Thursday, July 28, 2016

Google labels wikileaks.org a dangerous website

Five days ago someone on Hacker News pointed out that Google's Safe Browsing system labeled Wikileaks.org a "dangerous site".

At some point the Google warning was rescinded, however Google continues to (accurately) point out that pages within Wikileaks.org will "install malware on visitors' computers".

I've been contacted by many companies over the years who have discovered their web server was compromised after receiving a warning from Google's Safe Browsing system. What I have never seen before is Google labeling a website safe while that website continues to host malware. Has anyone else seen this before? Does anyone at Google confirm this was algorithmically determined behavior and not manual intervention on the part of Google? What possible justification could there be for labeling a website safe that hosts malware?

When I first found malware in content hosted by Wikileaks last year, one of the most frequent negative responses I received was that it is not Wikileaks responsibility to inform their users they host malware and that users should just know to take extreme security measures when reviewing Wikileaks files. Here's another question: if your bank's website hosted malware would you find this same excuse acceptable? If you think we should give Wikileaks a pass but not a bank, what reasoning is this based on? Wikileaks users, volunteers, independent activists and journalists run real risks when reviewing Wikileaks file dumps. Why do we demand more effort be put into making sure some kid doesn't zap a few hundred bucks out of our checking accounts than making sure a reporter isn't imprisoned?

Wikileaks should make some effort to identify malicious software within their filedumps, label infected files, and take more proactive steps to inform users of the risks of handling these files. I would be happy to volunteer to assist with any of these tasks, as I am sure hundreds of other competent infosec professionals. Meanwhile, organizations like Google should stop giving Wikileaks' retrograde operational security a pass. It is exactly because the work that Wikileaks performs is valuable that its worth making the site safe for users.

No comments:

Post a Comment