WikiLeaks: The Biter Bit

WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address.

The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.

But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual “hack” appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security.

The group appears to have carried out an attack known as “DNS poisoning” for a short while on Thursday 31st August in the morning.

Rather than attacking WikiLeaks’ servers directly, they have convinced one or more DNS servers, which are responsible for turning the human-readable “wikileaks.org” web address into a machine-readable string of numbers that tells a computer where to connect, to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.

It is unlikely WikiLeaks own servers were breached. The DNS protocol is a notoriously weak link of the internet due to the ease with which it can be compromised by both malicious individuals and state actors.

The WikiLeaks hack also takes a different approach in its substance. In the message it posted to the organisation’s web address, OurMine jokingly begins to claim to be “testing your …” before breaking off and reminding WikiLeaks about the time “you challenged us to hack you”.

It’s the third time the hackers have gone after WikiLeaks, after twice launching a DDoS attack, a form of cyber-attack where a site is overloaded with connections in an attempt to bring it to its knees, against the organisation, in December 2015 and July 2016.

That spat caused Anonymous, the online collective, to post personal information of individuals they claimed to be members of OurMine. The hackers argued the so called “doxing” was incorrect.

In a statement shared on the Twitter account of one OurMine member, the group said “they challenged us to hack them about a few months ago, and we’ve been working on this hack for a very long time, and finally we did it! It’s hacked! … We are working to obtain new secret things/emails from WikiLeaks but for now we are only able to receive new messages that have been sent to [the Wikileaks press contact].”

It’s the latest in a string of high-profile yet ultimately low-impact attacks from OurMine, which first rose to fame after hacking the social media accounts of a string of tech titans in the summer of 2016. Mark Zuckerberg, Dick Costolo, Jack Dorsey and Sundar Pichai were amongst those who had embarrassing messages posted to their feeds.

Those hacks almost always followed the same template: finding re-used passwords in a previously-released data breach (for instance, Mark Zuckerberg’s password “dadada” was discovered in a 2011-era LinkedIn database), and testing them in as many services as possible until finding one that works.

The group then typically posts a message claiming to be “testing the victim’s security”, before linking to their website, which offers penetration testing for $30 upwards. Most recently they took over HBO’s Twitter accounts, as the TV company was in the midst of a separate ransomware attack.

WikiLeaks has not responded to requests for comment, but the WikiLeaks Task Force, a semi-official account linked to the group, called this article “fake news”.

Guardian:

You Might Also Read: 

WikiLeaks  Has Published The CIA’s Secrets For Infecting Windows:

Does Russia Benefit When Assange Reveals Secrets?:

 

« Brit Accused of Bank Cyber Attacks
Canadian University Hit For $12m Phishing Scam »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

SK-CERT

SK-CERT

SK-CERT National Computer Computer Emergency Response Team of Slovakia.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

Enclave Networks

Enclave Networks

Our mission is to give IT professionals a simple way to rapidly build secure connectivity between any application, computer system, device or infrastructure - regardless of the underlying network.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

TechDemocracy

TechDemocracy

TechDemocracy are a trusted, global cyber risk assurance solutions provider whose DNA is rooted in cyber advisory, managed and implementation services.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

Amyna Systems

Amyna Systems

Amyna has developed an IoT cybersecurity platform that prevents malignant attacks, helping users to protect themselves from cyberattacks.

Network Coverage

Network Coverage

Network Coverage align, maintain, and integrate technology and cloud solutions with business operations to improve productivity and security with as few issues and disruptions as possible.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.