Thousands of websites, including the Information Commissioner’s Office, the Scottish NHS helpline and the Student Loans company along with hundreds of other central and local government sites appear to have been hijacked by hackers to mine cryptocurrency like Bitcoin or Ethereum.
The services have been infected with malware called Coinhive, which sits on a website and steals the processing power of its visitors’ devices to mine Bitcoin or alternative coins that are stored in an anonymous digital wallet, to be withdrawn at a later date.
The discovery raises concerns for web security on official websites visited by millions of Britons, less than a year after the debilitating WannaCry attack struck the NHS.
“This is pretty worrying,” said security researcher Scott Helme, who spotted the hack on Sunday. “First off, this is really easy to prevent and I’m disappointed that government organisations have not taken the incredibly easy steps available to them to stop this from happening.”