Around 25,000 email addresses and passwords belonging to employees at the World Health Organization, Gates Foundation and the National Institute of Health, who are currently working to combat the coronavirus pandemic, were hacked by some alleged right-wing activists.
The data accessed by cybercriminals and neo-Nazi groups were taken with the sole purpose of sharing Coronavirus conspiracy theories, including linking HIV to the virus. SITE Intelligence Group which monitors online extremism and terrorist groups found the dumped data. They clarified that the leak was an attempt by "the far-right to weaponize the COVID-19 pandemic."
Hackers target top health institutions
There are reports and analysis which clearly revealed that the health sector is one of the most targeted areas by cybercriminals. In the past few years, several hospitals and healthcare facilities had been attacked by hackers. Now, during the Coronavirus crisis, while the world organizations and research institutions are tirelessly working on vaccine and drug research, hackers took the opportunity to conduct such attacks that not only harm the research process but can also trigger several conspiracy theories related to the leaked data.
While SITE was unable to verify whether the email addresses and passwords were authentic or not, but Robert Potter, an Australian cybersecurity expert said he was able to verify that the WHO email addresses and passwords were real, reported The Washington Post.
People familiar with federal information technology guidelines and government agencies in the US use multi-factor authentication but not universally, while most of the sensitive computer systems include this extra layer of protection against cybercriminals. But this time hackers managed to get inside the systems of top world organizations while surpassing all the security measures.
As reported by Daily Mail, WHO has confirmed that email addresses registered in external systems and applications were hacked by threat actors and made public. The Geneva-based organization has clarified that the passwords have since been reset for the compromised accounts.
A smaller amount of hacked credentials was found to be associated with the Gates Foundation, which was co-founded by Bill Gates that recently announced $150 million in new funding to combat the pandemic. The threat actors also targeted China's controversial Wuhan Institute of Virology, which is located in Hubei province where the pandemic began and currently facing flak for its alleged role in triggering the outbreak.
In a recent statement, NIH said, "We are always working to ensure optimal cyber safety and security for NIH and take appropriate action to address threats or concerns. We do not comment on specific cybersecurity matters, as such information could be used to undertake malicious activities."
However, it should be noted that while government and business organizations often use multi-factor authentication that requires a temporary code or a physical token to access a computer system, even if a hacker has a valid password, NIH and other affected institutions haven't revealed whether they use multi-factor authentication.
The Gates Foundation issued a statement in which it said, "We are monitoring the situation in line with our data security practices. We don't currently have an indication of a data breach at the foundation."
WHO, which has come under heavy criticism, including US President Donald Trump for being "China-centric," confirmed on Wednesday that out of 6,835 email addresses that were exposed by cybercriminals, there were 2,712 WHO email addresses, of which 457 are valid and active addresses. The world agency also stated that the WHO cybersecurity team ran a verification program to check the exposed email addresses and passwords against authentication services and found that none of the 457 WHO credentials had been compromised.
Exposed data from WHO, NIH, Wuhan lab and Gates Foundation
After the data breach Rita Katz, SITE's executive director said that the Neo-Nazis and white supremacists capitalized on the lists and published the data aggressively across their venues. The hackers were calling for a harassment campaign while using the data and "sharing conspiracy theories about the coronavirus pandemic. The distribution of these alleged email credentials was just another part of a months-long initiative across the far right to weaponize the COVID-19 pandemic."
It should be noted that as per SITE, the largest group of emails and passwords was from the NIH, with 9,938 which are found in the list posted online, while Centers for Disease Control and Prevention (CDC) had the second-highest number, with 6,857 and then The World Bank with 5,120.
While SITE, in this case, could not find any leaked data on the dark web as of now, the hackers have shared the breached information on other online platforms to fuel disinformation, including linking HIV, the virus that causes AIDS, to the Coronavirus. One of the most prominent Telegram venues to share the information was the neo-Nazi channel "Terrorwave Refined," in past few months where the number of users subscribed has increased by 30 percent, with the channel now hosts over 5,300 followers.