Who Does the Data Belong To?
Extremist groups have posted nearly 25,000 email addresses and passwords allegedly belonging to the US’s National Institutes of Health (NIH), the World Health Organization (WHO) and the Gates Foundation, amongst others. All are organizations involved in combating the coronavirus pandemic. A report by Site Intelligence, a private terrorism watchdog based in the US, stated that the largest number of credentials came from the NIH, with 9,938 credentials posted online. The US’s Centers for Disease Control and Prevention had the second largest number with 6,857. The number of WHO credentials totaled 2,732 and a smaller number of credentials belonged to the Gates Foundation.
Responses from Organizations Involved
In response to Site Intelligence’s report, the NIH released a statement saying: “We are always working to ensure optimal cyber safety and security for NIH and take appropriate action to address threats or concerns. We do not comment on specific cyber-security matters, as such information could be used to undertake malicious activities.” The WHO also released a statement confirming the incident. However, they stated that only 457 of the total number of credentials posted were active and valid. The WHO also stated that none of these 457 credentials were compromised. Nonetheless, they reset the passwords on these accounts as a precautionary measure. The Gates Foundation said in a statement: “We are monitoring the situation in line with our data security practices. We don’t currently have an indication of a data breach at the foundation.”
Data Dump Origins Unclear
Site Intelligence were the first to notice the data dump. However, they were unable to ascertain where the list of email addresses and passwords originated from. It is likely that the list may contain aggregated data obtained from past data breaches. For example, according to Robert Potter, an Australian cybersecurity expert, the WHO logon credentials appear to originate from a 2016 breach. He went on to explain that the credentials were probably bought on the dark web. Site Intelligence were also unable to verify whether the email addresses and passwords were authentic. However, Potter, verified that at least the WHO credentials were real. According to Site Intelligence the list of credentials was released Sunday and Monday. Far-right extremists obtained the data soon after and distributed it to promote hacking and harassment attempts. The list of credentials first appeared on 4chan, a message board well known for containing hateful and extreme political commentary. It then spread to Pastebin, a text storage site, and to far-right extremist channels on the messaging app Telegram. The list of emails and passwords is now also circulating widely on social media.
How are Extremists Using the Data?
Far-right extremists have apparently been particularly active recently in spreading disinformation about the coronavirus pandemic. Their aim being to increase anti-government sentiment and encourage a movement towards their more violent and extremist views. They see the pandemic as an opportunity to test already weakened governments struggling to contain the virus. “Neo-Nazis and white supremacists capitalized on the lists and published them aggressively across their venues,” said Rita Katz, Site Intelligence’s executive director. “Using the data, far-right extremists were calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic. The distribution of these alleged email credentials was just another part of a months-long initiative across the far right to weaponize the covid-19 pandemic.” Katz warns that the Covid-19 conspiracy theories being disseminated by extremist groups along with the data, could lead to violent individuals acting on these fictitious and dangerous theories.