Common criminals, instead of state-sponsored hackers, were responsible for the massive 2014 data breach that exposed information about millions of Yahoo user accounts, a security firm said on September 28, 2016.
According to a new report by the information-security firm InfoArmor Inc which claims to have obtained some of the stolen information, Yahoo has blamed state actors for the attack, but it was actually elite hackers-for-hire who did it.
Yahoo said last week the attacker was a “state-sponsored actor,” and the stolen information from at least 500 million users may have included names, email addresses, phone numbers, and, in some cases, un-encrypted security questions and answers.
“In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks,” wrote Yahoo chief information security officer Bob Lord at the time. He added that the company only sends out these notifications “when we have a high degree of confidence.”
It turns out that shifting the blame to a high-profile breach on state-sponsored hackers might also be a convenient excuse to reduce culpability.
“If I want to cover my rear end and make it seem like I have plausible deniability, I would say ‘nation-state actor’ in a heartbeat,” said Chase Cunningham, director of cyber operations at security provider A10 Networks.
“Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations,” Scottsdale, Arizona-based InfoArmor said in the report. “The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur.”
InfoArmor calls the hackers “Group E,” have sold the entire Yahoo database at least three times, including one sale to a state-sponsored actor. But the hackers are engaged in a moneymaking enterprise and have “a significant criminal track record,” selling data to other criminals for spam or to affiliate marketers who aren’t acting on behalf of any government, said Andrew Komarov, chief intelligence officer with InfoArmor.