Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Russia? China? Who Hacked Yahoo, and Why?

Yahoo’s claim that it is the victim of a gigantic state-sponsored hack raises the question of whether it is the latest target for hackers with the backing of Russia, China or even North Korea, experts say.

Yahoo’s claim that it is the victim of a gigantic state-sponsored hack raises the question of whether it is the latest target for hackers with the backing of Russia, China or even North Korea, experts say.

The US internet giant was under pressure Friday to explain how it sustained such a massive breach in 2014, which possibly affected 500 million accounts.

Yahoo said the stolen information may have included email addresses and scrambled passwords, along with both encrypted or unencrypted security questions and answers that could help gain access to victims’ other online accounts.

Sometimes the link between the target of a hack and a particular state may suggest itself easily.

One of the highest-profile hacks came when North Korea is thought to have targeted entertainment titan Sony in 2014, apparently in revenge for producing the comedy film “The Interview” about a CIA plot to assassinate leader Kim Jong-Un.

More recently, a mysterious group calling itself Fancy Bears hacked the medical records of athletes held by the World Anti-Doping Agency (WADA). It is still dripping the information out.

Commercial motives

Many experts believe that cyberattack was carried out by Russia after its track and field athletes were banned from the Olympics and its entire Paralympics team turfed out of their Games over evidence of state-sponsored doping.

Advertisement. Scroll to continue reading.

While motivation for those cyberattacks seems clear, it might initially appear less obvious why countries such as Russia, North Korea or even China would target a company like Yahoo.

Chinese hackers have been accused of plundering industrial and corporate secrets and of orchestrating a breach of US government files on its employees that affected more than 21 million people and reportedly led to the hasty withdrawal of US intelligence operatives from China to protect their lives.

But political motives can be as strong as commercial ones, analysts note.

“Would, for example, Russian intelligence wish to conduct a large-scale hack on a major internet company like Yahoo? Absolutely they would,” Shashank Joshi, senior research fellow at the London-based Royal United Services Institute, told AFP.

“It is an incredibly valuable commodity. The ability to access email addresses for US persons, perhaps a Russian dissident — any intelligence agency worth its salt would want that sort of data, although it is very hard to use because of the encrypted passwords,” he said.

Julien Nocetti, of the French Institute of International Relations (IFRI), said the hack was too big for an independent group to carry out.

“Given the scale of the revelations about Yahoo, it indicates that a lot of resources, technical equipment and coordination were required — this definitely comes from a state,” he said.

Given the tensions between Russia and the United States over the Syrian war “you could put forward the theory that this could be a Russian attempt to test the Americans’ cyber defences”, he said.

– Finding the source –

Yahoo has so far given no evidence to support its claim that it has been targeted by a state. RUSI’s Joshi said finding the source “is the most fundamental problem when it comes to cyber-attacks”.

“This completely bedevils even the most well-resourced people,” he said.

However, he believes Yahoo would only have pointed the finger at state involvement if it had some evidence.

“The way you identify responsibility for a hack is to look for signatures that correspond to earlier known facts and then see what you know about them,” he said.

For example, in case of the hacking of Democratic National Committee (DNC) emails this year which exposed bias within the party in favour of Hillary Clinton, cyber-security experts found evidence of a so-called Advanced Persistent Threat (APT).

“That is a code word for state hackers who were clearly operating in a system and matched up with earlier such hacks” carried out by Russia’s state and military intelligence agencies, Joshi said.

But in Russia, so often accused of state-sponsored hacking, one expert said it was naive to immediately blame a state and scoffed at the suggestion the hackers were sophisticated spies.

“Anyone could have hacked a database of users like Yahoo because it’s a classic commercial server,” said Oleg Demidov, a consultant at the Moscow-based independent think-tank PIR Center.

“At the moment, this looks like a traditional hack aimed at making money or carving out a reputation by selling a load of personal data,” he added.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet