Why Is WikiLeaks Distributing Malware? Computer Viruses Found On Confidential File-Sharing Site

Julian Assange has promised WikiLeaks would be exposing significant information on the Clinton campaign in the coming weeks, but the confidential file publisher is also flooding the internet with thousands of dangerous malware files.

Bulgarian security researcher Dr. Vesselin Bontchev discovered 3,277 files containing malware when he sorted through the leaked emails of the governing political party in Turkey, the AKP.

The AKP files on Wikileaks are a raw data dump and haven’t been processed or filtered in any way; if the site had run a simple malware or virus scan over them, it would have cleared many of the files, Bontchev told ZDNet.

“Since many of the AKP members have been recipients of malware sent by e-mail (most likely random spam but could have also been targeted attacks), the received malware in the emails is also present in the dump.”

There are 323 different malicious malware files that showed up 3,277 times, and Bontchev says he’s still counting; the entire list is on GitHub.

The malware files appear as attachments on emails sent to the Turkish AKP party and appear to have been intended to harm that political group, but now they live online where anyone can stumble across them including journalists reporting on Hillary Clinton.

The antivirus scans by VirusTotal shows the malware files include Trojans, Window exploits, and malicious Java-based code designed to take down a computer.

WikiLeaks has proven to be a valuable resource to journalists and activists, but the presence of the malware files on their website makes sorting through their data dumps a dangerous activity, as Bontchev told Computer World.

“We kinda got lucky this time. But the next time a government targeting journalists might ‘leak’ some interesting-looking documents that are booby-trapped to install spyware or RATs (remote administration tools) on the computers of the journalists who download and open them.

“That’s why journalists must be always very suspicious of such sources and open the documents only in ‘safe’ environments.”

A safe environment would be a laptop that’s not connected to the internet, which is erased after the WikiLeak data dump has been viewed.

After Bontchev discovered the malware files, he tweeted out a warning to WikiLeaks, according to Computer World.

“Run a virus scanner on those leaked emails! Distributing malware is not ‘journalism’ by any definition of the term!”

The confidential file publisher didn’t respond, but Bontchev says they did “neuter” the malware files. The viruses are still on the WikiLeaks website where they could be accidentally stumbled across, but now they’re base-64 encoded so they would need to be manually decoded before they could be executed.

This isn’t the first time WikiLeaks has been accused of hosting malware on its website. When the site leaked 20,000 emails from the Democratic National Committee earlier this year, there were 8,000 attachments in the data dump. The day they were leaked, Google’s Transparency Report warned users not to visit the site because it was unsafe and could contain malware.

The confidential file publisher also doesn’t seem concerned about publishing the private information of ordinary citizens.

The site has revealed private credit card data, medical records, personal addresses, and other sensitive information of innocent people including a gay Saudi Arabian. Two rape victims were also identified, as was a woman who took on debt to support a sick relative, according to the Washington Post.

Julian Assange, who has been hiding in Ecuador’s London embassy for four years to avoid extradition to Sweden, runs Wikileaks; he’s wanted for questioning on rape allegations.

What do you think of WikiLeaks distributing malware on its confidential file-sharing site?

[Photo by Frank Augstein/AP Images]