Break In —What!!!!

Email Addresses And Passwords From WHO, NIH, Wuhan Lab, And Gates Foundation Dumped On 4chan

A cache of nearly 25,000 email addresses and passwords allegedly belonging to the World Health Organization (WHO), National Institutes of Health (NIH), Wuhan Institute of Virology, Bill Gates Foundation and several other groups involved with the coronavirus pandemic response were dumped on 4chan before appearing on several other websites, according to the SITE Intelligence Group.


The report by SITE, based in Bethesda, Md., said the largest group of alleged emails and passwords was from the NIH, with 9,938 found on lists posted online. The Centers for Disease Control and Prevention had the second-highest number, with 6,857. The World Bank had 5,120. The list of WHO addresses and passwords totaled 2,732. –Washington Post

WHO chief information officer Bernardo Mariano told Bloomberg that the organization wasn’t hacked, and that the data was possibly obtained through prior data breaches.

The employees may have used their work email address to register an account for a particular website, and then that website has been hacked, leaking their password.

According to Mariano, 400 of the credentials were still active – and he claims that none of the passwords were used to access sensitive information due to the organization’s two-factor authentication system. 4chan users, on the other hand, said that they were able to use the passwords to gain access to a WHO website called “Extranet,” according to Bloomberg.

Mariano added that the organization has been seeing an increasing number of attempted cyber-intrusions since mid-March, and that there had recently been a “sustained attempt” to hack into the computers of four WHO employees in South Korea, along with the organization’s Geneva headquarters.

4chan users said they were using the credentials to download ‘everything’ they could.

An unverified photo posted as part of the dump appears to refer to “Splicing HIV” into “coronavirus,” fueling speculation that COVID-19 was genetically engineered with HIV spike proteins – a theory posted by Indian researchers soon after the virus’s genome was published, and later withdrawn after their findings were refuted.

The Gates Foundation told WaPo “We are monitoring the situation in line with our data security practices. We don’t currently have an indication of a data breach at the foundation.”

If legit, someone named Mararet at the Gates Foundation (last name withheld) is apparently a fan of the dark lord:

Australian cybersecurity expert Robert Potter said he was able to verify the WHO information, and that “their password security is appalling.”

Forty-eight people have ‘password’ as their password,” he said. Others used their own first names or “changeme.”

Potter said the alleged email addresses and passwords may have been purchased from vendors on the dark Web, a portion of the Internet that is not indexed by most search engines and where hacked information often is posted for sale. He said the WHO credentials appear to have come from a hack in 2016. –Washington Post


Hacking Your Pacemaker

Medical Devices Vulnerable to Hackers, New Report Says

By Tanya Lewis, Staff Writer   |   September 24, 2013 11:00am ET
heart technology, biotech
 X-ray image of a pacemaker.
Credit: khuruzero | Shutterstock

In an episode of the television series “Homeland,” a terrorist organization assassinates the vice president of the United States by wirelessly hacking into his pacemaker. Although the scenario was fictional, the underlying premise is not.

Life-saving medical devices abound in today’s world, and many of these devices are connected wirelessly to hospital networks, making them vulnerable to cyberattacks. For example, a malicious person could hack into a pacemaker, causing the device to apply lethal electrical stimulation, or an insulin pump, causing it to deliver a deadly dose of the hormone.

“Just like any other piece of Internet technology, medical devices are susceptible to the same cyberthreats you hear about all the time on the news,” said Russel Jones, a partner at the consulting firm Deloitte, which released a report Monday (Sept. 23) on the subject of cybersecurity in medical devices.

As more and more medical devices go online, device manufacturers and health care organizations will need to address security issues to keep patients and their health information safe. [Image Gallery: The BioDigital Human]

So far, there have been no known incidents of a hacked medical device injuring or killing a person, but researchers have demonstrated that these events are possible “with the right level of skill and understanding,” Jones told LiveScience.

In the Deloitte study, consultants interviewed representatives from nine health care organizations, in areas spanning from information technology to clinical engineering. The participants answered questions about the regulation, risk management and security of networked medical devices.

The majority of organizations surveyed felt their organizations had strategies and frameworks for managing cybersecurity risks. However, there were differences in the degree of preparedness and approaches for handling cyberthreats.

One way to protect information sent to or from a medical device is to encrypt it. The problem is, encryption takes up valuable processing time on the device. The challenge, Jones said, is to develop encryption that addresses cyberrisk without impacting the functionality of the device.

In June, the U.S. Food and Drug Administration (FDA) released draft guidance for cybersecurity concerns. The FDA’s previous guidance from 2005 was pretty vague, but the new draft lays out specific concerns that must be addressed when applying for FDA approval for new devices.

Ensuring cybersecurity in medical devices will require collaboration, Jones said. “This is going to be a problem that’s jointly solved by health care systems, providers, device manufacturers and the FDA,” he said.