So you may have noticed that Many top Youtubers in the last day have been hacked by a hacking group called Ourmine, the titles and descriptions of all their videos had all been changed to what was essentially just an advert for them. From what I have looked into, the attack seems quite well orchestrated but not too harmful. Often when an attack like this manifests itself it can be a shock to people, as most aren’t aware of how these attacks occur. The group tends to focus its attacks on celebrities on advertising their “services” and often the attacks are fairly low tech. To get into celebrities accounts often what an attacker has to do is compile something called a “Biographical Dictionary” this can be data comprising of loved ones scraped from social media to history about where the person grew up. This is often why security questions are a joke. These attacks tend to be very extensive and require plenty of manipulation and “Social engineering”. Often an attack could manifest itself by calling up a company pretending to be the individual or a relative of them and trying to gain access to the accounts by using the information they have acquired. I don’t know the in-depth details of the attacks of course but I can make an educated guess on the matter. The attacks on youtube were focussed mainly on the OmniaMediaCo channel network which includes H3H3 and EverythingApplePro. IDUBBBZ another famous YouTuber who is part of the Maker network and is one of the only channels outside of the OmniaMediaCo network that was attacked seemed to have been targeted individually. Having checked a couple other high ranking channels in the maker network he was seemingly targetted in that way.

Screen Shot 2017-04-02 at 12.17.45

Screen Shot 2017-04-02 at 12.19.04

From the nature of the attack, it was most likely a vulnerability of OmniaMediaCo (list of OmniaMediaCo channels) that made the attack so widespread and why the Youtubers affected seemed so unrelated in content. They most likely used a bulk editor built into youtube that allows someone to edit all their descriptions and titles at once. I haven’t checked the website that they linked to in all the descriptions, but it would be wise not to click on the link. From what I’ve heard it’s simply a description about themselves anyway.

Most often Large companies are very lax about security and tend not to address common issues. However, entertainment sites such as Twitter and Youtube are in uniquely difficult situations with so much of their user base being celebrities. Famous individuals are often very easy to pin down with regards to personal information and social engineering tends to be easy with them. This hacking group whoever they are, have been trying to advertise “Security Services” by hacking people without permission, I’d be very wary about any group that proves itself by breaking the law.

EDIT: OmniaMediaCo has patched the vulnerability and youtube is slowly fixing the metadata on the affected channels. It’s possible that the attack was a combination of at the most fairly low-end attacks and the social engineering technique I mentioned earlier. The YouTube API that OmniaMediaCo require Youtubers to use gives account management to the network, this is a bit of an oversight on the networks part I think. Ourmine aren’t the high-end hackers you get hanging around, if they were they wouldn’t be focussing so much on advertisements such as these.