Early on the morning of February 11, 2018, while the sysadmins were napping at the end of the night shift, an unknown hacking team cracked the plug-in’s “Browsealoud” code. They have added there a little-known miner crypto-currency and left, neatly noticing when tracking. Only by noon that day the team responsible for supporting Browsealoud, oriented in the situation after a barrage of calls and disconnected the plug for subsequent cleaning. But it was already late.
A feature of this short but effective attack was the fact that the Browsealoud plugin is designed to provide access to information for the blind and visually impaired people. And it is operated mainly where the US authorities are obliged to guarantee such access to its citizens – on the websites of national departments. In total, about 4,200 different pages were affected, which cast a shadow over the entire American state machine.
Hackers did not steal anything, did not add malicious viruses, did not harm the end users in any way. It’s just that people went to sites that were considered a priori protected from everything and that they needed in their professional and personal activities, and on their computers the script of the miner was run. How many hackers managed to “earn” in this way is not known, but this is not what causes anxiety.
The Internet opened a new Achilles heel – plug-ins like Browsealoud uses a lot of sites, the administrators of which by default trust their developers and are not reinsured. And those can not react to all the threats in the world and if hackers again imperceptibly crack a couple of plug-ins or drivers, they can overnight attack millions of sites. As the mining on allegedly overprotected US state portals showed, making it much easier than it seems.