Whoever was behind the release of around 25,000 leaked email addresses and passwords for employees of public health organizations amid coronavirus outbreak was likely an American conspiracy theorist.
The SITE Intelligence Group, an organization that monitors online extremist and terrorist activity, concluded that the emails and passwords were culled from a broader 2016 release of hacked records. The security group now believes that the person behind data dumping tried to convince others in unlocking those accounts to prove the organizations were part of a worldwide conspiracy behind the novel coronavirus.
Conspiracy theorists, again?
SITE announced it has yet to discover the offline identification of whoever uploaded the materials. However, the Washington Post said SITE found feedbacks and links on social media websites linking to a far-right conspiracy theorist.
This finding is not surprising as the leak published in 4chan was circulated by right-wing extremists and white supremacist groups.
Pieces of evidence were likely acquired by anyone who knew where to look for it online. Motherboard found that running links by breach site Have I Been Pwned gave several hits. However, the age of the facts does restrict its usefulness.
"In line with these views, the uploader sought to encourage other users to log into the email addresses to uncover these perceived lies and secrets," SITE executive director Rita Katz told the Post.
On multiple platforms, Katz explained that the user framed the email credentials as a sort of a gold mine of information and requested users to log on and save as much as they could.
Taking advantage, yes?
Conspiracy theorists have capitalized on the coronavirus as a possibility to spread baseless claims. The claims include that the worldwide emergency is a pretext for "population control," that the SARS-CoV-2 virus is a bioweapon, or that the illness is secretly due to 5G mobile towers. Bill Gates, who has pushed for a stricter reaction since the virus unfold in the U.S., also became a target.
Such theories have picked up alarming traction among more mainstream segments of right-wing media who tried to divert the blame for the federal government's fumbled response to the pandemic.
According to SITE, the data were uploaded to the text-sharing website Pastebin on April 19, after which hyperlinks to it or copies ended up spreading through 4chan, 9chan, Discord, Twitter, and Telegram.
Cybersecurity corporation Prevailion has separately said detecting a command-and-control computer receiving pings from malicious software programs in World Bank and WHO systems, the Post wrote. However, there is no recognized connection between the two incidents, and WHO has stated it has discovered "no strains nor evidence" of the trojan involved.
"The leaked credentials did not put WHO systems at risk because the data was not recent," the WHO said in a statement last week. The health agency added it had been subject to an increased rate of cyberattacks since the start of the pandemic.
WHO said the attack did impact an older extranet system, used by the current and retired staff as well as its partners. The public health organization is now migrating affected systems to a more secure authentication system."
