Recent information disclosed has cause our team to take a hard look at the information being released by Wikileaks. We won't get into the specifics here because we don't want to expose our sources but we will give you an example of why we believe that Wikileaks is involved with hacking to obtain information. If you remember Eternal Blue, Wikileaks released the exploit a month after Microsoft patched it. While this looks like Wikileaks was doing the responsible thing we have another theory. Since the Vault 7 leaks have begun we started observing some very interesting activity coming from TOR nodes. In fact we noticed some very incriminating activity from a known Wikileaks IP address that directly implicates Wikileaks as an organization of hacking into targeted organizations and possibly Government.
While looking through logs we started observing some patterns of activity that we did not fully understand at the time. This activity was related to CDN networks in which common programs were being shared on the Internet with some not so common malware embedded in them. At first we ask ourselves if this was state sponsored activity, hackers taking advantage of a distribution network to attack more unsuspecting people quickly or if something else was at work. Shortly afterwards as part of the Vault 7 leaks some disclosures about a piece of malware caught our attention. What caught our attention is the method in which it was distributed nearly identical to what we were and still are seeing being pushed through CDN addresses (see our previous blog post here and here).
What is interesting to us is the fact that while Wikileaks has always been tech savvy, they implicate themselves and have been the target of increasing malicious attacks themselves. It seems that Wikileaks may themselves be using these exploits prior to releasing them publicly. Timing is everything and we suspect that Wikileaks for all intesive purposes is for all practical purposes acting as an unsanctioned intelligence agency themselves complete with all the bells and whistles. What started as a somewhat questionable organization has now joined in the activities of the very agencies that they were critical of.
We will be posting more on this in the future as soon as additional information we believe will eventually be released or revealed by Wikileaks to confirm our theory. If it looks like an intelligence agency and operates as such, they should probably be treated as such and it should be very apparent that if they are holding onto this information that they would release only old data once it is no longer of use to them since they probably now have an ever increasing capability that rivals the intelligence agencies of the world.
NOTE: This is an opinion piece. The owners, employees and contractors of Jigsaw Security Enterprise do not necessarily agree with the view expressed in this article.
Additional Reading and Reference: Read about FinSpy Activity