Health organizations and institutions around the world are under constant attack, especially the WHO in the United States
Which they accuse of being allied with the Chinese government on issues related to the coronavirus, and for which they have decided to stop financing it (at least temporarily). Now, in what seems like a new event inside the smoke screens, they have appeared tens of thousands of passwords allegedly hacked from the who, the Bill and Melinda Gates Foundation, the CDC, the World Bank and the NIH (United States National Institute of Health).
In total, some 41,000 email addresses and passwords belonging to members of these organizations or associations would have been leaked. The security company SITE Intelligence Group has not confirmed whether or not they are real, but an Australian cybersecurity researcher named Robert Potter He claims that at least the WHO users and passwords were indeed real. In fact, the access portal to log in to the WHO is down at the moment, we do not know if due to the high number of accesses that have been able to act as a DDoS attack, or because the WHO itself has decided to block access.
The list of passwords initially appeared on 4chan and then it was copied to a Pastebin that is still available online. Subsequently, in various far-right forums, images began to appear that they had accessed sensitive information related to the coronavirus, calling harassment against the organizations allegedly affected.
The users and passwords, it seems, are real in one part, while others would be invented. The real ones would be part of previous hacks in the past, and apparently some of them still worked to access some pages, as is the case with the WHO. Therefore, it would not be a new hack, but an attempt to discredit organizations and foundations that are trying to fight the virus, where the Gates Foundation has supported the WHO.
41,000 passwords, most from the World Bank, CDC and WHO
The Pastebin’s largest database belongs to the NIH, with 11,669 credentials. It is followed by the World Bank with 11,998 and the CDC with 7,972. The WHO list has 6,835 credentials. There is also a listing of 2,113 passwords purportedly related to the Chinese government. In the case of the Bill and Melinda Gates Foundation, there are 277 credentials, and there are another 20 who claim to belong to the Wuhan Institute of Virology.
The NIH, CDC, WHO, and World Bank did not confirm the existence of the data breach, and the Gates Foundation says they are monitoring the situation, but have found no indication that there has been a data breach at the foundation. The FBI He has also made no statement. From Twitter, they affirm that they are trying to eliminate all the messages that link the Pastebin with the passwords.
The list of passwords would have been taken from the Dark Web
Robert Potter, CEO of the Australian company Internet 2.0, claims that he managed to access the WHO systems with some leaked passwords, stating that the security policy was terrible because at least 48 people used “password”, far from being a secure password. as well as other easy-to-guess words present in any hacking dictionary. In addition, he adds that the passwords could come from a 2016 hack and that they would have been acquired on the Dark Web.
Ultimately, it appears that old credentials have been used to justify an attack on organizations today, including fake messages and screenshots such as one claiming that the virus was released on October 16, 2019, in a fish market after leaving it. on a ventilation grill at a fish market in Wuhan.