WikiLeaks has once again gone under hacker radar
The hacker group OurMine, is notorious for its large scale hacks on many different celebrities and various different websites such as Twitter, Instagram, and even the whistleblowing website WikiLeaks with a DDoS attack. Recently, the hacker group has put WikiLeaks under their radar once more, with a different attack this time.
Despite the fact that users saw what seemed to be a defaced front page of the WikiLeaks website, OurMine did not actually hack WikiLeaks’ servers, but rather performed a DNS Cache Poisoning attack, and therefore replaced the true IP address of the WikiLeaks website on one or more major DNS servers with a phony one likely controlled by themselves, which hosted an index page with their message to WikiLeaks. According to an OurMine spokesperson, it was confirmed that the attack was carried out through WikiLeaks’ domain provider. (Source: https://www.theguardian.com/technology/2017/aug/31/wikileaks-hacked-ourmine-group-julian-assange-dns-attack)
It is not truly known yet how OurMine managed to access and modify WikiLeaks’ domain records (possibly phishing), but the fact that they did is quite disconcerting; nevertheless, this type of attack can be easily avoided using Two-Factor Authentication (2FA), which is now supported by most DNS Registrars. Through using 2FA, an extra step of security is added to one’s website, making it much harder for hackers to gain access. WikiLeaks was not using 2FA at the time of this attack which was quite a poor decision, and they are lucky that OurMine did not happen to go any further than this small mischievous hack. (Source: https://www.grahamcluley.com/despite-appearances-wikileaks-wasnt-hacked/)