The spy tool that the US government ordered Yahoo to install on its systems last year at the behest of the NSA or the FBI was a “poorly designed” and “buggy” piece of malware, according to a recent news report by Motherboard.
Earlier last week, Reuter reported that the US government served Yahoo with a secret order, asking the company to search within its users’ emails for some targeted information in 2015.
While it’s unclear what was the information that the US government was looking for, The New York Times cited an anonymous official source saying that the government was in search for a specific digital “signature” of a “communications method used by a state-sponsored, foreign terrorist organization.”
Anonymous sources reported that the tool was “nothing more than a modified version of Yahoo’s existing scanning system”, which searches all email for malware, spam and images of child pornography.
It now turns out that such email scanner was actually more like a “rootkit,” a powerful type of malware that lives deep inside an infected system and gives hackers essentially unfettered access.
“They assumed it was a rootkit installed by hackers,” an ex-Yahoo employee, told Motherboard. “If it was just a slight modification to the spam and child pornography filters, the security team wouldn’t have noticed and freaked out.”
“It definitely contained something that did not look like anything Yahoo mail would have installed. This backdoor was installed in a way that endangered all of Yahoo users.” The rootkit-like tool was found by Yahoo’s internal security testing team during one of their checkups. What was found in the checkups was an “extremely well kept” secret.
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed and often masks its existence or the existence of other software.