Skip to main content

Hector Monsegur (formerly sabu of Lulzsec) has responded to my analysis of the Wikileaks Global Intelligence Files

Some time ago I wrote two blog posts about my discovery about a series of malware-infected files within a torrent being circulated by global whistleblower organization Wikileaks.

The torrent file was one of the latest versions of what Wikileaks has named the "Global Intelligence Files" - a large cache of documents obtained from the email spool of a government contractor known as Stratfor.

Since my discovery I have made several attempts to contact Wikileaks:

In addition to Twitter I have attempted to email just about every address I could find on their site (none of them work), as well as attempting to use the chat function mentioned on the Wikileaks Twitter feed. I have been unable to receive a response. Users must be notified when a file transfer contains malware; particularly given the sensitive nature of the documents in question.

This afternoon I received a series of comments on Twitter from former Lulzsec member Hector Monsegur. In his comments, Monsegur denies instigating the attack that lead to the release of the Stratfor files while confirming the danger of the malware contained in the files I identified:



Hector Monsegur Josh Wieder sabu lulzsec Wikileaks
Hector Monsegur during an interview with CBS
I responded to Hector's comments by thanking him for his input, putting forth my own theory that the malware contained in the document dumps is typical of snowshoe-spam malware infiltration techniques and reiterated the importance of Wikileaks notifying users of the danger of downloading malware contained in the torrent in question:


As of this writing (3PM @ 7-13-2015) Wikileaks continues to provide a torrent file with an identical timestamp, filename and byte size as the one I analyzed without any warning message notifying users of the danger of handling the files.

To return to the first post in our series on the Wikileaks / Strafor email malware click here.

If you are looking for the second post, where we look briefly inside one of the executables click here.

And here is a link to the next post in my Wikileaks / Strafor email malware series, where I demonstrate how the malware is available file by file on the Wikileaks.Org website, and not just within the torrent as I originally suspected.