We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies as per our policy which also explains how to change your preferences.

Government and NHS websites fall victim to cryptojacking hack

'Browsealoud' software found to contain malicious code, though no personal data believed to be stolen

Inside the bitcoin bubble

Government and NHS websites in the UK have been hit by a cyber-hack that, according to security researchers, could have been a lot worse.

Over 4,000 websites, including more than 30 UK local government and NHS websites, were victims to the attack, although it’s not believed any personal data was stolen.

Researcher Scott Helme discovered the hijack on Sunday, which was connected to a piece of software used by thousands of sites to help visually impaired users to navigate and read webpages.

The software, Browsealoud, was compromised and had malicious, criminal code inserted, which meant that any visitor to a site using the software could have become a victim.

The hack follows Which? coverage of ‘cryptojacking. Cryptojacking involves a computer being taken over to mine cryptocurrency, such as Bitcoin, which in turn dramatically slows the affected computer and earns far-flung hackers pennies per minute.

This can be done in various ways, including through hacked website advertising and malware downloaded onto your computer.

Best antivirus software: see our recommendations and reviews for 2018.

How widespread is the problem?

Browsealoud is used on a huge number of websites, according to search engine PublicWWW, including manchester.gov.uk, newham.gov.uk, york.gov.uk, croydon.gov.uk and at least 32 other websites on the ‘.gov.uk’ domain.

Other websites implicated include the Student Loans Company and some NHS websites including bsuh.nhs.uk, the Brighton and Sussex NHS hospital trust, and the Information Commissioner’s Office (ICO).

Texthelp, the company that sells Browsealoud, has now taken down the service until midday Tuesday 13 February.

The company’s chief technology officer, Martin McKay, said in a statement that automatic detection software quickly detected the hack and had taken it down within four hours.

He added that the attack did not target personal data: ‘Texthelp can report that no customer data has been accessed or lost.

‘The company has examined the affected file thoroughly and can confirm that it did not redirect any data: it simply used the computer’s CPUs to attempt to generate cryptocurrency. The exploit was active for a period of four hours on Sunday.’

Helme, the researcher, added that this could have been a lot worse, confirming to Which? that it would have been just as simple for hackers to have instead planted ‘keyloggers’ or other much more harmful malware.

‘As terrible as it is that a crypto miner was injected into all of these sites, in reality, this could have been catastrophically worse,’ he tweeted.

What can you do about it?

Given this is further evidence that even the most trustworthy sites can fall victim to seemingly simple hacks, our advice is to always have the latest antivirus software installed and running on your PC.

The most recent cryptojacking trend doesn’t actually download software onto your computer and instead runs in your web browser, so it’s important to have software that can detect threats in real-time instead of scanning for them daily.

Most modern antivirus software does this, so make sure you have it enabled.

Which? tests antivirus software on a regular basis, using thousands of strains of malware and online nasties to find the antivirus packages that are good enough to protect your computer. Read our reviews to find out which antivirus package is right for you.

Back to top