An Australian cyber security expert says the Wuhan Labs in China have been hacked in what appears to be a deliberate attack on health organisations.
“I’ve had credible sources tell me that people have used the credentials that were leaked on Twitter and Facebook to access the labs”, says Robert Potter, CEO and founder of online security firm Internet 2.0, in an interview with The Weekend Australian.
Mr Potter was quoted in a story today in The Washington Post which said nearly 25,000 email addresses and passwords had allegedly been dumped online belonging to The World Health Organisation, the US National Institute of Health, Gates Foundation and other bodies.
WHO chief information officer Bernardo Mariano is reported in Bloomberg as saying that some aspects of the attack were perpetrated by suspected nation state hackers.
He said the targets had included WHO director general Tedros Adhanom, along with a senior WHO envoy who led its COVID-19 response team in China, according to the Bloomberg Report.
The Australian has seen what appears to be a list of 20 email addresses connected to the Wuhan Institute of Technology.
READ MORE: All evidence points to Wuhan labs | Wuhan lab leak rumour goes viral | China blamed for spreading coronavirus panic | Chinese liberals savage WHO boss | China’s coronavirus culpability | Leaders lobby for review of origins
Speaking to The Australian, Mr Potter says he believed around 10 to 15 credentials (username/password sets) had been leaked.
“They (the credentials) were sent separately to two previous lists that were leaked online to other organisations. They were basic usernames and passwords.”
He said the sources indicated they had penetrated a labs’ computer system with the credentials. He does not know whether any important information was obtained in the process.
Mr Potter said when it came to other health organisations such as The WHO, it seemed a case of activists trying to entice other people to hack those sites on their behalf.
“There was an attempt by some activists online to take credentials that have been harvested in previous campaigns for different websites, and place those usernames and passwords online in the hope that other activists or hackers would use those usernames and passwords to attack those organisations.”
He believed some of the usernames and passwords used to access The WHO were very old credentials that had been placed online several years ago from sources such as social media.
It appeared that some activists had found user/passwords to other sites that also worked when they logged into a WHO system.
“It’s not entirely clear where they the credentials) all came from. Some have been for sale on the dark web for some time. A significant number of them date from 2016 as early as I can tell.
“They were cobbled together with a bunch of other data.”
He said activists appeared to have searched for WHO email addresses and had dumped them online as if they had hacked them.
“It’s more of an attempt to generate an attack by other people. It’s closer to doxing than a real hack,” Mr Potter said.
He said that overall, several thousand sets of credentials were dumped online and he believed a couple of hundred sets of credentials had worked.
He said he had no information on alleged hacks of the Gates Foundation and US National Institute of Health but he didn’t believe the credentials related to active systems. “So for example, (with) the Gates Foundation, all of the passwords and usernames are related to emails.”
He said it seemed people had used the same passwords entering these health computer systems as they used for other accounts.
“I’ve got a lot of sympathy for organisations that are very large and complex, operating on minimal budgets. But the password security of The WHO in particular is in dire need of significant improvement.
“They (the WHO) are going to see an increase in cyber attack, because of the fact that they’re in the news.”
Mr Potter says that in his role with Internet 2.0, he works as an internet responder, responding to large attacks on financial institutions.
Published in The Weekend Australian