Some recent data dump released by WikiLeaks on their website contains documents infected with malicious software that can easily infect anyone accessing them, according to the discovery made by an autonomous data researcher Josh Wieder.
Wieder, apart from a researcher, is a system administrator who goes out of his way to inspect files and documents revealed by WikiLeaks, specifically those massive data dumps that are acquired from a private intelligence firm Strategic Forecasting (Stratfor), and found the existence of malware in the files stored in The Global Intelligence Files section.
He first reported WikiLeaks about this issue but got not a single response from them, so in an attempt to spread the info he later publicly released his findings and information on his blog.
For those who don’t know, the massive data theft from Stratfor was originated by Jeremy Hammond in late 2011. WikiLeaks got hold of that data and started to share it via BitTorrent, a peer-to-peer sharing network. Then at the beginning of the third quarter of 2014, the complete data dump containing over 5.5 million emails and documents were published on the website.
According to the speculations by Josh Wieder:
“The data is indeed massive, over 5.5 million emails. Perhaps so massive that ~ two years was not long enough to properly review and sanitize these files prior to their complete publication in 2014 (from the time they were received by WL sometime around 2012).”
All of those emails and documents that are uploaded on the WikiLeaks are infected with malware and it can easily spread itself if it continued to exist on the site. And the key target for these malicious documents would be readers, journalists and researchers who are searching for the data in these documents.
If you closely inspect the publication dates of the data dump, you will indeed find out that the whole dump of 5.5 million emails were not published in a single day but released slowly over time. You can see the process of revelation in the directory listing of WikiLeaks.
According to the researcher Josh Wieder:
“My discovery of the malware was completely unintentional. I have followed WikiLeaks for many years; I first came across the website when they released the Guantanamo policy documents which would have been seven to eight years ago […] WikiLeaks has been time and again been responsible for groundbreaking, historical journalism and they continue to be responsible for important work.”
He further added that once he came across a malicious document on the site, he then decided to inspect all the attached files and documents in an attempt to find out those files that are embedded with a macro:
“Sure enough the macro was virus written in Visual Basic called Magistr. That is when I decided to review all of the files within the file dump.”
A detailed report about Wieder’s findings of malicious documents attached in the data dump has already been published on his blog.
Wieder has also publicly released a compiled list of malware data uploaded on WikiLeaks in a raw Pastebin document format. The compilation also includes the location as well as other elementary information related to the malicious file. All the data provided within the document contains an active link to the files and attachments that are infected with malware and anyone can download them.
Report typos and corrections to firstname.lastname@example.org
[src src=”Source” url=”http://www.joshwieder.net/2015/07/wikileaks-stratfor-email-malware.html]JoshWieder[/src]