Without these folks, cybersecurity wouldn’t be what it is today. It’s not only tech innovations that grab our soft spot -- it’s also the silver lining in the cloud of cyber crime.
We’re back with the winners from our Cybersecurity Challenge. This week, we’re taking yet another spin on who our celebs are, and again, it’s a heroes and villains type of game.
Cyber Hero #3 - CTO and Co-Founder of Akamai: Danny Lewin
Replacing dial-up internet access with high-speed internet, allowing content to be delivered with lightning speed
The year 1998 marked a revolutionary year for the internet industry, and for technological innovation at large.
Known as the ‘internet revolution’, Danny Lewin (along with Akamai’s CEO, Tom Leighton, who was Lewin’s professor at MIT before they co-founded the company) instrumented pioneer algorithms that, for the first time in history, enabled web pages to absorb “massive amounts of Web traffic in real time, and thus grow their internet businesses”.
As soon as its algorithmic advances were introduced to society, Akamai was described as “overcoming the Internet’s hot spot problem”.
Today, Akamai Technologies has flourished into a CDN (content delivery network) and cloud services provider with an annual revenue of $2.2 billion (2015).
Danny Lewin’s Algorithm
Akamai and Cyber (pre-1990s)
Before Akamai introduced high-speed internet to society, cybersecurity and its threat landscape did indeed exist, yet on entirely different scales.
Akamai’s newly-produced high-speed internet augmented the capacity of damage that a computer hack can inflict on its victims.
As soon as the web developed its aptitude for directing massive amounts of traffic on (widely) available servers, that profoundly speedy web traffic also became susceptible to criminal activity.
As soon as valuable assets (classified information and data, monetary transactions, to name a few) were interacting within the rapidly moving traffic, cyber criminals would find a way to exploit the forum for forbidden access of goods, all of which would be done at lightning speed.
The internet’s new identity of a real-time communicator meant that so too, malicious software would operate with the same beating pulse.
Beneath the groundbreaking advancement of Lewin’s algorithms, lay a hidden message: the fate of cybersecurity is only as powerful as its victim: the “smarter” (read: faster) the internet can travel, the more cyber damage can be inflicted in response.
Opportunities like mobile internet, wifi-powered devices, smart technologies, and the liking, have only allowed cybercrime to mature and prosper, posing undefeated challenges to the art of cybersecurity, which continuously aims to overcome these forces of destruction.
Just last month, Tom Leighton told Reuters what he expects 2016 to mean for cybercriminals:
“The (Rio de Janeiro) Olympics and the U.S. Presidential Elections will lead to a sharp rise in Internet traffic this year.”
It is certainly no coincidence that both of these events are predicted to facilitate the top cyber incidents affecting society in 2016.
Cyber Villain #4 - OurMine: the “Hackers Targeting the Tech Elite”
Making the importance of cybersecurity known to the masses.
OurMine are the next villain in our Cyber Hall of Fame, and they themselves are indeed cyber criminals themselves. Even so, we’ve chosen them because of how grateful we are for their work, and the cyber awareness they preach to the world at large.
OurMine is a team of three independent hackers -- a collective who claim to be “singularly focused on security”, with the exclusive practice of encouraging people to be more cautious with passwords and plugins, which they do by leaving messages behind on public forums (Twitter, Quora, Pinterest, to name a few).
Different to the “anarchistic, politically minded hacking groups like Anonymous” -- OurMine is known to advertise their services and exploits on different social media networks, until their messages are eventually taken down by site owners.
OurMine’s byline has been changing on a weekly, sometimes daily basis. Typically known as “Mark Zuckerberg Hackers”, this week they’ve already earned a new one:
“Google CEO Sundar Pichai had his Quora account hacked last night, becoming the latest in a list of major tech figures to have their social media presences hijacked by a group calling itself "OurMine." The breach comes less than a month after both Mark Zuckerberg and Spotify boss Daniel Ek suffered a similar fate”
So far, OurMine has left clues behind each time they pull the rug from underneath a high-profile CEO:
(When Spotify CEO Daniel Ek’s Twitter was hacked last Thursday, June 23)
And this week, it was Google CEO Sundar Pichai’s Quora account:
The bottom line is that although OurMine seems to have targeted a few different social networks and a variety of CEOs as their victims, their work seems to be pretty consistent;
Their method & choice of victim(s): target the social media account of a well-known CEO of a successful, prosperous company (Google, Facebook, Spotify, Quora...you get it).
Their attack vector: The CEO’s social media account, on a network which is external to the immediate forum within their product’s community of users. The bottom line is that the CEO’s own company/brand is tarnished by its cyber weakness(es).
Their goal: to prove that even the mighty fall; even the entrepreneur champion, Mark Zuckerberg, can be hacked via his personal, just-for-fun accounts that are separate to his Facebook presence. Nobody is safe.
OurMine even has a “signature advertisement”, as Mic.com put it: a blurb which asks people to go to the OurMine website and sign up for a security consulting service “to keep them safe from other hackers”
"We are just trying to let them know that nobody is safe"
Why Did OurMine Make the Hall of Fame?
What won us over with OurMine is pretty simple: their value proposition (to raise cyber awareness) is completely aligned with ours -- and in many ways.
The Virtue of Brand Protection
One of our overarching values at CyberInt is brand protection, and securing our customers’ digital footprints (aka social media presence) to make sure they are protected beyond the perimeter, meaning, among their digital assets that exist in cyberspace, that they may not even be aware of.
The OurMine hacks are exactly the type of incidents that advocate for our message: by hacking Mark Zuckerberg’s personal digital footprint (all of his assets that are exposed via his Pinterest account), OurMine are showing that his Facebook brainchild may not be fully aware and in command of their cybersecurity.
By default, this attack sends the same message re: Pinterest, which was OurMine’s attack target for Mark Zuckerberg, but either way, the message remains the same: beyond Zuckerberg’s perimeter, his security is highly questionable. If he wants to protect his brand reputation, he needs to look beyond the obvious.
Supply Chain Security: An SME Must-Have
In our previous post, we showed how hackers often target larger companies by infiltrating through a smaller-scale SME, as they are often less secured than large enterprises on the market.
When OurMine targeted Google’s Sundar Pichai CEO, whose company(Alphabet) boasts circa 61,814 full-time employees, undermining Pichai’s online presence was much easier to wing when the hackers began with his Quora account, whose company consists of between 100- 200 employees.
Indeed, Pichai’s Quora account features many Q&As about Google products (such as the Chrome web browser), and the account has over 3.37k followers, with Pichai answering on a constant basis (4,177 answers in the last 30 days).
This glitch certainly doesn’t do Google (nor Sundar Pichai) any favors -- considering the number of Google enthusiasts that (indirectly) experience the Google brand on Quora.
Yes, Google’s internal system may be highly secure, but if OurMine is able to hack into Quora, Google’s brand reputation is at risk, to say the least.
Don’t Ignore OurMine
OurMine is well at one with the importance and severity of (compromised) cybersecurity -- both technically (just think about how many influential hack they’ve pulled off lately), but also principally. Although petitions exist (such as the 5,000 follower campaign on change.org) to “shut down” OurMine, we think their presence projects an enormous message: if you haven’t already, it’s time to buckle down on your cybersecurity.