OurMine Hacks the NFL

Regarding cybersecurity, Sunday, January 27, 2020 wasn’t a particularly good day for the National Football League. Roughly half of the NFL team’s social media accounts were hacked. Fortunately, this particular cyberattack didn’t occur the following Sunday. You know, on Super Bowl Sunday? I guess we can all collectively count our lucky stars. Whew! Anyway, here’s the official list of teams impacted… so far.

  • NFL (Twitter account)
  • Arizona Cardinals (Twitter account)
  • Buffalo Bills (Instagram and Facebook accounts)
  • Chicago Bears (Twitter account)
  • Cleveland Browns (Twitter account)
  • Dallas Cowboys (Twitter, Facebook, and Instagram accounts)
  • Denver Broncos (Twitter account)
  • Green Bay Packers (Twitter account)
  • Houston Texans (Twitter account)
  • Indianapolis Colts (Twitter account)
  • Kansas City Chiefs (Twitter account)
  • New York Giants (Twitter account)
  • Minnesota Vikings (Instagram account)
  • Philadelphia Eagles (Twitter account)
  • San Francisco 49ers (Twitter account)
  • Tampa Bay Buccaneers (Twitter account)

Many of the accounts had information removed or altered. Profile pictures, official names and headers, and in a few cases, their bios.

Other accounts included identical tweets posted by the notorious hacking group known as OurMine.

One tweet was a bit more shocking, or as portrayed by the mainstream media, downright misleading and deliberately silly.

After a couple hours of real-time exposure, twitter finally came to the rescue and froze the compromised accounts. Problem solved!

Curiously enough, the hacking group OurMine is an “alleged offshoot” of a legitimate cybersecurity company based in Saudi Arabia. Now, not to be overly alarmist, but when someone mentions the kingdom of Saudi Arabia, a few common themes come to mind. Extreme wealth and abject poverty, oil and sand, the House of Saud royal family, an autocratic government, and Sunni Wahabism (the radically conservative branch of Sunni Islam). Not to mention the most famous incident in the history of terrorism (lest ye forget, 15 of the 19 hijackers on 9/11 were from Saudi Arabia). And oh yeah, one other theme — the gut-wrenching human stampedes which frequently occur during the yearly Hajj.

But OurMine bills itself as a “white hat” hacking group? That’s the term for cyber trespassers who breach systems with good intentions. Hey, this might sound a tad naive, but maybe OurMine was merely trying to help. By providing a vivid demonstration of the NFL’s cyber-vulnerabilities! Yeah, that’s the ticket! (Jon Lovitz)

So what’s the takeaway here? Good question.

The NFL is a tight knit community. And social media is a major component of every team’s operation. So when it comes to each organization’s social media accounts, I would imagine the marketing wings of each team occasionally interact. I would also speculate that their #1 question goes something like this. “Is your social media handled ‘in-house’ or is it ‘farmed out’ to a third party company?” And if so, do you use the same 3rd party company for every major account (facebook, twitter, instagram)?

Now as luck would have it, this 3rd party company actually exists. Its name is Khoros and it’s based out of Austin, TX. Now call me crazy, but if I had to make an educated guess as to the location of the breach, common sense would suggest that Khoros is at the “core” of the matter.

Take the Dallas Cowboys for instance. All three of their social media channels were compromised. Facebook, Twitter and Instagram. And all three of them are managed by Khoros. But that’s just one big coincidence, right? Me thinks they probably use the exact same usernames and passwords for all three accounts. Call it a hunch. Hey, the Cowboys might be America’s favorite team. They might be America’s wealthiest team. But they’re probably not America’s smartest team.

And just for the record, this isn’t the first time the NFL’s official twitter account has been hacked. Just a few years ago, a tweet was sent out proclaiming that its commissioner, Roger Goodell, was… well uh, to put it mildly, uh… dead.

Of course, the NFL, Twitter and Khoros all issued statements from unnamed spokespersons, speaking on conditions of anonymity. Peculiar how all these high-paid NFL attorneys never seem to weigh in. Anyway, these anonymous characters were quick to denounce any allegations of wrongdoing or malfeasance. Next, the public was assured that all three companies will be launching “immediate investigations.”

But that’s always where it ends. Oddly enough, there’s never anything in the way of follow up. All of these probing, sweeping investigations just never seem to reach the light of day. Three companies + fifteen NFL teams = 18 separate investigations.

Taking all of this into consideration, I suspect that one of these days, something could go incredibly wrong. So here’s a question I would pose. What if this broad based hacking incident didn’t occur on Sunday, January 27? What if it occurred DURING the Super Bowl on the following Sunday, February 2? And what if it wasn’t so “friendly?” What do I mean by that? Well, use your imagination. If you’re incapable of thinking outside the box or the established parameters of honesty and decency, well, check the agsaf website. Maybe you’ll get the hint. Then again, considering the alarming lack of intellectual curiosity when it comes to the hypothetical real-time, real-world consequences presented by social media hacking… maybe not.

So what am I referring to? What are my concerns? Well, they’re pretty straightforward. We all know that it’s illegal to shout “fire” in a crowded theater. But has anyone, other than myself of course, considered the wireless/cellular prospect of texting “bomb” in a crowded stadium. I think it’s a fair question. A generic question. An extremely obvious question. But it’s also a challenging question. Why? Because it involves some really ugly, undiscussable subject matter. Specifically, the deliberate hoax weaponization of a human stampede. The potential indiscriminate slaughter and maiming of innocent civilians without conventional weapons. Get the picture? It’s also a question, that to the best of my knowledge, has never been asked. Well, except by yours truly of course.

So here’s what I’m saying. On Super Bowl Sunday, there will be a veritable plethora of reporters asking questions. Maybe, just maybe, it would be a good idea if someone from the sports media asks a different kind of question. You know, before something bad happens, or at the very least, is attempted. Do I really need to spell it out?

Then again, who am I kidding? If you honestly believe an inquiry of this nature will be posed by the press… well, you probably just took a massive hit from a super bowl.