Netflix hack: White hats, or digital robber barons?

OurMine claims to hack large organizations in order to help improve their network security. But is this collective rooted in benevolence or profit?

Netflix and Marvel became the latest targets of OurMine, a shadowy hacker group that took over both companies’ Twitter accounts Wednesday to post self-promotional tweets.

The breaches may seem familiarto tech impresarios such as Facebook chief executive officer Mark Zuckerberg and Twitter CEO Jack Dorsey, whose Twitter credentials were obtained by the group earlier this year.

The collective claims that it isn't breaking into the accounts for nefarious purposes, but instead to make a point. OurMine says it wants to help large organizations improve network security by proving how vulnerable tech companies, executives, and celebrities are to hackers.

But just who is OurMine, and is their brand of hacking rooted in benevolence or profit?

While OurMine calls itself a “white hat” hacking group – a term that applies to ethical hackers – some cybersecurity experts say the group is misappropriating that description. 

“A true white hat hacker should never use malicious approaches to make their points,” Zaiyong Tang, a professor of networks and security at Salem State University, tells The Christian Science Monitor in an email. “The hacking of those Twitter accounts makes OurMine not much different from black hat hackers seeking notoriety.”

In addition to hacking Mr. Zuckerberg, OneMine also obtained the Twitter credentials for Google CEO Sundar Pichai, Wikipedia founder Jimmy Wales, and Yahoo CEO Marissa Mayer.

In October, Buzzfeed ran a story identifying one OurMine member as Saudi teen who goes by the name Ahmad Makki. The group denied the accusation and later hacked Buzzfeed in retaliation.

In most cases, OurMine claims to have obtained passwords through network vulnerabilities. But many of the affected sites, such as Twitter and Quora, have denied those claims. Instead, they say, the hackers likely reused passwords from previous data breaches.

“These types of attacks are basically password guessing,” Jibey Asthappan, director of the University of New Haven’s national security program, tells the Monitor in a phone interview. “They might use some social engineering, or it could be a brute force attack. This is probably not a very sophisticated attack.”

After gaining access to an account, the group typically fires off a series of Tweets using the hashtag “#ourmine.” The breaches rarely last more than a few hours, and the group maintains that it doesn’t use the accounts for nefarious purposes. In each case, the compromised account posts a common message: “Don't worry, we are just testing your security,” along with a link back to the group’s website.

“It’s a concerning precedent, but one reason [OurMine] may be doing this is that it’s potentially the easiest way to get an organization to pay attention to a vulnerability,” Derek Ruths, a professor of computer science at McGill University, tells the Monitor in a phone interview. “A random email that comes in and says, 'Hey Netflix, you have a network vulnerability' probably isn’t going to make it very far.”

It’s also possible that the hacks are just free advertising for OurMine’s security services, which range from $10 email scans to $5,000 consultations for corporate networks. In an email to The Guardian, the group claimed to earn $20,000 to $40,000 every month from consultations.

At best, that would be morally questionable guerrilla marketing for the Digital Age. At worst, it’s an exploitative business model predicated on fear. By targeting highly visible tech influencers, groups like OurMine can exploit the security fears of the average user. Though dealing with hackers is almost never a sound practice, some users may feel compelled to do so in the interest of security.

“This is the only place where it’s still the Wild West, and these are the types of things you can get away with,” Mr. Asthappan says. “It’s a unique way of trying to bring themselves a bit of business. I think it moves the industry a bit forward. It’s effective, but is it ethical?”

According to Leonid Reyzin, a professor of computer science at Boston University, “that depends on whether you adopt the utilitarian or deontological position on ethics. If you are a utilitarian, then you would have to weigh the pros and cons [of the hack.] If you are a deontologist, then most certainly not.”

The issue also wanders into legal gray areas. What does it mean to “attack”? Certainly hacking into a bank account qualifies, but what about a social media breach? Couldn’t both potentially cause harm?

“The definition of an attack often comes down to whether there was damage done,” Mr. Ruths says. “I think Netflix could probably make a strong argument that damage was done to their brand.”

Ethics and legality aside, there may be some value yet in OurMine’s vigilante behavior. By making examples out of Silicon Valley elites, the hacking group has called attention to the limitations of password protection.

“They’re calling for something that many in the industry have also called for, which is greater sophistication in the infrastructure,” Asthappan says.

Today, even complex passwords can be cracked with advanced brute force software. Many experts recommend using two-factor authentication, which requires users to enter two separate codes to access an account something that OurMine's victims, including Zuckerberg, chose not to use.

In the early days of the internet, when the first cybersecurity protocols were put to use, a user’s entire experience was limited to email and web browsing. Simply put, the foundation of security did not and could not have accounted for the degree of connectivity to which many of us are accustomed. Though the digital infrastructure has grown and improved, the basic foundation has yet to be replaced.

“It’s kind of like driving a Prius on a cobblestone road – it’ll work, but it’s not going to be pretty,” Asthappan says.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Netflix hack: White hats, or digital robber barons?
Read this article in
QR Code to Subscription page
Start your subscription today