OurMine and the Misuse of "White Hat" Hacking

Published: August 16, 2016 1:00 PM /

By:


ourmine white hat cover

If your local channel news and weekly crime TV shows are to be believed, hacking is an artform commonly overlayed with intense music where the stunning anti-hero or cunning villain must type 120 WPM to somehow get access to "the system" and reroute some amount of money to their Swiss back account or however those things go. Actual hacking has never been like that, and most who are even moderately aware of how the Internet works know this. Hacking in reality is all about finding exploits in a site or server and getting in through there, a task of diligence and patience more than anything else. Real hacking is very rare nowadays. Most things we see referred to as "hacks" are actually just DDoS attacks, password guessing software and phishing schemes, social engineering, or people just having insider access. There are still real hackers out there, and many of them are a force for good. "White hat" hackers use their expertise not for selfish benefit or trolling but to try and help sites protect themselves, or to fix what "black hat" hackers have already broken. Sites like HackThisSite teach users about how to hack and the basics of network security, and encourage white hat or victimless hacking. However, some actual white hat hacking groups don't seem to know what the word means, and it seems like that white hat hacking if not hacking in general is now a dead art form, because OurMine seems to not only not be white hat, but they barely qualify as hackers at all.

OurMine is a group of "security experts" better known for hacking into the social media accounts of tech giants and YouTubers. The group claims to be white hat, stating on their website they only care about helping people secure their accounts, sites, and servers. They may not fully understand the purpose of  white hat hacking, though, as most onlookers who witness their actions seem to interpret them as taking accounts hostage and trying to garner attention, rather than protecting anyone. Recently OurMine has been on something of a rampage, making headlines far more frequently and targeting bigger names than before. In just the last two weeks they claim to have hacked Gawker CEO Nick Denton, YouTuber Alexa Losey, Vimeo Founder Zach Klein, and temporarily took over the site TechCrunch (which has been critical of OurMine in the past). In the past they've hacked YouTubers like PewDiePie and Markiplier, and claimed to be responsible for server downtime on Pokemon GO. They commented on the DNC email scandal from Wikileaks by just telling people to enable two-factor verification. They also hacked YouTuber Leafy, who is currently the center of a subscription botting controversy on Twitch. 

https://twitter.com/RDaRosa98/status/764981728838582273

Now despite OurMine claiming to want to help people protect their accounts, they tend to pick on the individual accounts of famous people more than anything. All of their news updates, and often the messages they leave on hijacked accounts, demand the owners to contact them to get their account back and "learn how to protect it," which seems to be their attempt to force people to buy their services. They also have no issue garnering attention by offering private information on Internet groups like Anonymous (specifically @YourAnonNews) to press.

It is not all bad though. For instance, they found an exploit in Mojang where users could supposedly gain access to other accounts on Minecraft, and rather than exploiting this themselves, they warned users and told them to ensure they had security questions on their account. Who knows how many of these "security" issues they claim to find are real though. Wired revealed in June that many of the "hacks" by OurMine are actually just taking advantage of leaks done by others, and that their claims of providing security services to other organizations may not be real either. OurMine claimed to be providing services to the site. Conversely, however. a founder there said they'd never heard of OurMine and was not paying them for any services. 

It seems most of OurMine's "hacking" falls under the umbrella of things that don't actually involve any technical hacking. They may very well be capable, but they seem to focus highly on social media accounts, in particular Twitter. For the most part it seems they are simply gaining access to the user's password, but unless there is a vulnerability on Twitter's end, this likely just has to do with simple account security. And no one is going to pay hundreds of dollars to be told they just need two-factor verification or a generated password. What's more, they brag about every "capture" so happily and publicly, likely to garner more marketing for their services. It makes you wonder if they actually get any takers on their services. Every blog includes advertisement, asking those who come looking for answers to buy their services. However, most fans and onlookers don't seem to express any interest. Most either detest OurMine for going after their favorite celebrity, or will celebrate their hacks as an act of vengeance, such as with John Hanke, the CEO of Niantic. 

ourmine victims
OurMine has targeted YouTubers, tech giants, and server based games and websites, particularly whatever is popular at the time.

Two things remain clear though: this is not "white hat," and possibly more importantly, it's not hacking. Account security is important, and how to create a secure password and protect your social media accounts is more widespread than drug PSAs in the 90s. However, exploiting the persistent ignorance about creating a secure password isn't hacking, nor is it particularly challenging, and nothing OurMine does is going to sway people towards more security; it only build resentment in their targets. At this point, anyone who does not have at least a semi-secure password is simply suffering from the delusion that it would never happen to them. It is not that they lack the information, they simply don't see themselves getting targeted in that way. And while an attack from OurMine might open their eyes up to that, it won't make them buy any services. It will bring OurMine attention, though, much of it negative and that seems to be what they actually want.

This only draws more attention to the fact that OurMine are not hackers, at least not in practice. DDoSing sites and phishing passwords is not hacking, and it isn't particularly hard either. Even social engineering requires a level of expertise, but what OurMine does can be learned fairly easily by people with rudimentary knowledge, and the avoidance of either has more to do with whether a person has the server resources or the sheer motivation to combat them. Neither require the hiring of any "experts" to "analyze your accounts for vulnerabilities," though. They either require you to finally follow the guidelines that tech sites have been telling you for years or to get better server protection. 

It's unfortunate, since white hat hackers did and perhaps sometimes still do offer an important service. You can still find big companies who hold bounties for finding security vulnerabilities. Many offer physical rewards or treat the "bug bounty" as a competition. Nowadays these kinds of hackers don't refer to themselves as white hat, calling themselves more formal titles like security experts, and you can still find them. Bug bounties are increasingly popular, with even well-known companies like Apple offering them now. You'll never find these experts taking over Twitter accounts and posting flashy YouTube videos though. More recognized ones often become generalized security groups, capable of hacking but also offering services in other ways. They will usually inform clients of a bug or vulnerability in private, unless that company refuses to address an issue that endangers the information of their users. 

If OurMine were truly white hat, they would not brag about "gaining access" to Twitter accounts so haphazardly. Rather, they would discuss the vulnerability with the user privately, then ask if they had permission talk to the public about it. Most likely, if they were polite, they might even garner some free positive publicity from that user. This doesn't seem to be what white hat groups want to do now, though. The general public is quickly growing tired of their shenanigans, so who knows how long it is before a bigger wolf takes down the wolf in sheep's clothing. 

Have a tip, or want to point out something we missed? Leave a Comment or e-mail us at tips@techraptor.net


No author image supplied
| Staff Writer

Teacher's aid by day. Gamer by night. And by day, because I play my DS on my lunch break. Ask me about how bad my aim is.