NIH, WHO, and the Gates Foundation Under Attack After 25,000 Email Addresses and Passwords Got Leaked

The world is facing an unprecedented pandemic. If we ever want to get our lives back to normal, we must work together and ensure that we defeat COVID-19 as quickly as possible. There are organizations and experts in the field that can tell us what to do, and you'd think that in these difficult times, we'd be rational enough to let them work in peace. You'd be wrong.

Cybercriminals publish email login credentials of people at the forefront of the fight against COVID-19

On Monday, SITE Intelligence Group, a company set up to monitor the movement of online extremist and terrorist groups, said that it had discovered a data dump of about 25 thousand email and password pairs that belonged to employees of organizations involved in the fight against the COVID-19 pandemic. The National Institute of Health (NIH) was hit the hardest, with around 9,900 of the leaked credentials being related to its systems. Around 6,800 of the records belong to the Centers for Disease Control and Prevention (CDC), and the credentials of just over 5,100 World Bank employees were also included in the leak. The World Health Organization (WHO) is perhaps the highest-profile victim, though the number of records connected to it sits at a somewhat modest 2,700. A few hundred employees of the Gates Foundation (which has pledged to donate money to the organizations fighting the virus) and the Wuhan Institute of Virology were also affected.

Although in terms of volume, it's far from the biggest data dump we've ever seen, the leak is significant because potential attacks on these organizations can hamper our fight against the pandemic. This is exactly what the people distributing the data are hoping for, apparently.

Right-wing groups want to use the leaked credentials and attack the affected organizations

The data was first published on Pastebin, and links to it were shared on 4chan, an internet forum frequented by people with extreme right-wing political views. Later, the login credentials were shared on Twitter and on various extremist Telegram channels.

Rita Katz, a Director at SITE Intelligence Group, told The Washington Post that the extremist right-wing communities have grown quite a bit over the last few months. Their members are currently busy spreading conspiracy theories about the involvement of organizations like WHO, NIH, and CDC in the spreading of the coronavirus, and they are urging their peers to use the leaked login credentials to hack into the affected accounts and organize harassment campaigns.

The people who want to use the data will likely be disappointed

Seeing whose passwords are circulated among right-wing communities, you might think that a sophisticated attack against specific organizations has taken place. Fortunately, this doesn't appear to be the case.

Having gone through a portion of the usernames and passwords, Motherboard reporters concluded that they were stolen during older, unrelated data breaches. They ran the email addresses and passwords through HaveIBeenPwned.com and found out that the data has been floating around as part of large lists of stolen credentials for quite a while. Many of the email addresses and passwords are no longer valid, and even if they were, reports suggest that most of the affected organizations force employees to use two-factor authentication. In other words, compromising their systems won't be as easy as pulling a collection of passwords from Pastebin and using them to log in.

In theory, at least, the leaked credentials shouldn't present too much of a threat as things stand. This doesn't mean that WHO, NIH, CDC, and the rest of the institutions in charge of battling the pandemic should relax because it's clear that there are people who want to disrupt their work. Sooner or later, the criminals will realize that old usernames and passwords won't do the trick, and they will search for more effective methods.