Hack­ers may seek in­tel, not riches

Daily Local News (West Chester, PA) - - BUSINESS - By Bran­don Bai­ley AP Tech­nol­ogy Writer

SAN FRAN­CISCO » If a for­eign gov­ern­ment is be­hind the mas­sive com­puter at­tack that com­pro­mised a half bil­lion user ac­counts at Ya­hoo, as the com­pany says, the breach could be part of a long-term strat­egy that’s aimed at gath­er­ing in­tel­li­gence rather than get­ting rich.

Ya­hoo says the breach in­volved users’ email ad­dresses, pass­words and other in­for­ma­tion — in­clud­ing birth­dates — but not pay­ment card or bank ac­count num­bers. Although the stolen data could still be used in fi­nan­cial crimes, such as iden­tity theft, ex­perts say a for­eign in­tel­li­gence agency might com­bine the Ya­hoo files with in­for­ma­tion from other sources to build ex­ten­sive dossiers on U.S. gov­ern­ment or cor­po­rate of­fi­cials in sen­si­tive po­si­tions.

“With state-spon­sored at­tacks,

it’s not just fi­nan­cial in­for­ma­tion that’s of value,” said Lance Hoff­man, co-di­rec­tor of the Cy­berspace Se­cu­rity and Pri­vacy In­sti­tute at Ge­orge Wash­ing­ton Uni­ver­sity. “In the long run, if the state ac­cu­mu­lates a lot of in­for­ma­tion on you, and es­pe­cially if it cor­rob­o­rates that with other sources, it can as­sem­ble a pretty good pro­file.”

Gov­ern­ments have also been known to hack email ac­counts to keep tabs on their own cit­i­zens or dis­si­dents. Ex­perts be­lieve that was one mo­tive be­hind a 2010 hack­ing of Google Gmail ac­counts used by Chi­nese hu­man rights ac­tivists.

Ya­hoo hasn’t re­vealed the ev­i­dence that led it to blame a “state-spon­sored ac­tor” for the lat­est at­tack, which the Sun­ny­vale, Cal­i­for­nia, com­pany said oc­curred two years ago and was dis­cov­ered only in re­cent


Some an­a­lysts warn that “state spon­sored” can be a vague term. It might also be an easy ex­cuse to de­flect blame for a com­pany’s own se­cu­rity lapses, by sug­gest­ing it had no hope of de­feat­ing hack­ers who had all the re­sources of a gov­ern­ment in­tel­li­gence agency be­hind them, warned Gunter Oll­mann, chief se­cu­rity of­fi­cer at Vec­tra Net­works, a San Jose, Cal­i­for­nia, se­cu­rity firm.

Ya­hoo de­clined com­ment, but its top se­cu­rity of­fi­cial, Bob Lord, has said the com­pany would make that claim only “when we have a high de­gree of con­fi­dence.” In a pol­icy state­ment last year, Lord also said the com­pany wouldn’t re­lease de­tails about why it be­lieves at­tacks are state-spon­sored be­cause it doesn’t want to risk dis­clos­ing its meth­ods of in­ves­ti­gat­ing breaches.

This wouldn’t be the first time that gov­ern­ments were

im­pli­cated in high-pro­file hack­ing at­tacks.

U.S. of­fi­cials have hinted that China might be to blame for a 2015 breach at the U.S. Of­fice of Per­son­nel Man­age­ment, in which back­ground files and even fin­ger­prints of mil­lions of fed­eral em­ploy­ees were stolen. China de­nied any of­fi­cial in­volve­ment. More re­cently, news re­ports say U.S. in­tel­li­gence of­fi­cials have blamed Rus­sian spies for the hack of Demo­cratic Na­tional Com­mit­tee files, although Rus­sia’s gov­ern­ment has also de­nied this.

Some se­cu­rity ex­perts be­lieve the OPM at­tack was car­ried out by the same hack­ers who also stole data files from large U.S. in­surance and health-care com­pa­nies in 2014 and 2015. It may have been part of an ef­fort to gather sen­si­tive or com­pro­mis­ing in­for­ma­tion to black­mail or co­erce in­di­vid­u­als work­ing at a va­ri­ety of fed­eral agen­cies.

Hack­ers could also use such per­sonal in­for­ma­tion to con­coct bo­gus emails and send them to a per­son’s Ya­hoo ac­count, in what might be a so­phis­ti­cated “phish­ing” scheme aimed at get­ting the tar­get to click on a link con­tain­ing “spy­ware” or other ma­li­cious com­puter code.

“They’d have the abil­ity to con­duct tar­geted phish­ing at­tacks against in­di­vid­u­als with po­ten­tially valu­able in­for­ma­tion, with­out go­ing through their gov­ern­ment email ac­counts,” said Tim Er­lin, se­nior di­rec­tor of se­cu­rity and risk strat­egy at Trip­wire, a cy­ber-se­cu­rity firm.

Sim­i­larly, gov­ern­ments might want to tar­get ex­ec­u­tives at multi-na­tional cor­po­ra­tions, es­pe­cially if they’re com­pet­ing with com­pa­nies based in the coun­try that spon­sored the at­tacks. In such cases, in­tel­li­gence of­fi­cials might share use­ful com­mer­cial

se­crets with their home­grown in­dus­tries, said Jeremiah Gross­man, an of­fi­cial at Sen­tinelOne, a Sil­i­con Val­ley com­puter se­cu­rity firm. He noted that the 2010 at­tack on Google was blamed on Chi­nese hack­ers who also tar­geted U.S. com­pa­nies out­side the tech in­dus­try.

In any event, se­cu­rity ex­perts warn that the Ya­hoo breach could still put or­di­nary users at risk, par­tic­u­larly if the hacked in­for­ma­tion finds its way to on­line mar­ket­places where stolen data are bought and sold. Many peo­ple use the same email ad­dress and pass­word for a va­ri­ety of on­line ser­vices, where they might also have pro­vided fi­nan­cial in­for­ma­tion such as credit card num­bers. And hack­ers with ac­cess to a Ya­hoo email ac­count could try to re­set pass­words for other ser­vices, if a user reg­is­tered for those ac­counts with a Ya­hoo ad­dress.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.