Hackers late Sunday broke into CEO Sundar Pichai’s Quora account and through it accessed his Twitter followers, according to reports.
The group taking credit for the breach, OurMine Security, previously hit other prominent high-tech figures, including Facebook CEO Mark Zuckerberg, Spotify CEO Daniel Elk, Amazon CTO Werner Vogels and former Twitter CEO Dick Costolo.
OurMine’s goal is to improve the security of social media accounts around the world, the group has claimed.
“As well intentioned as they may be, OurMine is not making friends with their efforts, while they’re gaining a lot of publicity,” noted Craig Kensek, a security expert at Lastline.
Still, “the damage done so far has been more of an embarrassment,”. “A deep-pocketed celebrity may ultimately go after OurMine or other hackers for invasion of privacy.”
OurMine reportedly is a group of three people, believed to be teenagers. They initially removed private data and stored information from the sites they hacked, but lately have attempted to rebrand themselves as a security group, hacking into accounts as a way of advertising their services.
OurMine has claimed that it exploits vulnerabilities in the services its victims use.
For example, OurMine hacked the Bitly accounts of Channing Tatum and journalist Matthew Yglesias.
However, Bitly has denied the group’s claim, and said the hacks were possible because the victims used their passwords on multiple sites.
OurMine also asserted the presence of a vulnerability in Quora, which Quora subsequently denied.
OurMine claimed to have launched exploits that let it access passwords victims had saved in their browsers — apparently the method used to hack Channing Tatum’s YouTube and Twitter accounts.
Sowing Dragon’s Teeth
OurMine’s actions have drawn widespread rebuke.
A Change.Org petition calls for shutting OurMine down and urges Twitter and YouTube to take action. The petition had more than 5,400 supporters at press time.
Twitter has suspended OurMine’s account.
Hacker AlexPro earlier this year published information that supposedly outed the group on Dramaalert.com. He listed the group’s IP and Skype addresses, and suggested they were Arab as they were using the SaudiNet ISP, and geolocation information placed them in Saudi Arabia’s Makkah province, close to the city of Jeddah. “Keep in mind these guys had a (sic) Arabic twitter,” AlexPro wrote.
However, AlexPro’s conclusions are questionable.
“This group has Polish roots,” maintained Andrew Komarov, chief intelligence officer at InfoArmor.
“They actively use XSS (cross-site scripting) attacks against social media account owners,” he said.
The Silver Lining
Still, it’s not all bad, because “anything that causes no real harm, which can serve as a reminder to everyday folks that security matters for everyone, is likely a positive,” suggested Jonathan Sander, vice president of product strategy at Lieberman Software.
“OurMine isn’t telling us anything that hasn’t already been said,” he said. “Of course there’s a problem with the security of social media. Passwords are fundamentally flawed; people reusing passwords is even worse.”
It “will be interesting to see what, if any, legal ramifications this interesting marketing campaign may have for the group in the short term,” Sander mused, “though it seems like most of the people being targeted would rather have the incidents forgotten.”
“We’ve seen time and time again with breaches that many users avoid password changes and fail to use unique passwords across services,” noted Craig Young, a security researcher at Tripwire.
“This will probably never change,”, “which is why it’s so critical that services continue to push users onto multifactor authentication systems and eliminate this single point of failure.”
2,323 total views, 2 views today