Ourmine deface two of Forbes’ blog pages & sell on advice to fix
Forbes found themselves hacked on Tuesday 20th December , with infamous hacking team Ourmine, defacing two of the sites authors blog pages and posting the message;
Hey, it’s OurMine, No Worries we are just testing your security, please visit our website to upgrade your security, Thanks!
Ourmine has made a name for themselves, with the usual targets being CEO’s and celebrities. Some of their recent targets have been Facebook’s Mark Zuckerberg, Google CEO Sundar Pichai, plus sites like Buzzfeed and Buisness Insider.
Ourmine is a hacking group who sits in a grey area of hacking. They claim that they only want to help people with security and to achieve this they regularly access accounts without permission and leave messages, like the one they left on Forbes.
Even though Ourmine act with good intentions, it definitely doesn’t make it legal and certainly doesn’t make it acceptable.
While most security professionals can and do actively look for vulnerabilities on popular websites. The professional response to finding any of these security holes, is to contact the owner privately and inform them of the risk. Ourmine have claimed that the reason they do not take this approach is because they are often ignored, so instead choose to deface webpages and twitter feeds with a short message, advising of the problem.
Groups like Ourmine operate in a grey area of the hacking community
While the methods the group uses are not known, it is suspected they use leaked databases of credentials found online, then hope the same passwords can be used on other websites the user may have accounts with. Additionally the use of dictionary or brute force attacks are highly possible too. This means if you do find yourself with a message from the group, the safest bet is to probably change your password and enable two factor authentication on the websites who support it.
The group also provides security services on their website, with things like website security audits and even securing your e-mail accounts. They also boast about all their online mischievous behaviour in a crude news section, which links to numerous Youtube videos and a small blog detailing what accounts they compromised.
As a huge supporter of ethical hacking, the grey area Ourmine operate within, is clearly the wrong way to approach and inform users of any security vulnerability, plus no matter the ideology these kind of groups claim to operate under, can absolve them of the crimes committed.
In the end Forbes deleted the posts and i assume changed a few passwords too.