Three major hacking news stories this week
Government website falls victim to hackers
The ICO took down their website after a warning that hackers were taking control of visitors’ computers to mine cryptocurrency, reported by the BBC.
The ICO’s website will remain closed as we continue to investigate a problem which is thought to involve an issue with the Browsealoud feature.
— ICO (@ICOnews) 12 February 2018
CNET explains that this was result of Scott Helme (Security Researcher) discovering that ‘a handful of government websites in the US, UK and Australia’.
According to CNET, Helme ‘traced the issue to a plugin called Browsealoud’. Coinhive, a rival to bitcoin, was added to the plugin.
Texthelp, the company behind Browsealoud, announced that that the Browsealoud plugin was compromised because of a cyber attack; ‘the hacker ‘added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency.’
Cyber attackers target the Winter Olympics
Officials confirm that the Winter Olympics in Pyeongchang experienced a cyber-attack. They refuse to confirm whether Russia were responsible, The Guardian reports.
Before the opening ceremony, the official website stopped working, not allowing users to access event information or to print their tickets. It took 12 hours for the website to work.
In addition, the Wi-Fi in the Olympic stadium was not working, and televisions and the internet at the main press centre were not working.
The rumour that Russia was responsible for the cyber attack as a reaction to them being banned from the Winter Olympic games as a result of the state-sponsored doping in Sochi in 2014 has not been proven.
As quoted by IT Proportal, Sung Baik-you, (spokesperson for the Pyeongchang organising committee) stated, ‘All issues were resolved and recovered’. Baik-you added ‘We decided with the IOC we are not going to reveal the source (of the attack)’.
Earlier in January, IT Proportal reported that the Olympic organisers received malicious emails containing malware. McAfee released more details of the attack on their blog: ‘The attacker spoofed the message to appear to be from email@example.com, which is the National Counter-Terrorism Center (NCTC) in South Korea.’
Equifax under pressure after data breach update
In September of last year, we published a report about Equifax’s data breach; 143 million Americans’ personal data were made vulnerable following a breach.
On Friday 9th February, Wall Street Journal reported that Equifax submitted a document to the Senate Banking Committee indicating that the cyber criminals accessed more personal information than Equifax previously reported.
According to the Investopedia blog, the data breach has cost ‘Equifax about 20% of its market value.’
US Senator Elizabeth Warren addressed a letter to Equifax demanding details of any other data the firm believes may have been stolen. Warren has requested a complete list of all data that has been confirmed to have been accessed by the hackers, a complete list of data that is believed to have been accessed by the hackers, a timeline of Equifax’s efforts to determine the extent of the breach and the process used by Equifax to inform members of the public.
According to the BBC, the Equifax data breach also affected customers in the UK. This was later revealed on their website. However, as quoted by the BBC, a spokesperson for Equifax assured that ‘This information does not change the number of consumers affected or any of the UK figures/statements already provided’.