Home
Internet
Internet News
Yahoo Hack Was Not State Sponsored, Claims Security Firm

Yahoo Hack Was Not State-Sponsored, Claims Security Firm

By Reuters | Updated: 29 September 2016 10:07 IST

Highlights

InfoArmor challenged Yahoo's position of a nation-state actor behind hack
Attribution for cyber attacks is widely considered difficult
Yahoo said last week that it only recently discovered the intrusion

A cyber security company on Wednesday asserted that the hack of 500 million account credentials from Yahoo was the work of an Eastern European criminal gang, adding another layer of intrigue to a murky investigation into the unprecedented data heist.

Arizona-based InfoArmor issued a report whose conclusion challenged Yahoo's position that a nation-state actor orchestrated the heist, disclosed last week by the internet company. InfoArmor, which provides companies with protection against employee identify theft, said the hacked trove of user data was later sold to at least three clients, including one state-sponsored group.

Reuters was unable to verify the report's findings. Yahoo declined comment. The Federal Bureau of Investigation, which is investigating the hack, did not return a call seeking comment.

(Also see: Yahoo Hack: Ripple Effects Could Extend Well Beyond)

A US government source familiar with the Yahoo investigation said there was no hard evidence yet on whether the hack was state-sponsored. Attribution for cyber attacks is widely considered difficult in both the intelligence and research communities.

The task is made especially challenging by the fact that criminal hackers sometimes provide information to government intelligence agencies or offer their services for hire, making it hard to know who the ultimate mastermind of a hack might be.

Yahoo said last week that it only recently discovered the intrusion, which it blamed on a state-sponsored actor without providing technical evidence. Nation-state hackers are widely viewed as possessing more advanced capabilities than criminal groups, a perception that could benefit Yahoo as it works to minimize fallout from the breach and complete its sale to Verizon.

InfoArmor concluded the Yahoo hackers were criminal after reviewing a small sample of compromised accounts, Andrew Komarov, the firm's chief intelligence officer, said in an interview.

(Also see: Yahoo Hack Raises 'Serious Questions' From EU Privacy Watchdogs)

The hackers, dubbed Group E, have a track record of selling stolen personal data on the dark web, and have been previously linked to breaches at LinkedIn, Tumblr and MySpace, Komarov said.

"They have never been hired by anyone to hack Yahoo," Komarov, who is from Russia, said. "They were simply looking for well known sites that had many users."

In an illustration of the confusion about who carried out the hack and why, an NBC News report Wednesday interpreted Komarov's findings as pointing to the Russian government as the ultimate perpetrator.

A Wall Street Journal report, which said that InfoArmor was able to crack encrypted passwords for some Yahoo accounts provided by the newspaper, came to the opposite conclusion.

(Also see: Yahoo Hack: What You Should Do if You Have an Account)

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.