OurMine have an interesting business plan. One of the OurMine members has been in touch with the source website and has been discussing how they are attempting to improve account security across the world. However, their business practice is at the very least questionable: OurMine hack into the social media accounts of famous or influential persons across the Internet in order to highlight the weakness of the account and to offer to sell their services. To date, OurMine have hacked into Sundar Pichai, Google’s Chief Executive Officer, Daniel Elk (Spotify CEO), Werner Vogels (Amazon’s Chief Technology Officer) and Channing Tatum (of the “Magic Mike” movie). This is a moderately impressive list of high profile account that OurMine have hacked.
Following a number of messages, the OurMine contact explained that this group consists of three teenage people. Their hacks are designed to promote better security practices across the Internet starting with the more influential accounts. OurMine has used compromised Twitter accounts to Tweet out promotions of its services rather than the usual offensive material associated with hackers (hate messages and porn advertising, for example). Of course to some people, an account hack is still an account hack no matter how benign: on Monday evening, the team accessed Sundar’s Quora account and used this to ask a question: “Is it possible to force my android app users of all version [sic] to update the app?” The team also promoted their service and used the information gleaned from the Quora account hack in order to access Sundar’s Twitter account. However, whereas former OurMine hacks are thought to include reusing a password acquired from another hack, in the case of Quora, the OurMine member stated that they were able to access Sundar’s account because of a vulnerability on the Quora side of things. Perhaps understandably, Quora were quick to deny that there is a vulnerability in their systems. Quora also highlighted that OurMine’s claim is at odds with their last hacks and that they have no record of OurMine using an exploited vulnerability before. OurMine were able to obtain Werner Vogels’ password but declined to explain how.
Of course, with OurMine using influential accounts to advertise their service, what exactly are they selling? OurMine currently has thirty four customers and the service is to scan the security of social media accounts and websites. The original price was $99 but this has been dropped to $30. It’s an interesting proposition but it would take a brave Internet user to hand over credit card details to a group that hack accounts to raise money. Another hacker has traced the OurMine IP address to Saudi Arabia, but OurMine have denied any members being from both this country and Russia. Whoever or wherever they are, perhaps OurMine have taken a leaf from other controversial marketing strategies and are trying to stay in the public mind in order to sell a product or service?