Collective Intelligence – OurMine Hacker Group

Living at risk is jumping off the cliff and building your wings on the way down.

–  Ray Bradbury

Creative without strategy is called ‘art.’ Creative with strategy is called ‘advertising.’

–  Jef I. Richards

This can be philosophy but what we can experience for OurMine Group seems somewhat correlating. Lots of Hackers thinked of the same, OurMine marketing it very Smartly. What they have did so far ? Well, OurMine is the group of hackers who are known for hacking high-profile figures and companies, including Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, Twitter CEO Jack Dorsey, Game of Thrones, Sony’s PlayStation Network (PSN), Netflix, the WWE, HBO, and the most recently WikiLeaks. Some of the recent News Buzz about OurMine showing some advancements in the attack methodologies.

This thread is about to grab some collective intelligence about them. First lets start with the recent NewsFlash for OurMine which made some of the publicised attentions.

Hackopedia – Collective Intelligence for OurMine – Till now

  1. On Analysis, observing that OurMine made public appearance on Jan 2016 from Youtube accounts hijacks and then from May 2016 on roller coster ride of Twitter accounts hijacks which ride on serial basis till now making one by one Brand Defacements whether it may be Techie/ Celebrities Twitter Hacks or Famous websites Defacement or Leaking Data of Video Hosting Sites. Lots of reasons unknown about attack methodologies but No Doubt OurMine Group showed lots of variety in attack strategies from Twitter/Linkedin Accounts Hijacked to Data Stolen from Vevo , HBO.One theory states that, One of the Key reason for Celebrities twitter/ linkedin account takeover is re-use of exposed passwords in Linkedin password hack dated back in 2012, which was dumped partially on darknet and it could be a possibility that OurMine accessed it wisely.
  2. 11 Jan 2016, Gaming Youtuber Mark Edward Fischbach, aka Markiplier youtube channel controlled by Ourmine.                                                                                                                                                                                                                                                                                                                                                                                    A strange video appeared in the Subs box of every person subscribed to Mark’s YouTube channel. The video, entitled ‘Hacked By OurMine Team‘, has since been removed from the channel, but has been re-uploaded and discussed in great length far and wide. You can see one of the copies below. Youtube Link :
  3. 12 February 2016, Message appeared on Facebook by Ourmine team that PewDiePie is Hacked.In the same fashion, PewDiePie channel subscribers greeted with OurMine video posted on youtube.
  4. 14 May 2016, Toby Turner twitter account hijacked by OurMine. The hack seems to have only taken place on Twitter, with the team tweeting out their success to Toby’s 1.28 million followers.
  5. 18 May 2016, Media attention light up and articles published that The hacker, who goes by the name “Peace,” trying to sell the account information, including emails and passwords of 117 million LinkedIn users which stolen during the LinkedIn breach of 2012.  
    • At the time, only around 6.5 million encrypted passwords were posted online.
    • LinkedIn never clarified how many users were affected by that breach.
    • Peace is selling the data on the dark web illegal marketplace The Real Deal for 5 bitcoin (around $2,200).
    • The paid hacked data search engine LeakedSource also claims to have obtained the data.
    • Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. Of those, around 117 million have both emails and encrypted passwords.
  6. 24 May 2016, Deadmau5 soundcloud account hacked by Ourmine.                                                                                        

  7. Along with name of Peace, or Peace of Mind, a cybercriminal who was selling the hacked data on a dark web market one more actor came into Light Tessa88, the time when a website that serves as a repository of hacked credentials announced the MySpace hack. The handle Tessa88, however, apparently first surfaced in the web’s darkest corners only around April 2016, perhaps a few weeks earlier, when the cybercriminal started selling hacked databases on Russian cybercrime forums.
  8. 25 March 2016, On analysing Tessa88’s activity it was obvious that database was being sold from 25th March 2016 on russian forums.                                                                                                                                                                                                                                                  

  9. 16 May 2016, After LinkedIn Passwords Leak from here roller coster ride of OurMine started which is in full swing till now, first reported incident came up in which Hackers Hijack Big Name Accounts.The group, which calls itself OurMine Team, claims to have recently hacked the accounts of
    • Twitter co-founder Biz Stone.
    • Minecraft creator Markus “Notch” Persson.
    • Actor Sawyer Hartman.
    • Pop star David Choi.
  10. 6 June 2016, Mark Zuckerberg’s Twitter, LinkedIn, and Pinterest Accounts Were Hacked by OurMine.                             

