The U.S. government has filed a superseding indictment against Julian Assange, the founder of WikiLeaks, alleging his involvement with hacking groups such as LulzSec and Anonymous. This updated indictment expands on the previous 18-count charges, initially levied in May 2019, though it does not introduce new allegations. The Department of Justice stated that the new indictment broadens the conspiracy scope related to alleged computer intrusions previously attributed to Assange.
In the original charges, Assange faced accusations related to the unauthorized publication of classified military and diplomatic documents on WikiLeaks, which he reportedly obtained from Chelsea Manning, a former Army intelligence analyst. The latest indictment uncovers further details about Assange’s activities and connections with hackers. Notably, it claims he conspired with various individuals to carry out computer intrusions that would benefit WikiLeaks.
The indictment alleges that since WikiLeaks’ inception, Assange has actively engaged with hackers at conferences in Europe and Asia, promoting hacking as a means to gather information for WikiLeaks. A particular incident mentioned occurred in 2009 during a conference where Assange claimed that WikiLeaks acquired sensitive documents from the Congressional Research Service by exploiting vulnerabilities in the U.S. Congress’s document distribution system.
Additionally, Assange is accused of unauthorized access to a NATO country’s government computer system in 2010. By 2012, he was reportedly in direct contact with a LulzSec leader who was collaborating with the FBI, providing target lists for potential hacks. Within those communications, Assange specifically sought access to documents, databases, and impactful materials related to high-profile targets, including intelligence agencies and major news outlets.
The indictment further states that Assange received and disseminated emails from a data breach involving a U.S. intelligence consulting firm, orchestrated by an individual linked to Anonymous and LulzSec. Allegedly, he encouraged the hacker to launch further disruptive actions against the breached company.
Arrested in April 2019 in London after Ecuador revoked his asylum, Assange was subsequently sentenced to 50 weeks in a UK prison for breaching bail conditions. Presently, he remains incarcerated in the UK, awaiting a September hearing that will determine his potential extradition to the United States. If convicted on all counts, he faces a maximum prison sentence of 175 years, a penalty reflective of his alleged role in what has been characterized as one of the most significant breaches of classified information in U.S. history.
The case against Assange underscores a range of adversarial tactics that may have been employed in these alleged actions. Techniques such as initial access, privilege escalation, and lateral movement within networks all potentially align with those articulated in the MITRE ATT&CK framework. These insights not only reveal Assange’s methods but also serve as a crucial alert for business leaders in cybersecurity about the evolving threats posed by state and non-state actors in the digital landscape.
