WikiLeaks homepage ‘hack’ is not really what it seems

31 Aug 2017

Julian Assange, WikiLeaks. Image: Espen Moe/Flickr

Although the WikiLeaks homepage was defaced, it wasn’t quite a legitimate hacking incident.

Saudi-Arabian hacking group OurMine defaced the homepage of Julian Assange’s WikiLeaks for a short period this morning (August 31), in what is known as a “DNS poisoning” attack.

The Guardian reported that the group had convinced one or more DNS servers – which turn the text an individual inputs into a search bar into a numerical string readable by computers – to change their records. Those DNS servers then told browsers that Wikileaks.org was actually located on a server controlled by OurMine.

The message from OurMine hackers on the homepage read: “Hi, it’s OurMine (Security Group), don’t worry we are just testing your … blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?”

A continued campaign from OurMine

This marks the third occasion OurMine has gone after Assange and his company, previously launching DDoS attacks in 2015 and 2016.

It continued, mentioning OurMine’s feud with Anonymous, which had been ignited after the latter posted personal information from alleged OurMine members following the DDoS attacks. Hackers took issue with this breach of privacy: “Anonymous, remember when you tried to dox us with fake information for attacking wikileaks [sic]?

“There we go! One group beat you all! #WikileaksHack lets get it trending on twitter [sic]!”

It isn’t likely that the WikiLeaks servers were breached in this attack, and the dubbing of the incident as a true ‘hack’ is actually a little wide of the mark.

The hackers used the tried-and-tested method of finding old passwords from previous large breaches, and trying them out on as many sites as possible in a process of elimination.

OurMine also hijacked the Pinterest and Twitter accounts of Mark Zuckerberg last year, and HBO’s Twitter account earlier this month.

Exactly how OurMine managed to hijack the WikiLeaks DNS is still unclear, with Gizmodo reporting it could have been malicious, or, more simply, someone at OurMine knew an individual with WikiLeaks administration access.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com