Cyber Incident Victim: WikiLeaks
Date:
Aug 2017
Location:
United States of America
Summary
The WikiLeaks website was compromised by the hacking group OurMine, which defaced its homepage with a message claiming to have successfully breached the organization after a prior challenge. The attackers taunted Anonymous for allegedly spreading false information and encouraged social media attention via a hashtag, while some visitors encountered an account suspension notice. OurMine had previously targeted high-profile tech executives and media companies, often exploiting weak or reused credentials to gain unauthorized access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 31, 2017, the WikiLeaks website became inaccessible to some users, displaying a defacement message attributed to the hacking group OurMine. The homepage alteration featured a taunting declaration: “Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?” The message further referenced a dispute with Anonymous, accusing them of disseminating false information about OurMine while claiming superiority: “Anonymous, remember when you tried to dox us with fake information for attacking wikileaks [sic]? There we go! One group beat you all! #WikileaksHack lets get it trending on twitter [sic]!” Visitors attempting to access WikiLeaks.org encountered inconsistent results—some saw the defacement notice, while others received an account suspension message. The incident disrupted normal website operations, though the duration of the outage and the full technical scope of the compromise were not detailed in available reports. WikiLeaks did not issue an immediate public statement regarding the incident, and a spokesperson did not respond to media inquiries about the hack at the time of reporting.
OurMine, the group claiming responsibility, had previously targeted high-profile technology executives and media organizations through credential-based attacks. In 2016, they compromised Twitter CEO Jack Dorsey’s Twitter account and Google CEO Sundar Pichai’s Quora profile. They also breached Variety and BuzzFeed websites following BuzzFeed’s publication of an article purporting to identify a group member. Earlier in August 2017, OurMine hijacked HBO’s social media accounts. The group frequently exploited reused or outdated passwords to gain unauthorized access, though the specific attack vector against WikiLeaks was not disclosed. The defacement message’s call to trend #WikileaksHack on Twitter indicated an intent to amplify public visibility of the breach. No data exfiltration or secondary impacts beyond website disruption were reported. The incident highlighted ongoing vulnerabilities in maintaining secure access controls for high-visibility online platforms.