Right-Wing Extremists Appear To Be Circulating 25,000 Stolen WHO, NIH Passwords And Emails

Right-Wing Extremists Appear To Be Circulating 25,000 Stolen WHO, NIH Passwords And Emails
World Health Organisation logo. (Photo: Fabrice Coffrini/AFP, Getty Images)

The Washington Post reports that 25,000 email addresses and passwords, allegedly from the World Health Organisation (WHO), U.S. National Institutes of Health (NIH), the Gates Foundation, and other large organisations, were stolen by hackers and posted online. It’s unknown where the list came from, or who even created it, but it was first posted to 4chan and then made rounds among right-wing extremist groups on Pastebin, Twitter, and Telegram.

The SITE Intelligence Group, an organisation that monitors online extremist and terrorist activity, originally discovered the list, although it was not able to confirm if the credentials did, in fact, come from those organisations. SITE reported that the Gates Foundation had the smallest number of credentials on the list, followed by 2,732 from the WHO, 5,120 from The World Bank, 6,857 from Centres for Disease Control and Prevention (CDC), and 9,938 from the NIH. The Wuhan Institute of Virology was also a target on the list.

According to the Washington Post, Robert Potter, chief executive of Australian company Internet 2.0, verified that the WHO email addresses and passwords were real and was able to gain access into WHO computers using those credentials. “Their password security is appalling. Forty-eight people have ‘password’ as their password,” Potter told the Washington Post.

Potter theorises that the WHO credentials could have come from a 2016 hack on the organisation, and then put for sale on the dark web, but SITE said that it has not found definitive proof of that. Even without a formal confirmation of most of the credentials, how quickly they cycled through extremist channels is disturbing; right-wing extremist groups like Terrorwave Refined routinely distribute false information across social media channels, including the claim that SARS-CoV-2, the name of the virus that causes the disease covid-19, was spliced with HIV.

According to Vice, Motherboard was able to obtain the list of credentials as well, and run them through the website haveibeenpwned.com, which crosschecks email addresses against other known data breaches. It found that those email address had been included in previous data breaches.

“Far-right extremists’ distribution of allegedly hacked data by organisations like WHO and the Gates Foundation is fitting to how they’ve targeted medical organisations and personnel amid the pandemic,” said SITE Intelligence Group executive director Rita Katz. These extremists are using the data they obtained in their harassment campaigns against specific groups of Americans. The New York FBI field office, for instance, has said that right-wing extremist groups were encouraging followers who tested positive for covid-19 to purposefully spread it to members of the Jewish community and police officers, and to incite violence against Asian Americans.

Last month, ABC News reported that the Department of Homeland Security (DHS) released a memo to law enforcement personnel warning that terrorists could exploit the covid-19 pandemic to carry out attacks on the U.S. At the time, the DHS had no hard evidence of any active plots, except for an ISIS newsletter clipping that wanted supporters to carry out attacks on countries with overwhelmed healthcare systems.