Recently, we reported on the recent social media (and potential PSN database) PlayStation hack that OurMine orchestrated. Since our forte is video games, not web security and hacking, we managed to get some analysis on the 2017 PlayStation hack from some experts. We spoke to Alex Heid, the Chief Research Officer at SecurityScorecard, and Dimitri Sirota, the co-founder and CEO of BigID, about the recent hack to get a better understanding of what OurMine is trying to accomplish.
“The OurMine group is a hacking crew that has successfully targeted the social network accounts and websites of many companies over the last few years,” explained Alex Heid, white hat hacker and Chief Research Officer at SecurityScorecard. “The modus operandi of OurMine appears to be the use of circulating compromised credentials from an company, and OurMine seems quite specialized in identifying cases of password reuse across the enterprise. Based on their public statements, they do not appear to be motivated to release any hacked data publicly. It seems they are bordering more on the grey hat side of the hacking world, as opposed to the black hat side, they appear to be doing these campaigns to raise awareness about security practices while bringing attention to the availability of their own security assessment services.”
The hack has so far not been confirmed by Sony but the methods demonstrate the confusing nature of modern hacks:
- Many hacks go undetected;
- Companies only learn about them long after the IP or ID data has been compromised;
- However for many companies, there is no way to tell if data has been compromised without proof, which all too often comes in the form of a public drip drop leak;
- With the advent of crypto currency, data thieves have shifted from selling content on dark web to selling it back to the company who has most to lose and thus arguably will be the most willing to pay;
- For companies, this creates challenges to both verify breaches and in dealing with criminals requesting ransom or some kind of blackmail in return for not divulging data.
In terms of how these breaches happen, many of them come through compromised internal accounts. That is not an exclusive method by any measure, but stealing an administrator’s account credentials provides all kinds of access to databases and applications
Typically the hackers go after ID data (personal information) or IP data. Both are extremely sensitive and, in the case of ID data, can easily lead to other regulatory and class action liability.
For companies, there is no single defense to protect themselves. As a rule they will want better credential management for insiders with privileged access to system including a password vault and strong authentication. They will want a clearer audit of what data they have where so they can better safeguard and track it before an incident. They will want some kind of means to block exfiltration or access. Lastly, they want better tracking if usage and access of the data to see if anything anomalous happens.
PlayStation LifeStyle would like to thank both Dimitri Sirota and Alex Heid for taking the time to chime in on the recent ordeal. Now that OurMine’s actions are better understood, hopefully that’ll clear up some confusion on the recent 2017 PlayStation hack.