Connect with us

Cybersecurity

Malware Alert: Files on WikiLeaks Can Infect Your Computer

Published

on

warningAn independent data researcher had originally discovered a massive data dump released by WikiLeaks to contain malware in torrent files made available by the whistleblowing website. Since then, the researcher has also confirmed that some of the files taken from the dump and now hosted on WikiLeaks.org are also malware infected.

// -- Discuss and ask questions in our community on Workplace.

Josh Wieder, a system administrator by trade, garnered attention from multiple newspapers and outlets around the world in April 2015. With a keen eye and the chops for data research, he revealed the presence of malware in WikiLeaks’ “Global Intelligence Files”. These files are a significant collection of emails and attachments taken from Strategic Forecasting (aka Stratfor), a private intelligence firm. He made the revelation in a blog post at the time.

Stratfor was originally plundered by Jeremy Hammond in 2011, and Hammond is currently serving prison time for the hack of millions of emails from the company. Soon enough, the emails in their droves were in WikiLeaks’ firm grasp in 2012, and the whistleblowing website began sharing the email archives using P2P sharing network, BitTorrent. The complete email dump was revealed and published on July 18, 2014, with a single, massive file comprising of over 5 million emails.

As it turned out, attachments included among 5.5 million Stratfor emails were and still are, to this day, infected with malware.

// -- Become a yearly Platinum Member and save 69 USD. Click here to change your current membership -- //

“My discovery of the malware was completely unintentional. I have followed Wikileaks for many years; I first came across the website when they released the Guantanamo policy documents which would have been seven to eight years ago,” Wieder told Hacked, talking about his curiosity and admiration for the whistle-blowing website, adding, “Wikileaks has been time and again been responsible for groundbreaking, historical journalism and they continue to be responsible for important work.”

After downloading the torrent containing the “Global Intelligence Files”, Weider noticed an attachment trying to execute a macro.

Sure enough the macro was virus written in Visual Basic called Magistr. That is when I decided to review all of the files within the file dump.

Wieder speculates in his blog the reasons as to why the malicious malware came to exist in the first place.

  • One theory that he considers the most likely is that malicious files were being sent to employees of Stratfor via email.
  • Another theory resulting from Edward Snowden’s revelations could point fingers at organizations actively trying to sabotage and cause the downfall of WikiLeaks.

More importantly, Weider believes that WikiLeaks ‘can’ be used as a “deliberate distribution mechanism” rather than finding out ‘if’ that was indeed the case in this particular instance..

“Someone who wants to identify not just members of WikiLeaks, but their readers, this would absolutely be the way to do it,” confirmed Wieder. Furthermore, there stands a good chance that malware exists among the more well-known data dumps, like those of Sony Pictures and the recent Hacking Team breach, both of which are indexed and easily searchable.

Weider decided to make his findings public for two reasons:

  • Getting the word out to security researchers who can review the files.
  • Warning users, particularly journalists and activists, the two groups regularly targeted by state surveillance.

Expanding on both, Weider notes that the discovery of malware present in the WikiLeaks dump is despite his lack of resources and time as an independent researcher. More security researchers combing through droves of data available in massively publicized dumps could mean a good thing if additional chunks of malware are discovered and reported. Even more-so for the security and privacy of investigative journalists, activists and users accessing the data. Edward Snowden’s revelations highlighted frustrations of network surveillance with the increased used of encryption, the Tor network, VPNs and more such services among journalists as a precautionary measure. Malware, however, is a different threat and the education to protect oneself against malware rarely coincides with learning to use encryption. It is for these reasons and more that Weider went public with his discovery.

A comprehensive account of the Weider’s findings is detailed in his blog here & here with a follow-up after discovering the files hosted on WikiLeaks itself, here.

Malware Woes

Wieder initially noticed WikiLeaks distributing the leaked emails through a list of torrent files. Upon further research, he discovered most of the malware to be embedded within PDF and DOC files. What began as the sharing of torrent files soon transpired into publishing the same malicious content on the WikiLeaks website itself, this time as uncompressed individual files. To help steer clear of the files, Wider compiled a list of the malware-laden files, their locations on WikiLeaks along with basic file information in a Pastebin dump.

doomWhile 5.5 million emails seem painstakingly significant in number and time-consuming to go through, Weider discovered that such numbers were deceptive because a lot of it included flat text email scripts, with no attachments. Such text files aren’t dangerous to those rummaging through the files in the dump, as opposed to original email recipients receiving it via email. The threat of malware comes from the attachments, totaling 178,960 files in 179 folders, by Wieder’s count. Upon running some of the files through an antivirus scanner, he discovered the presence of MyDoom, a classic worm that is predominantly obsolete while barely posing a threat in today’s world of modern computers. Such findings raise concerns about the security measures taken by WikiLeaks before publishing any of the data being hosted on its website, or indeed – if the data is being scanned at all.

