Take a fresh look at your lifestyle.
Live Updates COVID-19 CASES
  • World 18,373,573
    World
    Confirmed: 18,373,573
    Active: 6,111,416
    Recovered: 11,567,028
    Death: 695,129
  • South Africa 511,485
    South Africa
    Confirmed: 511,485
    Active: 155,892
    Recovered: 347,227
    Death: 8,366
  • Egypt 94,483
    Egypt
    Confirmed: 94,483
    Active: 47,163
    Recovered: 42,455
    Death: 4,865
  • Nigeria 43,841
    Nigeria
    Confirmed: 43,841
    Active: 22,645
    Recovered: 20,308
    Death: 888
  • Ghana 37,812
    Ghana
    Confirmed: 37,812
    Active: 3,308
    Recovered: 34,313
    Death: 191
  • Kenya 22,597
    Kenya
    Confirmed: 22,597
    Active: 13,475
    Recovered: 8,740
    Death: 382
  • Ethiopia 19,289
    Ethiopia
    Confirmed: 19,289
    Active: 11,022
    Recovered: 7,931
    Death: 336
  • Zimbabwe 3,921
    Zimbabwe
    Confirmed: 3,921
    Active: 2,835
    Recovered: 1,016
    Death: 70
  • Somalia 3,220
    Somalia
    Confirmed: 3,220
    Active: 1,529
    Recovered: 1,598
    Death: 93
  • South Sudan 2,429
    South Sudan
    Confirmed: 2,429
    Active: 1,208
    Recovered: 1,175
    Death: 46
  • Namibia 2,406
    Namibia
    Confirmed: 2,406
    Active: 2,207
    Recovered: 187
    Death: 12
  • Rwanda 2,062
    Rwanda
    Confirmed: 2,062
    Active: 913
    Recovered: 1,144
    Death: 5
  • Tanzania 509
    Tanzania
    Confirmed: 509
    Active: 305
    Recovered: 183
    Death: 21
  • Burundi 395
    Burundi
    Confirmed: 395
    Active: 90
    Recovered: 304
    Death: 1

Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online

0 466

WASHINGTON POST:Unknown activists have posted nearly 25,000 email addresses and passwords allegedly belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other groups working to combat the coronavirus pandemic, according to the SITE Intelligence Group, which monitors online extremism and terrorist groups.

While SITE was unable to verify whether the email addresses and passwords were authentic, the group said the information was released Sunday and Monday and almost immediately used to foment attempts at hacking and harassment by far-right extremists. An Australian cybersecurity expert, Robert Potter, said he was able to verify that the WHO email addresses and passwords were real.




The risk of new intrusions from the publication of email addresses and passwords is hard to measure because government and business organizations often use multi-factor authentication, which requires a temporary code or a physical token to access a computer system — even when an attacker has a valid password. U.S. government agencies use multi-factor authentication widely, though not universally, with the most sensitive computer systems most likely to have this extra layer of protection against intruders, say people familiar with federal information technology guidelines.

The lists of user credentials, whose origins are unclear, appear to have first been posted to 4chan, a message board notorious for its hateful and extreme political commentary, and later to Pastebin, a text storage site, to Twitter and to far-right extremist channels on Telegram, a messaging app.

“Neo-Nazis and white supremacists capitalized on the lists and published them aggressively across their venues,” said Rita Katz, SITE’s executive director. “Using the data, far-right extremists were calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic. The distribution of these alleged email credentials were just another part of a months-long initiative across the far right to weaponize the covid-19 pandemic.”




Smaller numbers of entries were listed for the Gates Foundation, a private philanthropic group whose co-founder, Microsoft co-founder Bill Gates, last week announced $150 million in new funding to combat the pandemic. Also targeted was the Wuhan Institute of Virology, a Chinese research center in the city where the pandemic began that has been accused of a role in triggering the outbreak.

The NIH issued a statement Wednesday saying, “We are always working to ensure optimal cyber safety and security for NIH and take appropriate action to address threats or concerns. We do not comment on specific cybersecurity matters, as such information could be used to undertake malicious activities.”

NIH and other affected institutions declined to say whether they use multi-factor authentication, but current and former employees said that such protections had become routine within federal agencies.




The CDC and World Bank did not reply to requests for comment. The Gates Foundation said in a statement, “We are monitoring the situation in line with our data security practices. We don’t currently have an indication of a data breach at the foundation.”

