Notorious whistleblowing site Wikileaks drew the attention of the cyber security community this week, as the organisation fell victim to an apparent hack.
Visitors to the Wikileaks homepage were greeted with a message from security company OurMine, proclaiming that it had hacked WikiLeaks in response to a challenge supposedly issued by the organisation.
"Hi, it's OurMine," the message read. "Don't worry we are just testing your... blablablab [sic], Oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?"
The same statement also taunted cyber vigilante group Anonymous, indicating that this hack was partly in revenge for an incident in which Anonymous allegedly attempted to dox the group for attacking Wikileaks, which has been accused of being a front for Russian intelligence. "There we go" the message read. "One group beat you all!"
However, it quickly emerged that OurMine had not actually broken into Wikileaks' servers at all. Instead, the group used a tactic known as 'DNS poisoning', whereby an attacker gains control of the DNS server that controls how traffic is routed to an IP address, and redirects it to a location of their choosing, in this case, a page hosted on OurMine's own server.
The attack has now apparently been thwarted, and the Wikileaks site appears to be fully operational once again.
The statement left by the group echoed the message it commonly left on the social media accounts of its other victims, which usually state that the group is "just testing [the victim's] security". These victims include various high-profile companies and individuals, including Facebook founder Mark Zuckerberg, Google CEO Sundar Pichai and, most recently, Game Of Thrones creators HBO.
These hacks are apparently operated as promotional stunts for the group's cyber security consultancy and penetration testing business, with victims advised to contact the group if they wish to improve their security.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Sweden drops rape charges against Julian AssangeNews Assange may still remain in hiding, however
-
Cisco discloses Vault 7 vulnerabilitiesNews Internal analysis seems to have identified bug revealed by WikiLeaks
-
Apple iOS 10.2.1 protects users from Weeping AngelAnalysis Security community says Vault 7 content is "no surprise", but reckless
-
WikiLeaks ‘exposes people’s personal data’ in leaked filesNews Rape victims and other innocent people named in WikiLeaks documents, says AP
-
Pressure mounts on US justice department to drop Wikileaks investigation
News Human rights organisations claim investigation could put all journalists at risk of prosecution
-
Julian Assange unlikely to be charged by US governmentNews No way to prosecute Assange without also taking legal action against journalists.
-
Bradley Manning found guilty of espionageNews US Soldier Bradley Manning could face up to a 136-year jail sentence.
-
Anonymous attacks UK gov websites in Assange protestNews ‘Hacktivists’ target Ministry of Justice website over handling of Wikileaks founder asylum case.
