Yahoo hackers not state-sponsored, says security firm
29 September 2016 | 0
Common criminals, not state-sponsored hackers, carried out the massive 2014 data breach that exposed information about millions of Yahoo user accounts, a security firm said Wednesday.
Yahoo has blamed state actors for the attack, but it was actually elite hackers-for-hire who did it, according to InfoArmor, which claims to have some of the stolen information.
The independent security firm found the alleged data as part of its investigation into Group E, a team of five professional hackers believed to be from Eastern Europe.
“According to our information, most of the group’s clientele are spammers,” said Andrew Komarov, InfoArmor’s chief intelligence officer.
InfoArmor’s claims dispute Yahoo’s contention that a state-sponsored actor was behind the data breach, in which information from 500 million user accounts was stolen. Some security experts have been sceptical of Yahoo’s claim and wonder why the company isn’t offering more details.
The database that InfoArmor has contains only “millions” of accounts, but it includes the users’ login IDs, hashed passwords, mobile phone numbers and zip codes, Komarov said.
The security firm said it obtained the data from “operative sources” about a week ago and has verified that the account information is real. Komarov wouldn’t say more about how InfoArmor got the data.
Group E has sold the stolen Yahoo database in three private deals, Komarov said. At one point, the Yahoo database was sold for at least $300,000, he said. His firm has been monitoring the group’s activities for more than three years.
InfoArmor also claimed that Group E was behind high-profile breaches at LinkedIn, Dropbox and Tumblr. To sell that information, the team has used other hackers, such as Tessa88 and peace_of_mind, to offer the stolen goods on the digital black market.
“The group is really unique,” Komarov said. “They’re responsible for the largest hacks in history, in term of users affected.”
However, in the case of the Yahoo database, which was taken before Dec. 2014, Group E hasn’t made it generally available on the black market, according to Komarov. Group E wants to preserve the database’s value. Other hackers have claimed to offer it for sale, but they were actually selling fake information, he said.
Yahoo didn’t respond to a request for comment. The company hasn’t offered any evidence supporting its claim that state-sponsored hackers carried out the attack.
IDG News Service