Garden-Variety Cybercrooks Breached Yahoo, Says Security Firm

...

The hackers who stole the data of hundreds of millions of Yahoo users two years ago were two cybercriminal gangs, InfoArmor reported Wednesday.

That finding contradicts the notion that state-sponsored actors were behind the attack, which Yahoo suggested earlier this month when it disclosed the breach.

Further, the number of users' records stolen is closer to 1 billion than to the 500 million Yahoo acknowledged, according to InfoArmor.

However, much of the data is useless, the firm said.

Someone with the handle "Peace_of_Mind" had offered data on 200 million Yahoo users for sale on the black market, but "the data previously published by Peace_of_Mind is fake," said Andrew Komarov, chief intelligence officer at InfoArmor.

"This has been confirmed by us and Yahoo," he told the E-Commerce Times.

The confusion around Peace-of-Mind's offering came about because some of the decrypted passwords offered were legitimate, Komarov explained.

After extensive analysis and cross-referencing against its own data breach intelligence systems, InfoArmor determined the dump was based on multiple third-party data leaks unrelated to Yahoo.

InfoArmor found the real data dump earlier this month and validated it, but this "is a new and different dataset that was distributed through closed sources," Komarov said.

All the data in the new dump received earlier this month is validated and legitimate, he added, although it "also includes disabled accounts and bots."

Two criminal gangs, Hell Forum and Group E, were involved in the Yahoo breach, InfoArmor found. The two gangs are linked through a proxy with tessa88, a middleman reselling data stolen from LinkedIn and other companies.

The hackers took data from about 1 billion Yahoo users, based on InfoArmor's analysis of several high-profile breaches of files containing Yahoo and other accounts, Komarov said.

"Group E was responsible for the attack ... and sold the stolen data for about (US)$300,000," Komarov disclosed. "Hell Forum is an underground forum."

One of Hell Forum's members, ROR[RG], previously hacked Ashley Madison, AdultFriendFinder and the Turkish National Police database, according to InfoArmor.

There are more than 100 different parts to the data Group E had, and the files are organized alphabetically by the names of user accounts, InfoArmor noted. Group E obtained the whole database at once and parsed it to proxies.

"We were able to obtain a sample of the database," Komarov said, but he declined to provide further details "so as not to jeopardize this and other investigations."

One of the buyers of the Yahoo data was an Eastern European state-sponsored group, he revealed. Two others were spammer groups.

InfoArmor is certain the data was stolen before December 2014.

However, the hack still poses some risk to consumers, the firm warned, because many people reuse passwords for multiple accounts.

Far from being a hacker, Peace_of_Mind is really a middleman who put up the fake Yahoo data for sale on the underground marketplace The Real Deal.

Peace_of_Mind is currently on the outs with tessa88, who in turn has been banned from several underground forums because of the poor quality of the data provided, Komarov said.

"It seems like the relationship is strained at the moment. However, this doesn't mean they won't cooperate with one another in the future. These are cybercriminals."

It's likely Yahoo blamed state sponsored attackers because "it's nearly impossible to defend against a state-sponsored hack and it becomes a State Department or Defense Department issue and typically doesn't carry the stigma of negligence," suggested Rob Enderle, principal analyst at the Enderle Group.

"A criminal attack doesn't have these protections and you're assumed to have been part of the cause," he told the E-Commerce Times.

Yahoo top management, including CEO Marissa Mayer, refused to fund security initiatives, which may have led to the departure of security czar Alex Stamos, according to The New York Times.

The Yahoo case might trigger an SEC investigation, Enderle speculated, "and those typically don't end well."

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Categories
Guide
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    YouTube Testing Native Sharing, Threads of Videos and Conversations With Friends

    Rolling out to a very limited amount of users, YouTube is testing a messaging and sharing feature from directly within the YouTube app on Android.With this feature, called Native Sharing, users can share YouTube videos to other YouTube users, without the need of leaving the app itself.
  • 5300c769af79e

    Hidden Tips for Mastering iOS 10

    With the release of every new mobile operating system—especially Apple's iOS—there comes a slew of new features.Like iOS 9 and iOS 8 before it, iOS 10 is no exception.
  • 5300c769af79e

    Business Card Request Form

    Afghanistan Albania Algeria American Samoa Andorra Angola Antigua and Barbuda Argentina Armenia Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Brazil Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Colombia Comoros Congo, Democratic Republic of the Congo, Republic of the Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Faroe Islands Fiji Finland France French Polynesia Gabon Gambia Georgia Germany Ghana Greece Greenland Grenada Guam Guatemala Guinea Guinea-Bissau Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kosovo Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Mauritania Mauritius Mexico Micronesia Moldova Monaco Mongolia Montenegro Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Zealand Nicaragua Niger Nigeria Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Rwanda Saint Kitts and Nevis Saint Lucia Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Sudan, South Suriname Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands, British Virgin Islands, U.S.
  • 5300c769af79e

    App Annie buys Mobidia to combine app download and app usage analytics in 60 countries

    Today the company announced an acquisition that will combine those download and revenue numbers with actual app usage data.“We’re combining the two best technologies in the world,” App Annie CEO Bertrand Schmitt told me earlier this week.