WHO confirmed the incident in a statement Wednesday that cited a higher number of exposed credentials, 6,835, than had been reported by SITE. But WHO said only 457 of those were active and valid, and none of those were compromised. “As a precaution, passwords have now been reset for the 457 users whose email addresses were exposed,” the WHO statement said.




The FBI declined to comment.

Twitter spokeswoman Katie Rosborough said, “We’re aware of this account activity and are taking widespread enforcement action under our rules, specifically our policy on private information. We’re also taking bulk removal action on the URL that links to the site in question.”

Potter, chief executive of Australian company Internet 2.0, said he was able to gain access into the WHO computer systems using email addresses and passwords posted on the Internet. The WHO has come under heavy criticism, including from President Trump, who suspended funding to it, for its response to the novel coronavirus and has been accused of being too deferential to China.




“Their password security is appalling,” Potter said of the WHO. “Forty-eight people have ‘password’ as their password.” Others, he said, had used their own first names or “changeme.”

Potter said the alleged email addresses and passwords may have been purchased from vendors on the dark Web, a portion of the Internet that is not indexed by most search engines and where hacked information often is posted for sale. He said the WHO credentials appear to have come from a hack in 2016.

Katz, of SITE, said that while material from old hacks does appear on the dark Web occasionally, “we have not yet found any rock-solid proof of that for this specific case.”




References to the hacked information already are being deployed online to fuel disinformation, including linking HIV, the virus that causes AIDS, to the coronavirus.

Among the most prominent Telegram venues to share the information was the neo-Nazi channel “Terrorwave Refined,” a prominent recruiting and support channel for neo-Nazi groups such as Azov Battalion, the Base and Nordic Resistance Movement. In the past four months, the number of users subscribed to Terrorwave Refined has increased by 30 percent, with the channel now hosting over 5,300 followers.

Terrorwave Refined shared tweets and a thread on 9chan, another message board popular with extremists, containing the addresses and passwords. Terrorwave Refined posted a meme that implied that information seized through the email addresses and passwords “confirmed that SARS-Co-V-2 was in fact artificially spliced with HIV,” referring to the scientific name for the coronavirus.




A Twitter post with links to the data said, “Anons know what to do…make this go viral” — a likely reference to anonymous followers.

Matt Zapotosky contributed to this report.

 

CORONAVIRUS CASES

Live Updates COVID-19 CASES
  • World 18,373,573
    World
    Confirmed: 18,373,573
    Active: 6,111,416
    Recovered: 11,567,028
    Death: 695,129
  • South Africa 511,485
    South Africa
    Confirmed: 511,485
    Active: 155,892
    Recovered: 347,227
    Death: 8,366
  • Egypt 94,483
    Egypt
    Confirmed: 94,483
    Active: 47,163
    Recovered: 42,455
    Death: 4,865
  • Nigeria 43,841
    Nigeria
    Confirmed: 43,841
    Active: 22,645
    Recovered: 20,308
    Death: 888
  • Ghana 37,812
    Ghana
    Confirmed: 37,812
    Active: 3,308
    Recovered: 34,313
    Death: 191
  • Kenya 22,597
    Kenya
    Confirmed: 22,597
    Active: 13,475
    Recovered: 8,740
    Death: 382
  • Ethiopia 19,289
    Ethiopia
    Confirmed: 19,289
    Active: 11,022
    Recovered: 7,931
    Death: 336
  • Zimbabwe 3,921
    Zimbabwe
    Confirmed: 3,921
    Active: 2,835
    Recovered: 1,016
    Death: 70
  • Somalia 3,220
    Somalia
    Confirmed: 3,220
    Active: 1,529
    Recovered: 1,598
    Death: 93
  • South Sudan 2,429
    South Sudan
    Confirmed: 2,429
    Active: 1,208
    Recovered: 1,175
    Death: 46
  • Namibia 2,406
    Namibia
    Confirmed: 2,406
    Active: 2,207
    Recovered: 187
    Death: 12
  • Rwanda 2,062
    Rwanda
    Confirmed: 2,062
    Active: 913
    Recovered: 1,144
    Death: 5
  • Tanzania 509
    Tanzania
    Confirmed: 509
    Active: 305
    Recovered: 183
    Death: 21
  • Burundi 395
    Burundi
    Confirmed: 395
    Active: 90
    Recovered: 304
    Death: 1
(Visited 635 times, 1 visits today)

Get real time updates directly on you device, subscribe now.

Comments
Loading...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More