Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Yahoo Hack Shows Data’s Use for Information Warfare

The 2013 hack affecting a billion Yahoo users shows how seemingly innocuous bits of data gleaned from cyber attacks can be exploited for espionage and information warfare, as well as for profit.

The 2013 hack affecting a billion Yahoo users shows how seemingly innocuous bits of data gleaned from cyber attacks can be exploited for espionage and information warfare, as well as for profit.

The breach, disclosed Wednesday, is the largest on record and comes just months after Yahoo disclosed a separate attack in 2014 affecting data from 500 million users.

On the surface, the trove of data is “a bunch of junk,” said John Dickson of the security consultancy Denim Group.

But the ability to create a searchable database with data tidbits such as birth dates and phone numbers makes it enormously valuable to hackers seeking to make a profit or engage in industrial or state espionage, he said.

“If you’re trying to research and get information about a target, you’re going to use everything you can find,” said Dickson, a former officer in the Air Force Information Warfare Center.

The Yahoo hack did not collect credit card or Social Security numbers, according to the company, leading some analysts to speculate that the goals were not financial.

“For someone using data as a weapon, this is of tremendous value,” said Steve Grobman, chief technical officer at Intel Security.

Information warfare?

James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a cybersecurity think tank, said that while details are still unknown, the attack could fuel disinformation campaigns by governments.

Scott noted that the data had not appeared for sale on Deep Web markets — that is, in murky corners of the web that cannot be reached by standard search engines.

“And since a significant number of victims (if any) have not reported identity theft resulting from the incident, there is a strong likelihood that the breach was not conducted for monetary gain,” Scott said.

“This could indicate that the breach was an espionage stage of an information warfare effort.”

The disclosure of the breach comes amid intense scrutiny of cybersecurity in the US election campaign and of the potential impact of hacked email accounts from people close to Democratic presidential candidate Hillary Clinton.

US officials have claimed Russia was behind the attack aimed at disrupting the election.

One of the hacks was a Gmail account of Clinton campaign chairman John Podesta. Media reports say he or an assistant was fooled by a fake email that prompted him to reveal his password.

Security analysts say such attacks are often preceded by lengthy data-gathering campaigns that might look for personal information such as a birth date or former school or university.

Signs of a state actor 

Yahoo said it was not clear who was behind the billion-user hack but that some evidence pointed to “the same state-sponsored actor” believed responsible for the previously disclosed cyber attack.

The security firm InfoArmor said in September that its analysis of the first breach indicated “professional” hackers stole the Yahoo data, and only later sold it to a state entity.

InfoArmor said at the time that the breach “opens the door to significant opportunities for cyber espionage and targeted attacks to occur.”

Grobman said some attackers may mix real data with manipulated information to distort facts, creating further confusion and mistrust.

“One of the things we are concerned about is that the public is conditioned to see leaked data as legitimate, and this data can be manipulated,” Grobman said.

Some analysts argue that the hackers’ goals may be more financial than political.

Security researcher Graham Cluley said certain bits of information such as phone numbers could be of value to criminals.

“If a hacker or scammer has your telephone number, they can ring you up and trick you into believing they are an organization you already have a relationship with, which means that you might be tempted to hand over more personal information,” Cluley said in a YouTube posting. –

‘A lot of money’

James Lewis, a senior fellow specializing in cybersecurity at the Center for Strategic and International Studies, said new analytics tools can sift through databases for political espionage purposes, but that it is not clear if Russia has those capabilities.

“If you’re a criminal, you would think you could monetize a billion accounts,” Lewis said. “Even if you got a penny or a dime for each, you would still be making a lot of money.”

The attacks also pose a threat to the future of Yahoo, the former internet star which has seen its fortunes decline and is in the process of selling its main assets to telecom group Verizon.

Dickson said that it’s likely that “Verizon is doing a double take” on the $4.8 billion deal.

“If this kills that deal, I think it will increase the focus on cybersecurity hygiene across the board,” he said.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack