It’s been a busy week in cyber land, particularly for the hacking group OurMine. The self-reported hacking vulnerability detection team has made headlines before. They’ve hacked such individuals as Twitter CEO Jack Dorsey and actor Channing Tatum. They also famously (and falsely) tweeted, from Sony’s Twitter account, that Britney Spears had died.
They’ve found a gray zone in the world of white hat hacking, blending rather “black hat” actions with notices to companies and individuals that they detected a vulnerability, out of the goodness of their hearts, so that those individuals, in response, can improve their cybersecurity.
They’re like a menacing cyber police dog.
This week, they took on two news agencies and another kind of big dog: the WWE.
Last week OurMine hacked three Facebook pages of news giant CNN: their main account, their CNN International account and the CNN Politics pages.
On each page they left their now recognizable logo and the message, “Hey, it’s OurMine we are just testing your security, please contact us for more information, followed by a contact email address and a link to the group’s website.
Facebook acted quickly and restored control of the pages to CNN staff within minutes, and also removing the messages posted by OurMine. Think of it as harmless, annoying, but temporary internet graffiti.
OurMine doesn’t just choose Facebook feeds to hack, and this week they also decided to wrestle with the Twitter accounts of World Wrestling Entertainment (WWE) group. WWE Universe, WWE NXT, WWE Network, Summer Slam, WrestleMania and wrestler and celebrity John Cena were all hacked, with that same OurMine logo and message appearing on message boards.
Millions of people follow these WWE accounts, and the WWE’s official Tumblr page also was hacked, with the same message posted.
The group’s message is one of testing security, but on their website they do also offer commercial services, including testing social media and email accounts of cyber vulnerabilities. In a way, then, such hacks and the subsequent media coverage are their form of free advertising.
Just as occurred at CNN, the WWE had control of their accounts back within a short period of time.
Hacking the New York Times
NYT publishes headlines, but this year they have also made headlines by getting hacked. Earlier this year the newspaper’s reporters and the paper itself may have been hacked by Russia. (But, seriously, who didn’t get hacked by Russia last year? It’s as though nobody was anybody unless subject to soviet hack).
This week it was reportedly OurMine again, and they hacked the twitter account of @NYTVideo. Rather than to just post their logo, however, this one came with the message, “BREAKING: leaked statement from Vladimir Putin says: Russia will attack the United States with Missiles.”
A few follow up tweets claimed it was a hack from OurMine, just playing a joke.
Luckily, the twisted humor didn’t create too much havoc, since the account has only 259,000 followers and generally only links to NYT videos. (The NYT main Twitter account has over 33 million followers). Also, the follow-up, including a new message explaining the issue, happened quickly. The “joke” tweets were quickly removed.
When a bank just got burglarized, do you want to keep your money there? If a store is the recipient of an armed robbery, do you feel like shopping there?
The biggest threat to companies when they get hijacked isn’t from OurMine: it’s the potential damage to their online reputation. The strength of a brand is in its reputation, both in terms of quality of their products but also in terms of their management skills. Getting hacked, particularly in such a public way, can look like poor management.
When a bank gets robbed, they try to keep clean-up as low-key as possible, to try to minimize reputation damage.
Likewise, if your company were ever to get hacked, online reputation management services help minimize the damage to your brand, your infrastructure, and your bottom line.
Stay tuned for our weekly feeds to see who is in need of online reputation management services, as we track the biggest hacks in the cyberverse each week.