Wikileaks 'hacked' by OurMine

The whistleblowing site was supposedly breached, but the attack was found to be a simple DNS spoof

Notorious whistleblowing site Wikileaks drew the attention of the cyber security community this week, as the organisation fell victim to an apparent hack.

Visitors to the Wikileaks homepage were greeted with a message from security company OurMine, proclaiming that it had hacked WikiLeaks in response to a challenge supposedly issued by the organisation.

"Hi, it's OurMine," the message read. "Don't worry we are just testing your... blablablab [sic], Oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?"

The same statement also taunted cyber vigilante group Anonymous, indicating that this hack was partly in revenge for an incident in which Anonymous allegedly attempted to dox the group for attacking Wikileaks, which has been accused of being a front for Russian intelligence. "There we go" the message read. "One group beat you all!"

However, it quickly emerged that OurMine had not actually broken into Wikileaks' servers at all. Instead, the group used a tactic known as 'DNS poisoning', whereby an attacker gains control of the DNS server that controls how traffic is routed to an IP address, and redirects it to a location of their choosing, in this case, a page hosted on OurMine's own server.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The attack has now apparently been thwarted, and the Wikileaks site appears to be fully operational once again.

The statement left by the group echoed the message it commonly left on the social media accounts of its other victims, which usually state that the group is "just testing [the victim's] security". These victims include various high-profile companies and individuals, including Facebook founder Mark Zuckerberg, Google CEO Sundar Pichai and, most recently, Game Of Thrones creators HBO.

These hacks are apparently operated as promotional stunts for the group's cyber security consultancy and penetration testing business, with victims advised to contact the group if they wish to improve their security.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020