WikiLeaks: The Biter Bit

WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address.

The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.

But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual “hack” appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security.

The group appears to have carried out an attack known as “DNS poisoning” for a short while on Thursday 31st August in the morning.

Rather than attacking WikiLeaks’ servers directly, they have convinced one or more DNS servers, which are responsible for turning the human-readable “wikileaks.org” web address into a machine-readable string of numbers that tells a computer where to connect, to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.

It is unlikely WikiLeaks own servers were breached. The DNS protocol is a notoriously weak link of the internet due to the ease with which it can be compromised by both malicious individuals and state actors.

The WikiLeaks hack also takes a different approach in its substance. In the message it posted to the organisation’s web address, OurMine jokingly begins to claim to be “testing your …” before breaking off and reminding WikiLeaks about the time “you challenged us to hack you”.

It’s the third time the hackers have gone after WikiLeaks, after twice launching a DDoS attack, a form of cyber-attack where a site is overloaded with connections in an attempt to bring it to its knees, against the organisation, in December 2015 and July 2016.

That spat caused Anonymous, the online collective, to post personal information of individuals they claimed to be members of OurMine. The hackers argued the so called “doxing” was incorrect.

In a statement shared on the Twitter account of one OurMine member, the group said “they challenged us to hack them about a few months ago, and we’ve been working on this hack for a very long time, and finally we did it! It’s hacked! … We are working to obtain new secret things/emails from WikiLeaks but for now we are only able to receive new messages that have been sent to [the Wikileaks press contact].”

It’s the latest in a string of high-profile yet ultimately low-impact attacks from OurMine, which first rose to fame after hacking the social media accounts of a string of tech titans in the summer of 2016. Mark Zuckerberg, Dick Costolo, Jack Dorsey and Sundar Pichai were amongst those who had embarrassing messages posted to their feeds.

Those hacks almost always followed the same template: finding re-used passwords in a previously-released data breach (for instance, Mark Zuckerberg’s password “dadada” was discovered in a 2011-era LinkedIn database), and testing them in as many services as possible until finding one that works.

The group then typically posts a message claiming to be “testing the victim’s security”, before linking to their website, which offers penetration testing for $30 upwards. Most recently they took over HBO’s Twitter accounts, as the TV company was in the midst of a separate ransomware attack.

WikiLeaks has not responded to requests for comment, but the WikiLeaks Task Force, a semi-official account linked to the group, called this article “fake news”.

Guardian:

You Might Also Read: 

WikiLeaks  Has Published The CIA’s Secrets For Infecting Windows:

Does Russia Benefit When Assange Reveals Secrets?:

 

« Brit Accused of Bank Cyber Attacks
Canadian University Hit For $12m Phishing Scam »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

SISSDEN

SISSDEN

SISSDEN will improve cybersecurity through the development of increased awareness and the effective sharing of actionable threat information.

Prove & Run

Prove & Run

Prove & Run provides a patented software development toolchain that is specifically forged to deal with the complex security properties of sensitive software components.

ICTSecurity Portal

ICTSecurity Portal

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

Gordian Networks

Gordian Networks

Gordian Networks offers complete managed IT services and IT support for small to large businesses.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

Nova Microsystems

Nova Microsystems

Nova's mission is to revolutionize cybersecurity through continuous data analysis and dynamic AI-driven encryption.