Government Websites Attacked by Mining Malware

James Levenson · February 12, 2018 · 1:00 am

Reports of mining malware infestations are an almost weekly occurrence now. With cryptocurrency mining becoming more lucrative than ransomware, hackers are upping their game and widening the digital net. Those caught in it this week included a number of government websites in the UK and Australia.

In what has been newly termed as ‘cryptojacking,’ the Guardian reported that thousands of websites had been infected over the weekend. Those that visited the compromised websites would have their computer hardware hijacked in order to mine Monero for the perpetrators.

Multiple Victims

According to the reports, websites of the NHS services, the Student Loans Company, and several English councils, were all infected. Over the weekend, the website of the UK’s data protection watchdog, the Information Commissioner’s Office, was taken offline to deal with the infection.

The malicious software came via a plugin called BrowseAloud which helps partially-sighted people access content on the web. The plugin authors took their own website down while they tried to resolve the problem. As many as 5,000 website have been compromised with a variant of the Coinhive mining script, which allows webmasters to leech resources from the hardware of their readers.

Monero is usually the crypto of choice as it is anonymous and encrypted and, therefore, cannot be traced back to the source wallets.

Scott Helme, an IT security consultant, raised the alarm after a friend got an alert from his anti-virus software after visiting a government website:

This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.

Digging Down Under

It appears that mining malware has also compromised websites in Australia, including the Victoria Parliament’s site, the Queensland Civil and Administrative Tribunal, the Queensland ombudsman, the Queensland Community Legal Centre, and the Queensland legislation website, which lists all of the state’s acts and bills.

The same plugin was found to be the cause of the incursion. Helme, who documented the attack, went on to state:

There were ways the government sites could have protected themselves from this. It may have been difficult for a small website, but I would have thought on a government website we should have expected these defence mechanisms to be in place.

Texthelp, the company responsible for the compromised plugin, said:

The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency, The exploit was active for a period of four hours on Sunday. The Browsealoud service has been temporarily taken offline and the security breach has already been addressed.

Just last week Apple and Android systems were infected with similar mining malware, and the frequency of exploits such as this will only increase due to the gains to be made and lack of any prosecution.

Is your antivirus software ready for a mining malware attack? Share your experiences in the comments below.

Images courtesy of Bitcoinist archives.

BrowseAloudcoinhiveGovernmenthackedMalwaremoneroTexthelpXMR Show comments

Published at Mon, 12 Feb 2018 06:00:46 +0000

Mining

December 23, 2017

Tim Swanson: Enterprise Blockchain is in a "Trough of Disillusionment”

There are few people who have worked in the blockchain technology space for so long and maintained such a seemingly disinterested and skeptical perspective on the emerging technology as Tim Swanson. Through numerous books and a blog, Tim has shown a knack for going out of his way to do deep market research within the blockchain space.

This week on Let’s Talk bitcoin, Tim Swanson, Director of Research at Post Oak Labs, talked with Epicenter’s Brian Fabian Crain and Sebastien Couture.

His most notable work within the space has happened as Director of Market Research at R3, the first blockchain enterprise consortium for the financial services industry. During his time at R3, Tim assessed several hundred entities — companies, startups and universities — working on some type of blockchain initiative. His experience gave a full range of good, bad and ugly business operations and blockchain propositions that existed in the early stages of this industry.

Whether you agree with his stoic perspective or not, it may be a good remedy for the mania that has resulted from bitcoin’s phenomenal price increase this year. As new investors flood in the crypto community and more and more people begin talking about blockchain technology, it’s never a bad idea to be reminded of how the industry has developed.

“Historically, we’ve seen a lot of manias happen in tech: social media, solar panels, AR, VR, etc. I don’t see the benefit in becoming a fanboy in anything at this early, early stage.”

On the current state for the enterprise blockchain market

Swanson proposed that there has been a significant shift of attention in 2017 from enterprise blockchain to Initial Coin Offerings (ICOs), due in large part to the amount of money that has been raised this way. Referencing the Gartner Hype cycle, Swanson believes blockchain enterprise adoption is currently in the “trough of disillusionment.” This stage comes after the initial peak of expectations where interest wanes as experiments and implementations fail to deliver. This is also where many producers of the technology either give up or receive continued investment for improving the products to the satisfaction of early adopters.

“The problem as a whole for the enterprise blockchain space is that it hasn’t managed any of the expectations it initially set out to accomplish. In the beginning, there were brash claims like putting the entire United States equities market on a blockchain in less than a year. Over time, it became clear that something like that was not possible. Because of the unmanaged expectations coupled with the retail enthusiasm coming from the consumer side seeing how blockchain could help them, where in reality, enterprise is a long-term cycle and build-out, many people lost interest once they realized they could make money much faster through ICOs.”

Swanson listed a number of startups working on the enterprise blockchain side in New York, London and the west coast, including Digital Asset, ConsenSys Enterprise, Cobalt DL and Ripple, among others, as well as Clearmatics and R3, both of which Swanson still advises.

“If you look at funding for those companies — as an aggregate they’ve raised maybe $400-450 million dollars. For comparison — and it’s not an accurate comparison — ICOs in the month of June raised over $600 million dollars. It was a shift in enthusiasm from people who wanted to get very rich, very quickly. The fact of the matter, even for ICOs, is that you can’t bypass the requirement-gathering necessary to build a platform that can work with existing institutions and existing regulatory and industry requirements.”

“You can’t just build an aeroplane, convert it into a helicopter then sell it to a bunch of helicopter enthusiasts. Ultimately, somebody will have to build applications and that’s why building an ecosystem and community is so important.”

Why Aren’t There Any New Enterprise Blockchain Companies?

Swanson attributed the lack of new enterprise blockchain companies to the difficulty new startups face in working against the existing competition within the space. Established companies have a head start in acquiring the essential ingredients for success in the enterprise blockchain space: capital and some kind of partnership with regulators or players of the existing infrastructure.

Furthermore, Swanson suggested that most of the obstacles encountered by enterprise blockchain companies could be easily surmounted by larger players:

“Large enterprises like Oracle, IBM, Sap, Microsoft have the capacity and budgets to acquire any of the enterprise startups. Oracle alone could acquire all the enterprise startups themselves and not blink much of an eye.”

Transitioning from Proof of Concept to the Pilot Stage

Swanson stated that one of the most critical obstacles for enterprise blockchain startups to be mindful of are the principles of financial market infrastructure (PFMI). These are a set of standards adopted after the 2008 financial crisis which the international community considers fundamental to strengthening and preserving financial stability.

“These principles are intended to prevent a snowball/domino affect where a local problem could potentially take down an entire system,” said Swanson. Due to the nature of these principles and how they interact within existing financial infrastructure, changing legacy infrastructure by integrating a blockchain that does not comply with these principles is far more time consuming and costly.

“Within these large corporations, you can’t just turn off legacy infrastructure, then turn on your blockchain version and continue production. Things have to be run in parallel for a while. It takes time and talent.”

The future of the blockchain in enterprise is not necessarily tied to more infrastructures, Swanson concluded. “Instead of building out more infrastructure, I am much more interested in seeing applications built on top of existing infrastructure.”

Watch the full episode to hear Swanson on busting hype, the recent ICO spike and the rise of cryptocurrencies as a new asset class among other things.

The post Tim Swanson: Enterprise Blockchain is in a "Trough of Disillusionment” appeared first on Bitcoin Magazine.