WikiLeaks accused of covering up evidence of malware-ridden email leak

A Bulgarian security researcher has accused whistleblowing website WikiLeaks of attempting to cover up the fact it helped distribute over 300 variants of malware in its data dump of emails from the ruling political party in Turkey.

WikiLeaks previously released over 300,000 internal messages from the computer networks used by ruling Justice and Development Party (AKP) and the country's president Recep Tayyip Erdogan. They were reportedly obtained a week before the failed military coup against the government.

However, upon further analysis of the leaked files, one security expert called Vesselin Bontchev uncovered evidence the disclosures were a potential cybersecurity risk to anyone searching through the trove of documents, emails and attachments.

"WikiLeaks has released a large set of e-mails leaked from the Turkish party AKP," the researcher wrote in a GitHub post. Unfortunately, no processing of any kind has been performed on these e-mails – they are just a raw dump."

"As a result, the WikiLeaks site is hosting malware, which leads to various sites like Google and Facebook blocking it. For the record, I consider this to be extremely irresponsible on the part of WikiLeaks. Malware distribution is not journalism by any definition of the term."

When he first revealed his findings, Bontchev said the emails contained malware droppers, password stealers and even traces of ransomware. To locate the full scope of the problem, he then created a computer script to trawl through the leak and scan for malicious files.

After broadening the scope of the script to also scan spam emails in the Turkey data dump, he eventually uncovered over 2,000 viable samples. In light of this, the researcher asserted this was a major danger to reporters and investigators looking into the AKP files.

A day after releasing his findings, Bontchev, in a series of Twitter posts, slammed WikiLeaks for attempting to get rid of the problem without acknowledging the problem. "Remember my report that they are hosing malware? They have tried to invalidate it," he wrote.

"The malware is still there"

The security expert said that despite its attempt to hide evidence of the malware's existence, it remains – albeit in a less obvious form. At the time of writing, WikiLeaks has not mentioned any changes on its website or social media profiles.

Bontchev said: "The right thing to do would have been to run a scanner and remove the malware, like physically. Instead, what they have done, was to take the links from my report and 'sinkhole' them. Make them all point to the 101-byte text file. So that my report looks like a bunch of lies now. But the malware is still there, still downloadable with a single click!

"Anyway, please avoid downloading ANY attachments in any way from the AKP e-mails on the WikiLeaks site. It's dangerous. Until these people learn what a virus scanner is and how to use one, they shouldn't be trusted with providing files to users."

In an online message to IBTimes UK, Bontchev said he is now trying to modify the script so it can locate all the malware links that exist within the files.

This is not the first time WikiLeaks has been criticised for releasing potentially dangerous information into the public domain. One vocal critic in recent weeks has been academic Zeynep Tufekci, who was born in Turkey and has branded the AKP release as "mostly mailing lists and spam."

"[The] danger here is journalists being taken in by the misrepresentationn – thinking these are AKP emails– and downloading malware," Tufekci said. "Turkey's actual dissident and anti-censorship journos were first to go through these files. I can only hope they were careful."

Most recently, WikiLeaks' founder Julian Assange publicly clashed with NSA whistleblower Edward Snowden over how data should be made public. "Democratising information has never been more vital, and @WikiLeaks has helped. But their hostility to even modest curation is a mistake," tweeted Snowden on 28 July.

In response, Assange said: "I have to make a little bit of a complaint here, you know, Edward Snowden hasn't published anything in three years [...] I know Edward is trying to get a pardon from the Obama presidency and he is playing that game. I understand, he is in a very serious situation."