Whoever was behind the release of around 25,000 purported emails and passwords from the World Health Organization, National Institutes of Health, the Gates Foundation, and other large organizations this month was likely an American conspiracy theorist, according to the group that first flagged the release.
The SITE Intelligence Group, an organization that monitors online extremist and terrorist activity, has since concluded that the list of emails and passwords was culled from a broader 2016 release of hacked data. According to the Washington Post, SITE now believes that the person behind the recent circulation of those email addresses and passwords was trying to encourage others to break into those accounts in order to somehow prove the organizations were part of a worldwide conspiracy behind the novel coronavirus pandemic.
SITE said it hasn’t learned the offline identity of whoever uploaded the materials but told the Post that it has tied them to comments and links on social media sites indicating they were a far-right conspiracy theorist. This finding is unsurprising, given that the leak was first posted to 4chan and was rapidly circulated by right-wing extremists and white supremacist groups. That the information was likely easily obtained by anyone who knew where to look for it online—Motherboard found that running a set of it through data breach warning site Have I Been Pwned turned up numerous hits—seems to have been somewhat beside the point for the original poster, who played it up as a revelatory leak. However, the age of the data does limit its usefulness.
“In line with these views, the uploader sought to encourage other users to log into the email addresses to uncover these perceived lies and secrets,” SITE executive director Rita Katz told the Post. “On multiple platforms, the user framed the email credentials as a sort of gold mine of information and urged users to log on and save as much as they could.”
Conspiracy theorists have capitalized on the coronavirus as an opportunity to spread baseless claims, such as that the global emergency is a pretext for “population control,” that the SARS-CoV-2 virus is a bioweapon, or that the illness is secretly caused by 5G cell phone towers. Bill Gates, who has pushed for a stricter response as the virus spread throughout the U.S., has also become a target. Such theories have picked up alarming traction among more mainstream segments of right-wing media and politics as Donald Trump’s administration has tried to deflect blame for the federal government’s fumbled response to the pandemic, including WHO, which the White House has moved to freeze funding for.
According to SITE, the data was uploaded to text-sharing website Pastebin on April 19, after which links to it or copies ended up spreading through 4chan, 9chan, Discord, Twitter, and Telegram. Cybersecurity firm Prevailion has separately reported detecting a command-and-control computer receiving pings from malicious software in World Bank and WHO systems, the Post wrote, though there is no known connection between the two incidents and WHO has said it has found “no traces nor evidence” of the trojan involved.
“The leaked credentials did not put WHO systems at risk because the data was not recent,” the WHO said in a statement last week, saying it had been subject to an increased rate of cyberattacks since the start of the pandemic. “However, the attack did impact an older extranet system, used by current and retired staff as well as partners. WHO is now migrating affected systems to a more secure authentication system.”