Thursday, January 10, 2013

Does Wikileaks-Forum.com spam spyware?

UPDATE: Please note. I have since left WLF due to conflicting management styles. However, saying that, the following information is still technically accurate and was a rather bizarre event in the time that I ran WLF.

I was recently told about what looks like an obvious troll account on Twitter. The troll calls itself, "Stjärna Frånfälle", claims to be some type of Wikileaks supporting independent journalist.

A little research shows its Twitter account was created in October of 2012 and a website was setup in November of the same year. I don't know many real journalists who only joined Twitter a couple of months ago, so I assume this account is a sock-puppet and/or troll account.

Anyways the reason this Twitter account was brought to my attention is because it recently spammed the following tweet:
Stjärna Frånfälle ‏@StjarnaFranfall
WARNING: Pseudo #WikiLeaks site: http://www.wikileaks-forum.com  Attempts to INFECT visitors with SPYWARE. DO NOT ENTER. #Assange #FreeBrad #Manning
I can safely say that that is a ludicrous and completely false tweet. I run the server infrastructure at wikileaks-forum.com and I know that the system is secure. We run a very secure version of Linux with always updated forum software. We are not on shared hosting. We have several encrypted VPS`s in different locations around the world behind a Cloudflare proxy. Our systems have web application firewalls and advanced DDOS protection. We have strong protection against Layer 5 and Layer 7 attacks.

Heck, even one of our VPS`s are located in the same datacenter as Wikileaks in Pionen. A Datacenter in a nuclear bunker... Really... the only thing I can do to make it more secure is to hire Bruce Willis in a helicopter or something.

Like many other supporters who support the Wikileaks cause we have often come under various forms of attack and have quickly adapted and hardened our systems to protect the website. I have checked over our systems and can see no indications that anything on wikileaks-forums.com has been compromised.

However, dont take my word for it. Go ask 34 of the top Anti-Virus vendors their opinion:

https://www.virustotal.com/url/9cae704946741791760a2bd60af5f4dc7f9ce3cfe2dee8b6544c5a0722dddb1f/analysis/

As you can see we have no spyware on our website. Stjärna Frånfälle was lying. I take site security and safety seriously. I want to ensure that our users are protected and their data is secure.

Any user that is reported for trying to spam spyware/malware links on Wikileaks-forum.com would instantly be banned.

If anyone does see anything that looks suspicious, we really hope they would contact one of the admins (there is someone online almost all the time) to have it investigated.

UPDATE: The troll account @StjarnaFranfall now claims that we moved the Spyware just before we scanned to make it look like we were virus free. Luckily another security vendor scanned our website shortly before the sockpuppet tweeted the lie.





Apparently now there is "picture evidence" that the site had spyware on it.




Couple of things about that screenshot. Super blurry. Like them UFO and Yeti pictures. Another thing. Why blank out the date? Why blank out the applications running? Its almost like the sockpuppet is running two instances of Chrome there. One going to a site with a payload and one browsing Wikileaks-forum.com. 

This just kinda leaves me thinking. What type of sick human being would want to incriminate WLF like that? Whats the point? The bottom of the Internet will forever confuse me. 

UPDATE: It appears the IP of the person called "StjarnaFranfall", originated from an area in the UK known as Whitehall. This is the area Julian Assange is currently holled up in. Make of that information what you want. It does leave a horrible taste in my mouth.

Update: Wikilaks.org caught serving malware. http://www.theregister.co.uk/2014/12/23/wikileaks_pdf_viewer_vuln/

2 comments:

  1. DreamHost is the best hosting company for any hosting plans you need.

    ReplyDelete