Home » LA Times Hit by Cryptojacking Campaign

LA Times Hit by Cryptojacking Campaign

In the wake of a controversial sale to a new owner, it is being reported that the Los Angeles Times was one of a large group of websites affected by the unauthorized injection of a cryptocurrency-mining script.

Thousands of websites around the world – from the United Kingdom’s National Health Service to the City University of New York (cuny.edu) and the United States’ court information portal (uscourts.gov) – had been unwittingly engaged in secretly mining cryptocurrency using the processing power of computers belonging to readers who visited the sites via web browsers.

An earlier set of affected sites were found to be using a plugin called Browsealoud, made by the British company Texthelp, which is used for reading out webpages for blind or partially sighted people.

Hackers altered Browsealoud’s source code in order to quietly add a Monero miner into every webpage offering Browsealoud. Monero is a privacy-focused cryptocurrency that’s distinct from Bitcoin. Many coiners prefer to mine Monero (symbol: XMR) because, unlike Bitcoin, which has moved on to only being worth mining on expensive specialized equipment, XMR can still be mined on a regular computer.

Upon being informed of the situation, the JavaScript mining codemaker Coinhive immediately terminated the account of the key associated with the BrowseAloud incident.

In the case of the L.A. Times, it was not a compromised plugin that was serving javascript code. Instead, the IT staff of the paper had left at least one of their Amazon Web Services (AWS) S3 cloud storage buckets wide open for anyone on the internet to freely change, update, and tamper.

Visiting the online newspaper’s pages increased desktop computers’ CPU usage by a considerable amount, though not enough to affect the user experience.

The maliciously added script has since been removed.

Websites such as Salon have been offering their visitors the option to donate their CPU power in lieu of seeing ads.