Cyber Incident Victim: Anonymous
Date:
Aug 2017
Location:
United States of America
Summary
The WikiLeaks website was compromised by the group OurMine, which defaced its homepage with a message claiming the attack was retaliation for a prior security challenge and accusing Anonymous of spreading false information about them. The defacement included a call to trend the incident on social media, while some visitors encountered an account suspension notice instead of the usual content. OurMine had previously targeted high-profile tech executives and media outlets through credential-based breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 31, 2017, visitors to the WikiLeaks.org website encountered a defaced homepage displaying a message attributed to the hacking group OurMine. The message claimed responsibility for the breach, stating: "Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?" The message further referenced a dispute with Anonymous, accusing them of disseminating false information: "Anonymous, remember when you tried to dox us with fake information for attacking wikileaks [sic]? There we go! One group beat you all! #WikileaksHack lets get it trending on twitter [sic]!" The defacement was geographically inconsistent, with some users seeing the hacked message while others received an account suspension notice. WikiLeaks did not issue an immediate public statement regarding the incident, and the site remained partially inaccessible during the initial hours following the attack.
OurMine had established notoriety prior to this incident through high-profile compromises targeting technology executives and media organizations. In 2016, the group breached Twitter CEO Jack Dorsey’s Twitter account and Google CEO Sundar Pichai’s Quora profile. They later targeted Variety and BuzzFeed after the latter published an article purporting to expose a group member. Their modus operandi frequently involved exploiting reused or outdated passwords, as demonstrated in their August 2017 takeover of HBO’s social media accounts. The WikiLeaks hack represented an escalation toward politically aligned entities, though OurMine’s message framed the action as both retaliation for perceived challenges and an effort to gain visibility through social media trends. The incident temporarily disrupted access to WikiLeaks’ primary domain but did not result in publicly disclosed data theft. No forensic details regarding attack vectors or WikiLeaks’ technical remediation efforts were confirmed in available reporting.