Nearly 25,000 email credentials allegedly from NIH, WHO, Gates Foundation and other organizations involved in the containment of COVID-19 pandemic are dumped online
While the principal organizations engaged in the fight against COVID-19 are the targets of conspiracy theories, a data dump containing email credentials from the Gates Foundation, World Health Organization (WHO), Center for Disease Control and Prevention (CDC), and a virology center based in Wuhan, appeared online.
The dump was discovered by the private terrorism watchdog SITE Intelligence, it first appeared on the popular message board 4chan then it was shared through a Telegram channel with over 5,000 followers. The Telegram channel is followed by Neo-Nazis and used to share content linked to neo-Nazi terrorist organizations Atomwaffen Division and The Base.
The dump has the following unique entries:
- @NIH 9,938;
- @WHO 2,732;
- @CDCgov 6,857;
- World Bank 5,120;
- @GatesFoundation 269;
- Wuhan Institute of Virology: 21
Below the Tweets shared by Rita Kats, director of SITE Intelligence Group:
2)Alleged email/pw lists, which far-right attempting to use toward harassment campaign, span following orgs & respective unique entries:@NIH: 9,938@WHO: 2,732 (also contains non-WHO domains)@CDCgov: 6,857
World Bank: 5,120@GatesFoundation: 269
Wuhan Institute of Virology: 21— Rita Katz (@Rita_Katz) April 21, 2020
“Far-right extremists’ distribution of allegedly hacked data by organizations like WHO and the Gates Foundation is fitting to how they’ve targeted medical organizations and personnel amid the pandemic,” said executive director Rita Katz. “Whether out of accelerationist or conspiratorial-minded motivations, white supremacists and Neo-Nazis have called to vandalize hospitals, intentionally infect medical workers, and beyond.”
Initially media outlets reported that the organizations impacted by the data leak have been hacked, but there is no proof of the attack.
The analysis of the credentials leaked online confirmed that the were all included in past data breaches.
“Judging specifically from a list of the data obtained by Motherboard, it appears like this may be an aggregation of previously-hacked usernames and passwords that was compiled from previous data breaches of various companies, though Motherboard cannot say for sure at the moment where the list comes from and how it was compiled.” reads the post published by Motherboard. “Motherboard ran a series of the email addresses through the website haveibeenpwned.com, which compiles data breaches, and found that each of the addresses we tested have previously been part of known data breaches.”
The experts of the Under the Breach group also believe that the data were ammassed from past data breaches.
https://twitter.com/underthebreach/status/1252668683090038789
At the time it is not clear who has collected these credentials, it seems that someone is attempting to intimidate several leading government and non-governmental groups currently involved in the fight against the COVID-19 pandemic.
According to some screenshots published on 4chan some of the leaked credentials are still working and could be abused by attackers.
The news is disconcerting for many reasons, primarily because organizations engaged in the containment of the COVID-19 pandemic are once again under attack19.
The leaked dump poses a severe risk to the representatives of the impacted organizations, they could be targeted by further attacks in the next weeks. Nation-state actors could use them to launch cyber espionage campaigns aimed at gathering information on the response to the COVID-19 and on the progress in testing drugs and vaccines.
One of the biggest risks is the manipulation of information to orchestrate disinformation campaigns aimed at discrediting governments and organizations that are working to contain the pandemic.
Italian readers could reads by interview on the topic here: