Cyber Incident Victim: OurMine
Date:
Jul 2016
Location:
United States of America
Summary
A hacker group known as OurMine conducted distributed denial-of-service (DDoS) attacks against a transparency-focused website, temporarily disabling its services. The attacks were retaliation against Anonymous, which had previously published personal information about OurMine members following an earlier compromise of the same target. OurMine claimed Anonymous continued harassing them, prompting renewed offensive actions. The group specifically targeted the website's infrastructure by overwhelming its servers with traffic, causing temporary outages before services were restored. This incident stemmed from an ongoing conflict between the two hacker collectives, with the victim organization caught in their dispute despite its role in exposing institutional misconduct.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On July 6, 2016, the hacker group OurMine executed a Distributed Denial of Service (DDoS) attack against Wikileaks, temporarily disabling its website. This marked the second time OurMine targeted Wikileaks, following an initial attack in late 2015 that also utilized DDoS tactics to overwhelm the site’s servers with artificial traffic. The 2016 attack was framed as retaliation against Anonymous, a rival hacker collective that had publicly opposed OurMine’s earlier actions. After the 2015 incident, Anonymous had demanded OurMine cease targeting Wikileaks and subsequently doxxed OurMine members by publishing personal information online, which OurMine disputed as inaccurate. OurMine claimed the July 2016 attack was motivated by ongoing harassment from an Anonymous-affiliated individual who had continued to antagonize the group over the intervening months. The group proactively notified technology news outlet The Next Web (TNW) about the attack, though Anonymous did not respond to TNW’s requests for comment.
The DDoS attack caused Wikileaks’ website to become temporarily inaccessible, disrupting public access to its resources. While the exact duration of the outage was not specified, the article confirmed the site resumed normal operations shortly after the incident. DDoS attacks inherently challenge mitigation efforts due to their reliance on flooding targets with traffic from multiple sources, though no technical details regarding Wikileaks’ defensive measures were disclosed. The incident highlighted tensions between competing hacker factions, with Wikileaks—a platform known for publishing classified documents to expose institutional misconduct—serving as an unintended casualty in the conflict. No additional collateral damage, data breaches, or secondary impacts beyond the temporary service disruption were reported in the source material.