
Malicious ZIP archives found in the AKP leak on the Wikileaks site - leephillips
https://github.com/bontchev/wlscrape/wiki
======
dmix
So a spammy email in one of the thousands leaked happened to contained
malware? And this is newsworthy why?

People here are using this to question Wikileaks integrity but it seems like a
minor mistake given the contents of the dump. This has happened before in
hacker dumps on a number of occasions but this one isn't even malicious
(targeting wikileaks users).

I don't open random zips from spam emails on my machine and I wouldn't from
random wikileaks emails without checking them for viruses like the author of
this post did.

There is even an argument for Wikileaks to _keep_ the malwared content for
research purposes. Maybe just include a warning for those who aren't
technically inclined enough to know to not open them in a clean VM.

~~~
mtgx
Because there's a growing campaign trying to paint Wikileaks as a the "bad
guys" (again).

Combine that with the fact that most people don't want Trump to win, so
they're automatically on Clinton's side, and with Clinton's deflection of the
DNC hack documents that pointed to election rigging towards _who hacked_ the
DNC, and that anti-Wikileaks campaign is suddenly a lot more effective.

So now when other sites write about Wikileaks it's usually from the "Here's 3
more ways in which Wikileaks did something bad" angle.

I so wish the U.S. moved to a proportional representation/multi-party system
sooner rather than later. I'm so sick and tired of their extremely partisan
crap. It seems to make _everything_ worse off. The partisan reality-distortion
fields are getting bigger and more powerful than Apple's in the Steve Jobs
era.

~~~
dmix
True, Wikileaks has become politicized recently. I like to check the comment
section on NYTimes and other news sites around election times. They always
seem to be far more partisan than usual. Almost like people are whipped up
into a frenzy supporting their sports franchise to the point it almost seems
fake.

Considering there are hundreds of millions of dollars going into either side
of the campaign I'd question the source of any online comment taking a highly
partisan position that perfectly fits into party lines. Could be either direct
50-cent armies [1] style astroturfing or regular people influenced by other
comments fed elsewhere online, or worse, articles fed to reputable news sites.

Even GCHQ docs from the Snowden leaks showed that five eyes have been
successfully experimenting with controlling online conversations since at
least 2012. So it's definitely doable with a dedicated team.

This is modern PR. Another thing that sites like HN/reddit increasingly have
to contend with to keep content authentic and quality...

[1]
[https://en.wikipedia.org/wiki/50_Cent_Party?wprov=sfla1](https://en.wikipedia.org/wiki/50_Cent_Party?wprov=sfla1)

~~~
tome
> Wikileaks has become politicized recently

 _Recently_!!!?

~~~
okwhatthe2
It's mad that people aren't aware enough to realize what's going on with them.
WikiLeaks must be good at putting out noise.

------
CM30
When you've got a small organisation with limited resources and less help from
others (like say, media groups), it's not surprising stuff like this will slip
through.

And hey, it's also not surprising a bunch of email sent to powerful figures
would have scumbags trying to infect their PC with malware in the process. If
Obama had a public email, a large percentage of that would be either infected
by something or trying to steal credentials via phishing.

