WikiLeaks published more than 80 variants of malware in the second email dump from Turkey’s ruling political party (AKP), according to anti-virus security expert Vesselin Bontchev.
Bontchev published his research on his GitHub page, which shows just how extensive the threats inside Wikileaks AKP email dump were. This is just the latest example of unethical leaking to come from the whistleblowing organization. In July, the site was criticized for “putting women in danger” by publishing sensitive information of every female voter in 79 of 81 Turkish provinces. Now, there is yet another reason to refer to the AKP email dump and dangerous and poorly executed.
Anyone searching the Wikileaks database can easily download malware attachments by clicking on the wrong link. Dr. Bontchev disclosed the links safely in his report, and also said his findings were “by no means exhaustive.” He said most of the malware discovered was “run-of-the mill” spam, scam, phishing attacks inciting you to click on the attachment, which is terrible news for journalists and anti-censorship advocates investigating the leak.
The published report breaks the findings into three pieces: Links to the original email in the Wikileaks database, one to the malicious attachment hosted on the Wikileaks website, and a VirtusTotal analysis of the attachment. A vast majority of the malware links appear to deploy ransomware or remote access trojans. Neither would be good for an ordinary citizen to download.
The most alarming thing about the findings is that they’re only a small subset of the total information published by Wikileaks over the past few months. Bontchev insinuated on Twitter that the size of the threat could actually be in the thousands rather than in the dozens as he initially reported.
Researchers have questioned the moral legitimacy of the AKP email dump altogether since the beginning. New York Times reporter Zeynep Tufekci has pulled no punches when publicly shaming Wikileaks since the original AKP email dump. She wrote that the newest batch of leaks “have nothing on Turkey’s political power structure” and contains “personal info of ordinary people as they email inquiring for jobs, share travel plans.”
Wikileaks has not yet responded to the latest allegations that it published dozens of malware attachments. Even if the organization comments, it’s unlikely that the editors would show any remorse. It appears that the organization has basically given up on trying to leak things ethically.
Correction: This article originally referred to Vesselin Bontchev as computer virus writer Dark Avenger. He is not.