He confirms his repeated attempts to contact the popular whistle-blowing website to bring their attention to the presence of malware in files, have gone unanswered. Wieder believes, however, that WikiLeaks is indeed aware of the malware inherent in the files it hosts.  “I was informed that one of the reporters who interviewed me did, in fact, discuss the presence of malware with a Wikileaks representative. So I have every reason to believe they are aware of the issue,” he says.

Hacked has verified the documents present in the dump and specified by Wieder to be malicious.

Significantly, most of the malware’s vulnerable targets have already been patched by their respective developers. Users can breathe easy while treading cautiously if their software is up-to-date with regular security updates. Still, it’s always recommended that one rummaging through the many leaks and file dumps on WikiLeaks does so by opening any hosted files on a disposable virtual machine. The inherent vulnerability here is the belief that reputable, mainstream organizations are expected to host safe content.

“Ultimately, while users are responsible for their own safe browsing, Wikileaks is also responsible for the content they provide to their users,” stressed Weider.

Wikileaks is also responsible for the content they provide to their users. No one can offer their users a complete guarantee of safety, but that does not mean websites ought to take basic precautions to safeguard their files.

A website that circulates malicious software – and that furthermore does so knowingly and without warning their users – does not deserve the trust of its users.

At the time of writing this article, the malware still exists.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.




Feedback or Requests?

2 Comments

2 Comments

  1. Max Lundgren

    August 31, 2015 at 3:21 pm

    I wonder why this self-styled icon of goodness and openness, honesty.

    Hide themselves on an embassy in the UK, for young people to answer questions about a rape during their stay in Sweden. It became a little too much of a good thing?

    There is hardly one can imagine that this Icon of Justice himself had stolen and hacked to him the information that he committed the great honor of.

    Day t to go home to Australia Mr. Julian rapist Assange.

    • Andrew

      September 8, 2015 at 7:48 pm

      Maybe you should try actually reading the article?

      No one is accusing Wikileaks of having put this malware there. There are two theories, and both relate to other actors embedding the malware.

You must be logged in to post a comment Login

Leave a Reply

Cybersecurity

Three Hours After Re-Launch, BitGrail Shuts Down Again

Published

on

Embattled digital currency exchange BitGrail has reportedly suspended operations a mere three hours after re-launching, a move that could signal the death knell for the controversial trading platform.

// -- Discuss and ask questions in our community on Workplace.

BitGrail Shuts Down After Court Order

The Italian exchange received an order from the Court of Florence on Tuesday to cease operations immediately. BitGrail was open for all of three hours before the order was handed down. All cryptocurrencies that were previously supported on the exchange were available for trade with the notable exception of Nano XRB.

On Wednesday, BitGrail issued the following statement:

“This morning, following the re-opening, we were notified of a deed by the court of Florence requesting the immediate closure of BitGrail and this situation will persist until a decision is made by the courts, about the precautionary suspension request made by the Bonelli law office on behalf of a client.”

// -- Become a yearly Platinum Member and save 69 USD. Click here to change your current membership -- //

A final decision by the court is scheduled for May 16 2018.

Embroiled in Controversy

The Italian exchange has been mired in controversy after 17 million Nano XRB tokens went missing in February. At the time, the total value of the theft was $170 million.

At the time, BitGrail said the shortfall was caused by “unauthorized transactions,” but didn’t indicate exactly when the hack took place.

A Twitter user by the name of “Francesco the Bomber,” who apparently runs the exchange, later confirmed that the funds were stolen and that the exchange didn’t have the capital to repay its customers. However, developers who used to work with Francesco claimed that the exchange was solvent long before the attack took place. This fact was concealed by BitGrail for as long as possible.

For its part, Nano XRB managed to recovery in the wake of the attacks, with prices reaching a high near $17 in early March. The cryptocurrency has nearly doubled in value over the last three weeks as part of a broader upward correction in the market.

The Nano Foundation has established a fund to assist BitGrail users affected by the attack. The Foundation says it will match donations to the fund for up to $1 million.

BitGrail was the second largest attack of a digital currency exchange this year. In January, cyber criminals made off with around $530 million worth of NEM tokens following an attack on Coincheck, a Japanese exchange.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 410 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Cybersecurity

Facebook Stock Has Best Day in Two Years as Zuckerberg Testifies

Published

on

Shares of Facebook Inc. (FB) gained on Tuesday, as CEO Mark Zuckerberg testified before U.S. lawmakers over allegations of data misuse.

// -- Discuss and ask questions in our community on Workplace.

Zuckerberg Gets Likes

Mark Zuckerberg apologized and defended his company on Tuesday as he appeared before a joint U.S. Senate committee hearing. “It was my mistake, and I’m sorry,” the 33-year-old CEO said when questioned about Facebook’s misuse of user data.

