OurMine ‘Hacked’ Wikileaks in Response to a Challenge

Brian Erickson | September 11, 2017

The motives and purposes of cyber attackers can vary quite widely. In fact, there are around three different categories of hackers. You have the black hats, which are considered the malicious hackers, the white hats, which are good hackers who work to discover vulnerabilities for them to be patched, and the grey hats, which are considered the in between, as they discover zero day vulnerabilities and often sell them to government and law enforcement to use against adversaries. One hacking group that has gotten itself into the headlines pretty frequently is called OurMine. They consider themselves a white hat group, but their methods are questionable. OurMine typically operates by breaching a site or organization and then posting messages to contact the group about improving security. In yet another incident involving OurMine, they ‘hacked’ WikiLeaks in response to an apparent challenge from the site.

How OurMine Achieved Their Attack

The term ‘hacked’ is used in quotations here because of the method that was employed. OurMine did not directly breach WikiLeaks, but rather, they used a method called DNS Poisoning. Essentially, this kind of attack involves convincing one or more of the target’s DNS servers into altering their records. This resulted in OurMine being able to have the DNS servers tell browsers that the WikiLeaks website was located on an OurMine server. Although, all this really allows them to do is display a message instead of the normal site, which is the equivalent to calling graffiti on the front of building a security breach. OurMine’s displayed message began with a spiel about it being a security test, but it breaks off and says that the attack was a result of WikiLeaks having challenged the group to hack them. OurMine said in a post on their Twitter that WikiLeaks had challenged the group to hack them a few months ago, and that the hack had been in the works for some time and they had finally done it. This is not the first time that the group has gone after WikiLeaks, as they had also targeted them with DDoS attacks twice over the past few years. These previous attempts had prompted the hacking collective Anonymous to post personal information of individuals that they claimed were members of OurMine.

As mentioned above, OurMine has been involved in quite a number of different attacks upon various entities. This included the Twitter accounts of Pokemon GO creator John Hanke, David Guetta, Playstation, New York Times, and Google CEO Sundar Pichai. Although, they have been involved in numerous other attacks aside from the above. Once the group has breached the target, they post messages regarding contacting them about improving or testing the breached entity’s security. It is never a willing penetration test on the part of the victim, which is why there is much speculation surrounding their claims of being a white hat group.

The Importance of Comprehensive Security in Prevent Cyber Attacks

Cyber security is an extremely multifaceted proposition. Not only do organizations have to prevent direct breaches of their servers, but they must also defend from peripheral assaults like the above. There are many different implements that organizations can employ to prevent cyber attacks, such as monitoring and intelligence. An attack like the above generally does not do much harm, but it can display a potential weak point in the organization affected. This should prompt them to inspect all components of their networks and systems to discover any vulnerabilities. Organizations and businesses hold far too much sensitive internal and personal data for them to have any kind of lacking security. Massive Alliance offers numerous tools and services that can help all types of organizations to better prevent cyber attacks.

Operations Manager
Avid documenter of all things risk. Passionate about protecting people, property, and performance (PPPP) against risks. Enjoys advanced technology-led resilience solutions which identify relevant threats, warn those affected, and prescribe what action to take.