  12. 9 June 2016, Former Twitter CEO Evan Williams’ Twitter Account Hacked By OurMine Team
  13. 20 June 2016, Former Twitter CEO Dick Costolo Got Hacked by OurMine
  14. 23 June 2016, Hackers Hijacked Channing Tatum’s Social Media and Posted an Ariana Grande-Inspired Anthem
  15. 24 June 2016, Daniel Ek, the CEO and founder of Spotify twitter account Hacked by OurMine.
  16. 26 June 2016, the group hit the Twitter account of Amazon CTO Werner Vogels. In a tweet, Vogels said it was actually his Bitly account that had been compromised.
  17. 27 June 2016, Google CEO Sundar Pichai’s Twitter and Quora accounts were Hacked by OurMine

  18. ‘Our Mine’ Hacks Twitter Account of Twitter CEO Jack Dorsey
  19. 12 July 2016, OurMine Hacking group conducted a massive DDoS attack on HSBC websites forcing the sites to go offline in UK and the US.
  20. 26 July 2016, OurMine Security appeared to gain publishing access to Verizon-owned prominent technology site TechCrunch, which uses the popular content management system WordPress, and posted its now infamous message. A post on the site under the byline of Seattle-based writer Devin Coldewey said:
    • “Hello Guys, don’t worry we are just testing techcrunch security, we didn’t change any passwords, please contact us.”
  21. 21 August 2016, Wikipedia co-founder Jimmy Wales’ Twitter account hijacked by OurMine.
  22. 23 September 2016, The group gained access to one of the site editors’ user account credentials, accessed the backend panel, and from there, they sent out a newsletter to all site subscribers that read “Hacked By #OurMine – Read The post!! [Important.]”                                                Acknowledged By Variety team : The content management system for Variety was hacked Saturday by a group known as OurMine, which has attacked a growing number of companies and prominent figures in recent months.The entertainment-news website was infiltrated at approximately 9 a.m. PT. OurMine sent messages to subscribers via multiple Variety e-mail newsletters declaring, “Hacked By #OurMine – Read The post!! [Important.]”
  23. 5 October 2016, BuzzFeed hacked by OurMine after it claimed to unmask one of its members. BuzzFeed posted a story claiming to have identified one of the members of the group as a Saudi teen called Ahmad Makki. In response, the hackers managed to breach BuzzFeed with a post, which has since been taken down, that read:
    • “Hacked by OurMine team, don’t share fake news about us again, we have your database. Next time it will be public. Don’t fuck with OurMine again.”
  24. 2 November 2016, Business Insider was hacked. Acknowledged by Team saying :Business Insider was hacked on Wednesday morning.Attackers identifying themselves as OurMine posted and edited stories on the US version of the website. “Hey, don’t worry we are just testing your security, we didn’t change your password or anything,” the message said. A push notification was also sent to users of Business Insider’s app.
    We apologise for the inconvenience, and are working on getting things back to normal as soon as possible.
  25. 21 OurMine hackers hack Marvel and Netflix Twitter accounts and posted messages as below
  26. 16 June 2017,The WWE NXT, WWE Universe, WrestleMania, WWE Network, Summer Slam and John Cena’s twitters handles were taken over by OurMine.
  27. 31 July 2017, Hackers stole 1.5 terabytes of data involving hackers leaking forthcoming episodes and scripts of Game of Thrones.Reporters received an anonymous email on Sunday from the hackers that read:
    • “Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.”
  28. 17 August 2017, Several HBO Twitter accounts were hacked and taken over by the notorious OurMine hacking group, posting #HBOHacked messages and warnings about security.
  29. 31 August 2017, WikiLeaks website apparently hacked by OurMine. 

    As of early Thursday morning, the homepage displayed a message that read:

    “Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?”

    “Anonymous, remember when you tried to dox us with fake information for attacking wikileaks [sic]?” the message continues. “There we go! One group beat you all! #WikileaksHack lets get it trending on twitter [sic]!”

  30. 15 September 2017, Hacker Group OurMine Targets Vevo’s Data (And Removes It By Request)Data including one-sheets on featured artists and marketing materials, supposedly 3.12 terabytes worth, was posted to OurMine’s website. Hours later, Vevo requested that the stolen info be taken down, and OurMine removed it.
    • In an email to NPR, OurMine, which operates anonymously, claims it did not initially intend to post the data publicly and tried to alert Vevo of the breach privately, but that Vevo responded, “F*** off, you don’t have anything.” OurMine shared a screenshot of that exchange, which lacked any identifying information and so could not be verified as taking place between the two, with NPR. Vevo would not verify the exchange to NPR when asked.
%d bloggers like this: