William Eichler 12 February 2018

Two council websites hacked by crypto-coin miners

Manchester City, Camden and Croydon council websites were among 5,000 sites ‘maliciously’ hacked over the weekend.

The perpetrators attempted to introduce malware software known as ‘Coinhive’, which would illegally mine a cryptocurrency similar to Bitcoin.

A Manchester spokesperson said there had been no negative impact on council services.

The websites of the Information Commissioner's Office and the Student Loans Company were also impacted.

The Coinhive script was inserted into a third-party accessibility plugin ‘BrowseAloud’ which is used to help blind or partially-sighted people access the web.

The company Texthelp, which develops the BrowseAloud plugin, has confirmed their product was ‘compromised during a cyber attack’ on Sunday morning.

Texthelp immediately detected the hack and removed the product.

‘Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline,’ said Martin McKay, CTO and data security officer at Texthelp.

‘This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.’

The National Cyber Security Centre (NCSC) is investigating the incident’s impact on Government websites.

‘NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency,’ a spokesperson said.

‘The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely.

‘At this stage there is nothing to suggest that members of the public are at risk.’

A Croydon council spokesman said: 'We would like to reassure our website users that no council data or information has been accessed or compromised during this worldwide cyberattack.

'As a precaution we are working closely with our web partners to review the security of any third party software and accessibility services that we use to mitigate against any future threat.'

A Manchester City Council spokesperson said: 'We were made aware of a cyber-attack on a third-party's server yesterday [Sunday, 11 February]. The council’s website does use the Browesaloud service but the manchester.gov site is safe to use and there is no risk to our users’ personal data.'

'This was an issue within the Browsealoud software, which is accessible via our site, rather than a hack on our council website itself,' said a spokesperson for Camden Council.

'No customer data has been accessed or lost and Camden’s website continues to be secure.

'As soon as the software was taken down nationally it was no longer available via our website, but we still took steps to remove the links to the software from our site.'

#Websites #IT

Analysis

Potholes: Treating the illness not just the symptom

With the publication of the ALARM survey, chair of the Asphalt Industry Alliance, David Giles, talks to LocalGov about investing in local roads.

Opinion

Local elections in the shadow of reorganisation

Dr Jonathan Carr-West of the LGIU discusses the meaning of the local elections against the backdrop of local government reorganisation (LGR).

Most Popular News

Council employee pay offer announced

Unite advises members to reject latest pay offer

London boroughs issue bankruptcy warning over £330m overspend

Toilet access depends on biological sex, watchdog says

Council launches lawsuit against Grenfell fire fridge maker

New Products

New remotely lockable cabinet will help manage medication for people with mental health issues

UK-first tool developed by Bluesky scores areas green credentials to aid urban planners

New partnership drives improved air quality and healthier homes in social housing

ShuttleID launches 90-day free trial for local authorities

New steps to keep tenants safe

Invision360 secures Innovate UK smart grant for VITA EHCP generator

New technology to revolutionise air quality monitoring

Case Studies

Acrospire Partners with Bath & North East Somerset Council to Illuminate Historic Film Location with LED Upgrade

Believ to install 22 charge points across Redcar and Cleveland

Acrospire Enhances Harlington Underpass with Energy-Saving Vandal-Resistant Lighting

Croydon Council selects integrated corporate GIS to improve efficiencies

Bath & North East Somerset Council Shines Light on Heritage Preservation with Acrospire's LED Upgrade

Airtech Improves Indoor Air Quality and Tackles Mould for Mid-Devon Social Housing Resident

Acrospire's Sustainable Lighting Solution for Luton Bus Shelters

Company Anouncements

Believ excels in environmental responsibility and worker satisfaction in B Corp certification

Matrix Workforce Management Solutions Appoints Andrew Curry as Client Engagement Director for Health and Social Care

Stepping up to help disabled social housing tenants

Envirobed® CD534: The benchmark for bedding mortars since 2005

Vent-Axia Supports Global Recycling Day 2025

Vent-Axia Publishes Free eBook to Help Social Housing Landlords Navigate Awaab’s Law

Unlock Awaab’s Law compliance with audits

Director of Public Health

Up to £131,210

The Public Health department is at the heart of the council’s business. Greenwich, London (Greater)

Recuriter: Royal Borough of Greenwich

Head of Regeneration and Growth

£68,387 - £74,411 (MFS and relocation available, pay award pending)

This is a unique opportunity to lead our award-winning development team and directly deliver hundreds of millions of pounds of projects. Plymouth, Devon

Recuriter: Plymouth City Council