Should they have removed dodgy malware? Sure, but for an organisation with
limited resources, a founder stuck in an embassy for years on end and far less
of the press willing to help them out, having this stuff there isn't exactly
unexpected.

~~~
a3n
> And hey, it's also not surprising a bunch of email sent to powerful figures
> would have scumbags trying to infect their PC with malware in the process.

I doubt it was consciously sent to specific powerful figures. "Invoice
attached" spam is just shotgunned to the world.

> If Obama had a public email, a large percentage of that would be either
> infected by something or trying to steal credentials via phishing.

It would, not because he's Obama but because it's email. I see a lot of this
in my spam folder, and I'm not important at all, I'm just a reachable address.

------
somenomadicguy
I read through about 1/2 of the AKP "leaks", it was a tremendous waste of time
for anything but improving comprehension of Türkçe.

At a point in time, I truly believed Assange's goals were justice and
transparency, now I am beginning to feel like he has his own political agenda,
and is making sophomoric attempts to affect political change.

In 2016 Wikileaks's agenda seems to be:

    
    
      - Anti-Hillary
      - Anti-Hillary
      - Pro-Trump
      - Pro-Putin
      - Anti-Hillary
      - Opportunistic
    

The AKP leak falls into that last line. The coup happened, it was frightening
(I watched two F-16s fly over the city at mach1+ for six-hours, and the
helicopter which landed at BJK was so close to us at a cafe we could see the
faces of the guys inside when it banked), and they capitalized on that fear to
increase their own credibility and to demonize the ruling party here.

Unlike previous leaks Assange and his gang didn't put ANY effort into vetting
the "leak". He didn't have to, because within certain crowds Wikileaks is an
indisputably trusted source. His perceived persecution makes him beyond
reproach, and now any criticism can be blamed on a conspiracy theory.

Rapist? CIA/Sweden persecuting him. Bail jumper? CIA/Mi5 persecution.
Committed the crime of jumping bail? CIA/Mi5. Hiding in Ecuador for years?
Illegal CIA detention. His best buddy Jake Appelbaum is a rapist? CIA.

This amount of trust and credibility would certainly make it easier for him,
or a foreign agent, to spread malware. It's probably just a slip-up on not
scanning the emails before publishing. But if it isn't, what are the odds that
they are traced back to Russian hackers?

(Edited for typos and formatting. )

~~~
amyjess
Wikileaks' actions this year have done nothing but prove to me that Wikileaks
is just another arm of the alt-right.

When you add in Julian Assange's antisemitism and lack of respect for women,
it all makes sense.

~~~
jshevek
Claiming someone is alt-right is starting to have the feel of McCarthy era
claims of communism. We are supposed to associate that label (and thus the
person) with the deeply unsavory, without looking at their actual, specific
positions and actions.

~~~
forgottenpass
_Claiming someone is alt-right is starting to have the feel of McCarthy era
claims of communism._

I don't know what they stand for. But I visit generally progressive-leaning
places on the internet and know I'm supposed to hate them.

I still haven't even figured out who the "reactionaries" are or what they
believe in. I think what happened is some people used the wrong word when
talking about "contrarians" and through a game of telephone turned created a
new political boogieman.

Is the conservative side of the (American) political spectrum really going
through this much ideological turmoil and restructuring? I haven't heard about
it in any of the mainstream news when I glace at it, nor from the
conservatives I talk politics with at work. It looks like a way for the left
to shill hate.

~~~
pessimizer
The alt-right is what happened when 4chan trolls, MRAs/PUAs, and Stormfront
had a baby called 8chan.net/pol/

It's a small group of maybe 10,000, of which 5,000 don't even take the
positions seriously, just love to troll millennial college "activist"
consumer-types. The Clinton speech about the alt-right will have the same
effect as Geraldo Rivera's goofy coverage of Neo-nazi skinheads in the 80s -
multiplying their numbers a hundred-fold.

~~~
forgottenpass
_It 's a small group of maybe 10,000, of which 5,000 don't even take the
positions seriously_

Then why the fuck is anyone talking about them? Is the left really so
terrified of taking positions or believing in anything at all that they have
to scrape the bottom of the barrel like this for something to talk about?

~~~
makomk
Probably because questioning whether they're really the big boogeyman is
enough to mark you as one of them in the core, outspoken, well-connected parts
of the left.

------
nbevans
Can anyone explain if the title and vague explanation is really true?
Malicious ZIPs implies to most that simply opening the ZIP, perhaps with a
particular ZIP archive tool, is sufficient to cause infection. If this is the
case then it's a 0-day and this fact needs reporting and analysing separately
from all the noise regarding WikiLeaks.

~~~
Bartweiss
A more accurate summary would be "Wikileaks releases many AKP emails,
including lots of received spam. Some of the spam has ZIP files _containing_
malware."

So good question, and it looks like the answer is this isn't a novel attack,
just normal malware-spam and an imprecise summary.

~~~
nbevans
A load of fuss about nothing then :)

------
lobo_tuerto
But how does it work? do you get infected just by opening the .zip file?

