Sophos Cloud Optix
The cybercriminal group OurMine has struck again, claiming responsibility for hijacking and defacing the Twitter accounts of the US National Football League (NFL) and 15 of its teams.
The timing is pointed: The attacks hit during this, the media-hectic week that leads up to Sunday’s Super Bowl Championship, which will pit the 49ers against the Chiefs.
OurMine has a long history of hijacking high profile accounts to turn them into billboards to advertise its so-called security “services” and/or to vandalize pages, like it did to BuzzFeed back in the group’s busy-beaver year of 2016.
OurMine has also hijacked the Twitter accounts of Google CEO Sundar Pichai, Wikipedia co-founder Jimmy Wales, the Twitter and Pinterest accounts of Mr. Social Media himself – Mark Zuckerberg – as well as Channing Tatum and Captain America, along with the accounts of his Marvel buddies, including The Avengers, Dr. Strange, and Ant-man.
Here’s one example of the spiel with which OurMine littered NFL teams’ accounts, posted on the Twitter account of the Chicago Bears on Sunday:
From Sunday through Monday, OurMine also targeted the NFL’s own Twitter account, along with the Twitter and/or Facebook and/or Instagram accounts of the Kansas City Chiefs, Green Bay Packers, Dallas Cowboys, Denver Broncos, Indianapolis Colts, Houston Texans, New York Giants, Philadelphia Eagles, Tampa Bay Buccaneers, Los Angeles Chargers, San Francisco 49ers, Cleveland Browns, and Arizona Cardinals.
Twitter suspended the @OurM1ne account about two hours after the first football teams’ accounts were compromised.
Many of the hijacked accounts had this message posted:
Hi, we’re back. We are here to show people that everything is hackable.
OurMine left contact details as well as a link to its website, where it offers paid “security services” for individuals as well as companies.
Hacked via third-party platform
Twitter has confirmed that the accounts were accessed via a third-party platform, according to the BBC. OurMine told The Daily Dot that it got into the accounts via a social media management tool.
The tweets appeared to be posted by Khoros, a social media marketing software company that was rebranded from a similar company named SpredFast following the two companies’ merger. OurMine declined to answer when The Daily Dot asked if the NFL hack was enabled by infiltrating the NFL teams’ Khoros accounts, but the group later told the DailyDot that it was able to indirectly access the Twitter accounts through SpredFast.
Khoros confirmed to The Washington Post that one of its customers had experienced an intrusion:
We are helping a Khoros customer manage an incident, which involved unauthorized access into employee user accounts within their organization. We are committed to our customers’ security and are partnering with them to help them resolve the situation.
The NFL said in a statement Tuesday morning that it jumped on the breach immediately:
As soon as we were made aware of the issue, we locked the compromised accounts and are working closely with our partners at the NFL to restore them.
It later said that the NFL teams’ accounts have been brought back under control.
We continue to work diligently with the teams, which have resumed normal operations. The NFL and teams are cooperating with its social media platform providers and law enforcement.
Latest Naked Security podcast
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast.
Why would anyone in their right mind seek security services (or ANY services!) from an organization with such a dire lack of business ethics?!? It boggles the mind.
I notice that the Minnesota Vikings escaped their attention. Probably figured they weren’t worth the effort. 🙂