BBC reports: The Information Commissioner's Office (ICO) took down its website after a warning that hackers were taking control of visitors' computers to mine cryptocurrency. Security researcher Scott Helme said more than 4,000 websites, including many government ones, were affected. He said the affected code had now been disabled and visitors were no longer at risk. The ICO said: "We are aware of the issue and are working to resolve it." Mr Helme said he was alerted by a friend who had received a malware warning when he visited the ICO website. He traced the problem to a website plug-in called Browsealoud, used to help blind and partially sighted people access the web. The cryptocurrency involved was Monero -- a rival to Bitcoin that is designed to make transactions in it "untraceable" back to the senders and recipients involved. The plug-in had been tampered with to add a program, Coinhive, which "mines" for Monero by running processor-intensive calculations on visitors' computers. The Register: A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.
It's ironic that the attack vector here was a blob of JavaScript designed to make the web more accessible, when JavaScript itself has done more to destroy accessibility than any technology in the history of the web (with the possible exception of Flash).
Unless your site is itself an application (leaving aside whether the web is a good app platform), you don't need JS at all. HTML+CSS is enough. Your site will automatically be more accessible, more compatible, use less battery and CPU, and will be more secure. It will also load much faster and be friendlier to people on crappy net connections.
The hackers were trying to get early access to an Initial Coin Offering, but ended up in a different ICO instead.
A site that allowed you to view their content with the agreement that you let them mine on your computer while you are doing so might not be a terrible way to go.
A good reminder for us tech-savvy folks to keep an eye on our gkrellm windows when browsing.
A steep climb in CPU usage or GPU temperature could be a sign of one of these jerks using you as a mining rig.
