Home
Internet
Internet News
Yahoo Hackers May Seek Intelligence, Not Riches

Yahoo Hackers May Seek Intelligence, Not Riches 2r2g6c

By Associated Press | Updated: 26 September 2016 16:23 IST

Highlights

Breach could be part of a strategy that's aimed at gathering intelligence
Governments known to hack email s to keep tabs on citizens
No evidence yet that Yahoo attack was state-sponsored

ment

If a foreign government is behind the massive computer attack that compromised a half billion s at Yahoo, as the company says, the breach could be part of a long-term strategy that's aimed at gathering intelligence rather than getting rich. 3t4eu

Yahoo says the breach involved s' email addresses, s and other information - including birthdates - but not payment card or bank numbers. Although the stolen data could still be used in financial crimes, such as identity theft, experts say a foreign intelligence agency might combine the Yahoo files with information from other sources to build extensive dossiers on US government or corporate officials in sensitive positions.

(Also see: Big Email Hack Doesn't Exactly Send the Message Yahoo Needed)

"With state-sponsored attacks, it's not just financial information that's of value," said Lance Hoffman, co-director of the Cyberspace Security and Privacy Institute at George Washington University. "In the long run, if the state accumulates a lot of information on you, and especially if it corroborates that with other sources, it can assemble a pretty good profile."

Governments have also been known to hack email s to keep tabs on their own citizens or dissidents. Experts believe that was one motive behind a 2010 hacking of Google Gmail s used by Chinese human rights activists.

Yahoo hasn't revealed the evidence that led it to blame a "state-sponsored actor" for the latest attack, which the Sunnyvale, California, company said occurred two years ago and was discovered only in recent weeks.

Some analysts warn that "state sponsored" can be a vague term. It might also be an easy excuse to deflect blame for a company's own security lapses, by suggesting it had no hope of defeating hackers who had all the resources of a government intelligence agency behind them, warned Gunter Ollmann, chief security officer at Vectra Networks, a San Jose, California, security firm.

(Also see: Yahoo Hack Raises 'Serious Questions' From EU Privacy Watchdogs)

Yahoo declined comment, but its top security official, Bob Lord, has said the company would make that claim only "when we have a high degree of confidence." In a policy statement last year, Lord also said the company wouldn't release details about why it believes attacks are state-sponsored because it doesn't want to risk disclosing its methods of investigating breaches.

This wouldn't be the first time that governments were implicated in high-profile hacking attacks.

US officials have hinted that China might be to blame for a hack of Democratic National Committee files, although Russia's government has also denied this.

Some security experts believe the OPM attack was carried out by the same hackers who also stole data files from large US insurance and health-care companies in 2014 and 2015. It may have been part of an effort to gather sensitive or compromising information to blackmail or coerce individuals working at a variety of federal agencies.

Hackers could also use such personal information to concoct bogus emails and send them to a person's Yahoo , in what might be a sophisticated "phishing" scheme aimed at getting the target to click on a link containing "spyware" or other malicious computer code.

"They'd have the ability to conduct targeted phishing attacks against individuals with potentially valuable information, without going through their government email s," said Tim Erlin, senior director of security and risk strategy at Tripwire, a cyber-security firm.

Similarly, governments might want to target executives at multi-national corporations, especially if they're competing with companies based in the country that sponsored the attacks. In such cases, intelligence officials might share useful commercial secrets with their home-grown industries, said Jeremiah Grossman, an official at SentinelOne, a Silicon Valley computer security firm. He noted that the 2010 attack on Google was blamed on Chinese hackers who also targeted US companies outside the tech industry.

(Also see: Yahoo Hack: What You Should Do if You Have an )

In any event, security experts warn that the Yahoo breach could still put ordinary s at risk, particularly if the hacked information finds its way to online marketplaces where stolen data are bought and sold. Many people use the same email address and for a variety of online services, where they might also have provided financial information such as credit card numbers. And hackers with access to a Yahoo email could try to reset s for other services, if a ed for those s with a Yahoo address.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.