A hacking group named to be “OurMine” has managed to hack and deface the official website of WikiLeaks earlier today. OurMine hackers had left the following message on its deface page:-
Hi, it’s OurMine ( Security Group ), don’t worry we are just testing your…. blablablab, Oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?
Anonymous, remember when you tried to dox us with fake information for attacking wikileaks? https://twitter.com/YourAnonNews/status/679472812013301762
There we go! One group beat you all! #WikileaksHack let’s get it trending on twitter!
Www.OurMine.Org | contact@ourmine.org
The Twitter link status shared on the deface page can be found below:-
.@Our_Mine exposed. Reasons for attacking members: Attacking Wikileaks / Fake defacement of https://t.co/abCCRp509v https://t.co/N6V1jA2auv
— Anonymous (@YourAnonNews) December 23, 2015
Upon investigating the hack, it appears that the WikiLeaks domain “wikileaks.org” name had hacked. According to the domain’s WHOIS information, it had been updated today on “2017-08-31T06:30:15Z”. This surely means that domain details had been updated earlier today.
OurMine hackers some how managed to gain access to wikileaks.org domain and changed its DNS nameservers to a server that was controlled by the hackers. The server I.P in control of the hacker is 181.215.237.148. While visiting the I.P address mentioned, the deface page has appeared just as it appeared on the WikiLeaks domain.
It’s still unclear how OurMine hackers gained access to the wikileaks.org domain. Although the following methods may have been used to gain control:-
- OurMine may have gained access to the WikiLeaks domain registry Dynadot.com
- OurMine may have social engineered WikiLeaks domain registry, by fooling one of their staffs to change its nameservers.
- OurMine may have hacked one of the registries staff accounts.
- OurMine may have hacked WikiLeaks domain owner itself.
At the time of publishing this article, the WikiLeaks website remained defaced in many countries. However, the website was accessible via VPN at different countries. However, we aren’t sure till when the site would remain offline. According to social media users, the website had been defaced for more than 2 hours.
Update:- The web hosting company that hosts the I.P 181.215.237.148, that was used to redirect WikiLeaks domain by OurMine appears to have suspended the web hosting account. Upon checking the WHOIS information for the server I.P, the web hosting service provider appears to be RivalHost.
Update:- Julian Assange tweets regarding the WikiLeaks website being hacked. Julian Assange has said that the WikiLeaks servers were not hacked, while the DNS had been compromised.
WikiLeaks severs have not been hacked. There have been two types of internet infrastructure (DNS) attacks. Always use HTTPS or our .onion.
— Julian Assange ? (@JulianAssange) August 31, 2017
Update:- WikiLeaks team also shared a tweet on Twitter, stating that their servers were not hacked.
WikiLeaks servers have not been hacked.
— WikiLeaks (@wikileaks) August 31, 2017
There is a fake new story circulating that WikiLeaks servers have been hacked. It is false.
— WikiLeaks (@wikileaks) August 31, 2017
As this story is still under development, we will update this news article as soon as new information is received regarding WikiLeaks website getting hacked by OurMine.