Hackers recently leaked more than 53,000 email addresses that they stole from a World Trade Organization education website, according to news reports. The names, phone numbers, job titles, and email addresses of more than 2,100 officials from the organization were also reportedly released.
Now that the information is public, the people behind those addresses should prepare themselves for so-called phishing attacks, whereby adversaries send emails intended to deceive recipients into revealing sensitive information, computer access information, or installing malicious programs. Nation states, in particular, tend to conduct phishing campaigns for purposes of cyber espionage.
Anyone who enrolled or participated in an educational program through the affected site, ecampus.wto.org, may be at risk. The educational portal offered online courses to delegates from developing countries, mostly government officials that work for trade, agricultural, and other ministries or agencies, says World Trade Organization spokesperson Keith Rockwell.
“Our cyber security experts have shut this site down and we have alerted those whose information may have been obtained by the hackers,” Rockwell says. “We are still conducting our forensic study of this attack, but what we can say now for sure is that the integrity of other WTO systems has not been compromised. In the meantime, our IT team are repairing and buttressing the e-campus site in hopes of getting it up and running again very soon.”
It’s worth noting that the forensics team investigating the breach has been able to attribute the attack, according to Rockwell. “We do not know who launched this attack and I don’t know if we ever will,” he says, while acknowledging that the hacker group Anonymous has taken credit.
As of the writing of this article, the site is currently offline bearing the message:
Post-breach status of the site http://ecampus.wto.org/
Fortune reviewed some of the leaked data, parts of which were dumped on the Polish media-sharing site JustPastIt (recently called out for hosting Islamic State propaganda). We identified email addresses that appear to be linked to foreign governmental agencies, including the Brazilian ministry of external relations, the Indian ministry of external affairs, the Vietnamese ministry of industry and trade, the Chinese ministry of commerce, among many others.
Members of Anonymous, who claimed responsibility for the hacking, announced their involvement on Twitter:
#Anonymous Hacked World Trade Organisation's Elearning Site and Leaked Informationhttps://t.co/jOXyFPwGqc pic.twitter.com/DUFvilTRJk
— Anonymous (@OpGreenRights) April 30, 2015
As well as on the hacking activist-friendly media site Cyberguerilla:
We are here to hack and destroy your all systems.
We will not stop.
We will not give up.
We have enough rope to hang you and your puppets.
Expec us. [sic]
The announcement arrived under the banner of “operation green rights,” a campaign that purports to fight big corporations and governments in the name of environmental protection.
On Tuesday, the campaign’s followers also took down several websites operated by the French conglomerate Areva, which has plans to build a nuclear power plant in northern France. Previously, the campaign has targeted the polarizing agriculture giant Monsanto. A statement apparently issued by the group on an affiliated blog asks: “
We are anonymous,
We are fighting against the construction of latest generation nuclear reactor (EPR) that Areva is building. A project that seems promising but which risks endangering the global population.
The World Trade Organization website breach appears to have been conducted through an attack in which a hacker inserts malicious code into a website, potentially forcing it to cough up hidden databases, according to a person who has claimed responsibility for the attack. The malefactor, in this case, claims to have also previously compromised the websites of two Israeli arms dealers, reports HackRead, a Dubai-based cybersecurity news site.
Speaking about the leaked names, email addresses, and other data, Rockwell says: the “information doesn’t seem to be specifically what the hackers wanted. They were just looking for a soft underbelly, and apparently it was in this particular portal.”
For now, staff members and delegates to the World Trade Organization should remain on high alert for fishy (excuse the pun) emails. If attackers or spies successfully dupe their targets, they could use further compromised accounts as a way to attack other networks, including those of affiliated governments. That’s how some security experts believe that hackers of the United States State Department may have broken into the White House’s unclassified computer systems.
The World Trade Organization’s has advised those who may have been affected to be on the lookout. Recapitulates Rockwell: “Be careful about not being the fish that is speared.”
