https://www.afr.com/politics/federal/who-cyber-security-is-appalling-says-hacker-20200422-p54mdg Exclusive How Canberra hacker cracked WHO passwords in hours Tom Burton Government editor Apr 23, 2020 – 10.51am Robert Potter spent a few hours early Wednesday morning hacking into the World Health Organisation from his home in Canberra. An ex-Australian government defensive cyber specialist, Mr Potter used leaked emails and passwords dumped online by unknown activists to penetrate the WHO and the Wuhan Institute of Virology. It wasn't difficult. "I was able to get easy access to the WHO systems," Mr Potter said in an interview. "They did not have two-factor authentication." At that point, Mr Potter contacted Maria Milosavljevic, the chief data officer at Services Australia, who he had worked with when it was the Department of Human Services. "I was able to get access to their [WHO] extranet and knew they had been compromised but did not want to go any further," Mr Potter said. Dr Milosavljevic contacted the Department of Health, which promptly got the secretary and Chief Medical Officer Brendan Murphy on the phone. Mr Potter said he passed the WHO materials to the department's security team. “Their password security is appalling,” Mr Potter said of the WHO. “Forty-eight people have ‘password’ as their password.” Others, he said, had used their own first names or “changeme”. Mr Potter is ex-army and runs a Canberra cyber defence consultancy, Internet 2.0. He was asked by The Washington Post on Wednesday morning to verify if the leaked emails and passwords, which started appearing online recently, were genuine. Mr Potter said the hack appeared to have happened a few years ago but the credentials from the various agencies had resurfaced during the coronavirus crisis to promote new attacks. "The leaks were from breaches a few years back. They were pouring blood in the water in order to promote attacks. "I think it was hacktivism. There did not seem to be any malware or the usual digital forensics you find with more sophisticated actors," Mr Potter said. "The attackers dumped the passwords to encourage a breach not because they themselves caused one. This is the cyber equivalent of chumming the water." Details of the alleged leaks from the Gates Foundation and the Wuhan lab were still available on Twitter, YouTube and far-right internet sites on Thursday morning. Mr Potter said alleged email addresses and passwords may have been purchased from vendors on the dark web, a portion of the internet that is not indexed by most search engines and where hacked information often is posted for sale. The Washington Post reported that according to the SITE Intelligence Group, which monitors online extremism and terrorist groups, the largest group of alleged emails and passwords was from the US National Institutes of Health, with 9938 found on lists posted online. SITE said the Centres for Disease Control and Prevention had the second-highest number, with 6857, The World Bank had 5120 and the WHO addresses and passwords totalled 2732.