WikiLeaks: The Biter Bit

WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address.

The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.

But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual “hack” appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security.

The group appears to have carried out an attack known as “DNS poisoning” for a short while on Thursday 31st August in the morning.

Rather than attacking WikiLeaks’ servers directly, they have convinced one or more DNS servers, which are responsible for turning the human-readable “wikileaks.org” web address into a machine-readable string of numbers that tells a computer where to connect, to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.

It is unlikely WikiLeaks own servers were breached. The DNS protocol is a notoriously weak link of the internet due to the ease with which it can be compromised by both malicious individuals and state actors.

The WikiLeaks hack also takes a different approach in its substance. In the message it posted to the organisation’s web address, OurMine jokingly begins to claim to be “testing your …” before breaking off and reminding WikiLeaks about the time “you challenged us to hack you”.

It’s the third time the hackers have gone after WikiLeaks, after twice launching a DDoS attack, a form of cyber-attack where a site is overloaded with connections in an attempt to bring it to its knees, against the organisation, in December 2015 and July 2016.

That spat caused Anonymous, the online collective, to post personal information of individuals they claimed to be members of OurMine. The hackers argued the so called “doxing” was incorrect.

In a statement shared on the Twitter account of one OurMine member, the group said “they challenged us to hack them about a few months ago, and we’ve been working on this hack for a very long time, and finally we did it! It’s hacked! … We are working to obtain new secret things/emails from WikiLeaks but for now we are only able to receive new messages that have been sent to [the Wikileaks press contact].”

It’s the latest in a string of high-profile yet ultimately low-impact attacks from OurMine, which first rose to fame after hacking the social media accounts of a string of tech titans in the summer of 2016. Mark Zuckerberg, Dick Costolo, Jack Dorsey and Sundar Pichai were amongst those who had embarrassing messages posted to their feeds.

Those hacks almost always followed the same template: finding re-used passwords in a previously-released data breach (for instance, Mark Zuckerberg’s password “dadada” was discovered in a 2011-era LinkedIn database), and testing them in as many services as possible until finding one that works.

The group then typically posts a message claiming to be “testing the victim’s security”, before linking to their website, which offers penetration testing for $30 upwards. Most recently they took over HBO’s Twitter accounts, as the TV company was in the midst of a separate ransomware attack.

WikiLeaks has not responded to requests for comment, but the WikiLeaks Task Force, a semi-official account linked to the group, called this article “fake news”.

Guardian:

You Might Also Read: 

WikiLeaks  Has Published The CIA’s Secrets For Infecting Windows:

Does Russia Benefit When Assange Reveals Secrets?:

 

« Brit Accused of Bank Cyber Attacks
Canadian University Hit For $12m Phishing Scam »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

Watch this webinar to see how cloud security posture management (CSPM) tools can fit into your cloud security strategy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Blueskytec (BST)

Blueskytec (BST)

BST provide accredited, patent-pending commercial cyber security hardware and software to protect your cyber physical systems from attack.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

senhasegura

senhasegura

senhasegura is a global Privileged Access Management vendor. Our mission is to eliminate privilege abuse in organizations around the globe and build digital sovereignty.

Centroid

Centroid

Centroid is a cloud services and technology company that provides Oracle enterprise workload consulting and managed services across Oracle, Azure, Amazon, Google, and private cloud.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

Cycurion

Cycurion

Cycurion is a global leading provider of Network Communications and Information Technology Security Solutions.

Zama

Zama

Zama - pioneering homomorphic encryption. We believe people shouldn't care about privacy. Not because it doesn't matter, but because it shouldn't be an issue!

ITRM

ITRM

ITRM are one of the UK’s top managed service providers and offer a range of award-winning IT solutions, from ad-hoc consultancy to cyber security.