Following their attack on HBO last week, OurMine have now hit Barcelona FC’s Twitter and Facebook accounts. In a bold move, the hackers posted a tweet from the football clubs accounts announcing the signing of PSG winger Angel Di Maria. The signing is of course, false.
As I’m sure you can imagine, the hack has paved the way for a slew of online jokers mocking Barcelona FC. Whilst it may be humorous to you and me, it reflects badly on the business. No company wants to be seen as a laughing stock.
OurMine, are a self-proclaimed ‘elite hacker group’. Their website boasts of their professional hacking services and skills as vulnerability assessors. In the past they have targeted other high profile business accounts like Netflix and even Mark Zuckerberg, Facebook’s founder.
They consider themselves to be ‘white hat’ hackers. But what does that mean exactly? According to Wikipedia:
“The term white hat refers an ethical computer hacker, or a computer security expert who specialises in penetration testing and in other methodologies to ensure the security of an organisations security systems.”
On the surface, it would appear that OurMine are white hat – but it’s more complicated than that. To officially be considered white hat, you also need permission to enter the online environment. For example, if you contact our team for a Penetration Test; they will be entering with your permission, making them white hat hackers.
Whereas a ‘black hat’ is a term used to describe malicious hackers with criminal intent. Technically, what OurMine are doing is illegal. They’re making changes to someone’s online environment without permission. But, to make things even more complicated, they claim to be doing it for the good of the company.
This puts OurMine into the realm of a ‘grey hat’. A grey hat differs from a white hat because they aren’t hacking at the request of the company. However, they aren’t doing it for criminal gain either, which takes them away from the label of a black hat.
It would seem from the outside, that their interests lie in garnering attention, rather than actually ‘caring about the security and privacy’ of people’s networks. They usually use victims accounts, often with massive followings, to direct them to their own website.
If their goal was informing people of security lapses then they could just as easily send them a private message. Something tells me they are using this as a marketing opportunity. They sell security services such as website scans for $1000 and I should think these hacks have probably netted them quite a bit of business.
“For the most part it seems they are simply gaining access to the users password, but unless there is a vulnerability on Twitter’s end, this likely just has to do with simple account security. And no one is going to pay hundreds of dollars to be told they just need two-factor verification or a generated password”
As much as OurMine are becoming an online nuisance, they’re also helping to highlight and showcase the very real threat of hacking. If these guys are able to hack into massive companies accounts so easily, imagine how simple it must be for them to take over a relatively small business? Now is the time to secure your online presence, don’t let yourself become a victim.