~~~
atdt
No. The zip file contains a JavaScript file that the user has to click on to
get infected. Typically, the target is Windows, which hides the file extension
of known file types by default. So the user ends up seeing a file called
'transactions 31234' (actual example), which has an icon depicting a document.
Double-clicking on it causes the script to execute in Windows Script Host
(WSH), which gives the script access to internal Windows APIs.

------
brudgers
Considering the potential espionage value of political operatives in the AKP
[1], mightn't the inverse set be a good place to search for previously
unidentified malware?

[1]:
[https://en.wikipedia.org/wiki/Justice_and_Development_Party_...](https://en.wikipedia.org/wiki/Justice_and_Development_Party_\(Turkey\))

------
nxzero
It's is known that Wikileaks release files with malware in it from the source
they're leaking; only thing the would be news, which is unlikely in my
opinion, is that someone is using Wikileaks for malware distribution.

Anyone viewing files like this should always treat them as extremely
dangerous.

------
leephillips
Since there is much speculation here about Assange's motives, why not at least
consider how he himself describes them? In this interview with Bill Maher:

[https://www.youtube.com/watch?v=5-EJAIXdGp8](https://www.youtube.com/watch?v=5-EJAIXdGp8)

Assange explains that he found it to be "good fun" to release SS and credit
card numbers of thousands of random, innocent people.

If we consider that Assange may be one of those (we know they exist, in
significant numbers) who get pleasure from hurting other people, much of his
otherwise perplexing behavior suddenly makes sense. Why not delete malware
from your servers once a security researcher has located it for you? You can
hurt more people if you leave it there.

~~~
trendia
I think you're taking Assange's words out of context. He was talking about the
release itself, in that it showed how the DNC actively worked to hamper
Bernie's efforts despite being a "neutral" organization. (Neutrality is one of
the conditions for the DNC to receive tax breaks for their convention).

> Why not delete malware from your servers once a security researcher has
> located it for you?

Assange has repeatedly said that they do _not_ filter or edit in any way the
contents of their leaks. That means that they don't remove credit card
information, social security numbers, or malware.

Is that a good practice?

Well, it depends on what the goal is. Wikileaks has the stated goal of
increasing transparency in the government. They could release an edited
version and achieve transparency, but editing the contents would mean that the
documents are no longer "pristine" in the sense that they have not been
altered in any way. This would make a legal process depending on these
documents more difficult: A jury may ask themselves whether other things have
been removed -- did Wikileaks also remove any content that would affect their
decision?

Thus, refusing to edit the content fits with another goal other than just
increasing transparency: to do so in a way that the documents can be used in a
legal setting with no question of their veracity.

~~~
devin
> Assange has repeatedly said that they do not filter or edit in any way the
> contents of their leaks. That means that they don't remove credit card
> information, social security numbers, or malware.

This is not true. They redacted all but the last 4 digits of the credit card
numbers.

> They could release an edited version and achieve transparency, but...

They _do_ edit. They removed all but the last 4 digits on credit card numbers.
So, they edit in the ways they deem appropriate. I think the consensus is that
generally, their extremely limited (and IMO, irresponsible) redaction policy
does pose a threat to innocent people. The argument against responsible
redaction seems to be: "Well, who knows where that social security number may
lead!" Under this line of reasoning, _everything_ is fair game, and I find
that abhorrent. If an innocent photo were discovered in those emails of a
naked child, say the son or daughter of someone working for the campaign,
you're telling me that it should be included in the archive simply to protect
the sanctity of the dump? Puh-lease. Transparency is important, but not at the
risk of our own humanity.

~~~
leephillips
I believe that in the cases where only the last four digits were in the
record, that was not due to Wikileaks' redaction - that's just what was in the
file. They did not do anything to the SS numbers, for example.

------
nkrisc
Forbidden knowledge promised in files from an unknown source, sitting right
there for the taking. It's the phishing equivalent of fish jumping in the
boat.

------
copremesis
bravo

