the test they did before your birth to detect if you had down syndrome, it came back negative but as it turns out you suffer from a severe form of down syndrome, so it was a false negitive. Wildcarding doesn't produce false positives, I mean I know it is possible to implement things so poorly, like you would do, to cause that but most people can't fathom that level of stupidity. Hate to say it APK but you are the one getting caught with your pants down, in front of the whole class, by the teacher, who tells you to quit pissing on yourself, but you say you weren't pissing your self but instead were masturbating as a defense. So sorry APK, you lost yet again, and you will lose even more because you lack the mental abilities of even a drunken chimp.

If you work is so good how come you are on the 10th version. It isn't like it is that difficult of a program to write, likely only slightly more complex than HelloWorld and individuals don't seem to need to rewrite that over and over again like you do with your little program. You must really be a bad programmer if you have to keep releasing major version of something like that. I wouldn't be proud of that kind of work.

Re: So what?

>(You)

Count on you Ricky from TrailerParkBoys, lol!

Hosts work here (you lie they don't - WRONG as always) & I never say 'hosts cure all'. Nothing can!

I only say hosts do more vs. other "so-called 'solutions'" that SLOW YOU DOWN or are inefficient + redundant (addons) OR loaded w/ security issues of their own (antivirus/dns/routers) hosts don't have.

Just as I show hosts do MORE THAN NoScript, faster & more efficiently https://yro.slashdot.org/comments.pl?sid=11731129&cid=56108241/ (& aren't redundant like NoScript is after hosts already did the job before noscript slow tag parsing does in slower usermode).

How many 100's of BUILDS did NoScript have to do (& still do every other day it seems like)? Tons more than I have!

* Above all else "Ricky" (lol) - If it's "so easy to do" why don't YOU do better (or @ least something that works) yourself?

APK

P.S.=> LOL - YOU = A 'false negative', Ricky from TrailerParkBoys "illogic-logic" you do - hahahahaha! apk

Count on you Ricky from TrailerParkBoys, lol!

Hosts work here (you lie they don't - WRONG as always) & I never say 'hosts cure all'. Nothing can!

I only say hosts do more vs. other "so-called 'solutions'" that SLOW YOU DOWN or are inefficient + redundant (addons) OR loaded w/ security issues of their own (antivirus/dns/routers) hosts don't have.

Just as I show hosts do MORE THAN NoScript, faster & more efficiently https://yro.slashdot.org/comments.pl?sid=11731129&cid=56108241/ (& aren't redundant like NoScript is after hosts already did the job before noscript slow tag parsing does in slower usermode).

How many 100's of BUILDS did NoScript have to do (& still do every other day it seems like)? Tons more than I have!

* Above all else "Ricky" (lol) - If my program's "so easy to do" why don't YOU do better (or @ least something that works) yourself?

LOL - my ps below explains that!

APK

P.S.=> LOL - YOU = A 'false negative', Ricky from TrailerParkBoys "illogic-logic" you do - hahahahaha! apk

More word soup from retard APK

Looks like more word soup from that retard Alexander Peter Kowalski.

He really should learn that hosts files do not do port blocking of any kind, he just like to pretend that he offers something.

I also see that when he craps out his comments now he decides to not sign them, a sure sign that he is getting spanked harder than an ugly redheaded step-child.

We also all understand that you are trailer trash and proud to be retarded trailer trash, you don't need to keep telling us.

I wish I would of had time to get in on this earlier but I guess APK's parents will still be regretting not aborting him after today as well.

WTF? Learn to read moron! apk

Entries in hosts e.g. 1.2.3.4 blockport.com:21 only allow data to that hostname on port 21 & these prove it https://www.bing.com/search?q=hosts+and+port&qs=n&form=QBLH&sp=-1&pq=hosts+and+port&sc=8-14&sk=&cvid=4B7848B813AA4D16ACAAF66EEA66A89D/

* Go away dumbshit (unless you like making ME look GOOD & yourself more & more like RICKY (lol) from "The Trailer Park Boys")

APK

P.S.=> YOUR PARENTS had a 'false negative' https://yro.slashdot.org/comments.pl?sid=11731129&cid=56109477/ (lol, your "ricky of trailerparkboys ILLOGIC-LOGIC today I asked you about that YOU SPOUTED stupidly as always in the post parent to that one, lol)... apk

Re:WTF? Learn to read moron! apk

Did you even read the answers there? It is pointed out all over the place that just putting a port number in hosts doesn't do anything. There may be some other programs that may make use of that info but they are random 3rd party addons. Natively the OS does nothing with that info. Apparently you even lack the ability to ready but I guess drunken chimps can't read eather so I shouldn't have expected you to be able to. Also your parents really need to lock that computer and I bet they don't put milk in your Cheerios to prevent you from drowning in the bowl.

Again - LEARN TO READ moron... apk

See subject & take your OWN advice unidentifiable ac punk - it does what I said & you even admit it!

APK

P.S.=> A dumbshit like YOU or "your kind" (pussies hiding behind unidentifiable anonymous posts OR behind multiple FAKE NAMES online for your FAKE DO-NOTHING ZERO LIVES) can't ever "get the better" of me & you not only know it but you PROVE IT yet again, lol (thanks)... apk