WikiLeaks: The Biter Bit

Uploaded on 2017-09-13 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW

WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address.

The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.

But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual “hack” appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security.

The group appears to have carried out an attack known as “DNS poisoning” for a short while on Thursday 31st August in the morning.

Rather than attacking WikiLeaks’ servers directly, they have convinced one or more DNS servers, which are responsible for turning the human-readable “wikileaks.org” web address into a machine-readable string of numbers that tells a computer where to connect, to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.

It is unlikely WikiLeaks own servers were breached. The DNS protocol is a notoriously weak link of the internet due to the ease with which it can be compromised by both malicious individuals and state actors.

The WikiLeaks hack also takes a different approach in its substance. In the message it posted to the organisation’s web address, OurMine jokingly begins to claim to be “testing your …” before breaking off and reminding WikiLeaks about the time “you challenged us to hack you”.

It’s the third time the hackers have gone after WikiLeaks, after twice launching a DDoS attack, a form of cyber-attack where a site is overloaded with connections in an attempt to bring it to its knees, against the organisation, in December 2015 and July 2016.

That spat caused Anonymous, the online collective, to post personal information of individuals they claimed to be members of OurMine. The hackers argued the so called “doxing” was incorrect.

In a statement shared on the Twitter account of one OurMine member, the group said “they challenged us to hack them about a few months ago, and we’ve been working on this hack for a very long time, and finally we did it! It’s hacked! … We are working to obtain new secret things/emails from WikiLeaks but for now we are only able to receive new messages that have been sent to [the Wikileaks press contact].”

It’s the latest in a string of high-profile yet ultimately low-impact attacks from OurMine, which first rose to fame after hacking the social media accounts of a string of tech titans in the summer of 2016. Mark Zuckerberg, Dick Costolo, Jack Dorsey and Sundar Pichai were amongst those who had embarrassing messages posted to their feeds.

Those hacks almost always followed the same template: finding re-used passwords in a previously-released data breach (for instance, Mark Zuckerberg’s password “dadada” was discovered in a 2011-era LinkedIn database), and testing them in as many services as possible until finding one that works.

The group then typically posts a message claiming to be “testing the victim’s security”, before linking to their website, which offers penetration testing for $30 upwards. Most recently they took over HBO’s Twitter accounts, as the TV company was in the midst of a separate ransomware attack.

WikiLeaks has not responded to requests for comment, but the WikiLeaks Task Force, a semi-official account linked to the group, called this article “fake news”.

Guardian:

You Might Also Read: 

WikiLeaks  Has Published The CIA’s Secrets For Infecting Windows:

Does Russia Benefit When Assange Reveals Secrets?:

 

« Brit Accused of Bank Cyber Attacks
Canadian University Hit For $12m Phishing Scam »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Allen & Overy

Allen & Overy

Allen & Overy is an international law firm. Practice areas include Cybersecurity and Data Protection.

Center for Long-Term Cybersecurity (CLTC)

Center for Long-Term Cybersecurity (CLTC)

The Center for Long-Term Cybersecurity is developing and shaping cybersecurity research and practice based on a long-term vision of the internet and its future.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

Kocho

Kocho

Kocho (formerly TiG) is a provider of identity and access, cyber security, cloud transformation, and managed IT services.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Jit

Jit

Jit empowers developers to own security for the product they are building from day zero.

Censinet

Censinet

Censinet provides the first and only third-party risk management platform for healthcare organizations to manage the threats to patient care that exist within an expanding ecosystem.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

SecurityLoophole

SecurityLoophole

SecurityLoophole is an independent cyber security news platform with global coverage. Latest updates, reports, news and events related to cyber security.

MultiQoS

MultiQoS

MultiQoS is a software development company that provides web and mobile app development solutions. We deliver business IT solutions and related services to customers worldwide.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.