Lawmakers grilled Zuckerberg on issues ranging from Facebook’s Cambridge Analytica scandal to its failure in addressing provocative messages during the most recent Myanmar crisis. He took it all in stride, appearing confident and poised throughout the question-and-answer period (at least, that’s what professional PR experts quoted by Bloomberg had to say).

Zuckerberg took full responsibility not just for Cambridge Analytica, but for Facebook’s negligence in safeguarding consumer data. That said, Republican Senator from Iowa Chick Grassley sent a strong signal that new regulations are on the way.

// -- Become a yearly Platinum Member and save 69 USD. Click here to change your current membership -- //

“The status quo no longer works,” said Grassley, who chairs the Judiciary Committee. “Congress must determine if and how we need to strengthen privacy standards to ensure transparency and understanding for the billions of consumers who utilize these products.”

Wall Street Responds

The testimony resonated with Wall Street, as investors scooped up shares of the battered social media company. Facebook shares added 4.5%, their best in two years. By comparison, the S&P 500 Index gained 1.7% on Tuesday and the index’s technology component rose 2.5%.

The stock surge grew Zuckerberg’s personal fortune by $2.8 billion to $66 billion, according to Forbes. That makes him the world’s seventh richest person.

Despite the gain, FB is down almost 15% from its all-time high and its current price point lags behind the 50-day and 200-day moving averages. An RSI of 48 also signals weak underlying momentum for the social media stock.

Facebook’s Declining Usage

Facebook experienced a public backlash last month amid reports that a political research firm had scraped data on 87 million people. The revelation sparked a growing debate over Facebook’s privacy standards at a time when the company was battling a noticeable decline in usage.

The social media platform declined by roughly 50 million hours per day in the fourth quarter, or 5% overall. Meanwhile, independent research from a company named Edison found a steady drop in usage among Americans aged 12 and up.

While Zuckerberg has tried to spin the decline as a good thing, it’s apparent that the platform is experiencing fewer meaningful interactions, which partially explains recent efforts to transform the News Feed.

It remains to be seen how much damage the declines will do to top and bottom line results. Facebook is expected to report its quarterly earnings report Apr. 25. Analysts are expecting per-share earnings of $1.37 for the quarter, up from $1.04 the same time a year ago.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 410 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Cybersecurity

Facebook Admits It Has Failed to Protect User Privacy

Published

on

In the wake of the Cambridge Analytica scandal, Facebook has had to come clean about its privacy standards. The company recently admitted that the data on most of its 2 billion users could be compromised by malicious actors, a strong sign that the social media giant is not only misusing consumer data, but failing to protect it.

// -- Discuss and ask questions in our community on Workplace.

Data on the Loose

Facebook recently announced that it has removed a feature that allows users to search for people using email addresses or phone numbers. The feature, which accounts for 7% of all searches in some regions, is being discontinued over fears that malicious users were using it to “scrape” profiles.

Mike Shcroepfer, the company’s chief technology officer, issued the following statement on Wednesday:

“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.”

// -- Become a yearly Platinum Member and save 69 USD. Click here to change your current membership -- //

CEO Mark Zuckerberg told reporters that it was “reasonable to expect” that your information may have been accessed in this way.

The Cambridge Analytica scandal, which surfaced last month, blew the lid wide open on Facebook’s privacy standards. Since 2014, Cambridge Analytica legally obtained information on as many as 87 million Facebook users for the purpose of influencing elections. In the wake of the scandal, Zuckerberg is being summoned by U.S. Congress to testify before the House Energy and Commerce Committee, currently scheduled for Apr. 11. The CEO has acknowledged that his company made mistakes, but this has largely failed to resonate with Facebook’s growing list of critics.

Facebook Tanks

Many say that Facebook has suffered irreversible damage since the scandal was brought to light. Faced with declining usage, severed business ties and a severe backlash from the public, Facebook shares have tanked more than 16% over the last three weeks.

Prices have fallen below the 50-day and 200-day simple moving averages, with the short-term average converging on the longer one. An RSI in the low-30s makes a strong case for Facebook’s bearish downturn, although current levels indicate that an oversold bounce is likely.

FB’s share price shed another 0.7% on Wednesday even as the major indexes gained. The S&P 500’s information technology index rose 1.4%, capping off a solid recovery for the market.

Along with the other so-called FAANG stocks, Facebook has been largely responsible for the recent tech rollover and subsequent turbulence on Wall Street. Facebook, Apple, Amazon, Netflix and Google parent Alphabet lost a combined $324 billion in market cap between Mar. 12 and Apr. 2.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
3 votes, average: 4.67 out of 53 votes, average: 4.67 out of 53 votes, average: 4.67 out of 53 votes, average: 4.67 out of 53 votes, average: 4.67 out of 5 (3 votes, average: 4.67 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 410 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending