Yahoo! Breach was state sponsored?
According to Yahoo…and only Yahoo.
Yahoo claims that it’s 500 million hacked credentials was state-sponsored, a story that they “claim” to have only just learned about last week.
Let’s be truthfully honest about Yahoo here. This is far, really, really far from breaking news.
Anyone who has ever had a Yahoo account knows or if you know of someone who has had a Yahoo account, you know that hacked accounts involving Yahoo have been happening for well over, 5 years.
Hacked Yahoo accounts are nothing and I mean nothing new to users.
In yet another blow to Yahoo however, Arizona-based InfoArmor found that the hacked user data was later sold to at least 3 clients, which included just 1 state-sponsored group. Which means that the hack was not state-sponsored and so, InfoArmor challenged Yahoo’s claim.
InfoArmor suspects that the hackers were an Eastern European criminal gang. According to InfoArmor, after viewing a small sample of the hacked accounts. They determined that the hack was in fact, criminal in nature and less likely to be state-sponsored.
It has been reported that a U.S. government source familiar with the Yahoo investigation said that there really is no hard evidence yet on whether the hack was state-sponsored as well.
The group was found to have been known to sell hacked user account information on the dark web and they were linked to hacks from Tumblr, MySpace and LinkedIn.
It’s important to realize that finding out who is behind cyber attacks is considered difficult by both the intelligence and research communities. Not to mention that trying to find out is pretty damn challenging once you weigh in the fact that criminal hackers sometimes do provide information to government intelligence agencies or offer their services for hire.
That tends to make it even more difficult to determine who is ultimately responsible for a hack.
The perception however, and this benefits Yahoo’s “claim” is that Nation-state hackers are are more often than not viewed as possessing more advanced capabilities than criminal groups. That perception however is completely fallacious.
It’s like something we tell ourselves and others just so we can easily explain the how that which we truly cannot. You just pin it on the most believed source. Like Russia for instance.
And, here’s where things get sticky.
Someone interpreted InfoArmor’s report as implicating the Russian Government as being behind the whole thing. That was NBC news, then a Wall Street Journal report stated that InfoArmor was able to crack encrypted passwords for some Yahoo accounts that were provided by the newspaper, and that report came to the complete opposite conclusion.
But if you ask users of Yahoo, they will tell you that the hacks have been going on for years with absolutely zero help from Yahoo. No attempt to stop them, block them and no warnings ever came from Yahoo about accounts having been hacked, users almost always found out from those that had received some spam email from the users email account.
My vote is with InfoArmor.
The reality is that hackers have been stealing the info for quite some time and they have been selling it on the dark web. I noticed that during past trips through the dark web, yahoo user accounts were always for sale and they have been for quite a bit of time.
Quite frankly, I am surprised anyone still uses Yahoo given that Yahoo has always been prone to hacks.
In the meantime, no one knows who exactly was behind the hacks and we may never know.
Cristal M Clark