Cascading Effect: One Attack Led to Another at Yahoo | NBC Bay Area

Cascading Effect: One Attack Led to Another at Yahoo

While Russian intelligence officials were interested only in a limited number of accounts, hackers used access to Yahoo's network for their own financial gain



    Getty Images, File

    Russian hackers working with Russian spies didn't crack Yahoo security all at once.

    Instead, according to an account offered by U.S. officials, they methodically made their way deeper into Yahoo's network over the space of months — maybe years. That allowed them to forge technological skeleton keys that would unlock many Yahoo accounts, steal personal information and then use that data to break into other email services used by their targets, U.S. officials said in announcing charges against four Russians.

    That Department of Justice indictment fills in some of the blanks surrounding a massive security breach that occurred in 2014, but Yahoo didn't reveal until six months ago. But it doesn't answer why it took Yahoo so long to grasp its seriousness or why it waited so long to tell its users — or Verizon, which is paying $4.5 billion for Yahoo operations now tainted by the biggest security lapses in internet history.

    Yahoo declined to comment beyond a statement thanking law enforcement for its efforts.

    13 Killed in Head-on Highway Collision in Texas

    [NATL] 13 Killed in Head-on Highway Collision in Texas

    A church bus and a pick-up truck collided head-on on a highway west of San Antonio, Texas, on Wednesday. Thirteen people have died.

    (Published 2 hours ago)

    It's also not clear whether the Russian hackers and spies involved in the Yahoo break-in were also involved in other recent hacking attacks, such as the leak of embarrassing emails from the Democratic National Committee during the 2016 election. U.S. intelligence agencies have previously said they believe that Russian hackers were involved in those breaches, too.


    "We are in a cyberwar and our government hasn't woken up and done anything about it," said security analyst Avivah Litan of Gartner Inc.

    Although the Yahoo attack compromised more than 500 million user accounts, the hackers appeared mainly interested in sifting through the email of Russian and U.S. government officials, Russian journalists and employees of financial firms and other businesses, according to the indictment.

    Samsung Unveils New Galaxy Smartphones

    [NATL] Samsung Unveils New Galaxy Smartphones

    Samsung unveiled its latest smartphones, the Galaxy 8 and 8+, at an event in New York City on Wednesday.  This is Samsung's first major phone release since issues with battery fires forced the company to recall all Note 7 smartphones.

    (Published Wednesday, March 29, 2017)

    When they weren't spying, the hackers also tried to make money on the side with petty scams. In one ruse detailed in the indictment, the hackers are accused of manipulating Yahoo's search results to drive traffic to a company selling erectile dysfunction drugs in exchange for commissions.

    The severity of that breach, the second worst in internet history, was most likely magnified by the fact that it took some two years for Yahoo to disclose the initial attack. Had Yahoo taken more aggressive steps — for instance, asking users to change their passwords, or even expiring the passwords and forcing users to enter new ones — it might have prevented some of the damage.


    Hackers got their initial access to Yahoo's network around early 2014, although it's not clear exactly how. By the end of the year, according to the indictment, they had made two valuable finds.

    The first was a backup copy of Yahoo's user database, current as of early November 2014. It contained a lot of information that could be used to reset passwords and gain entry to Yahoo accounts, such as phone numbers, answers to security questions and recovery email addresses used to reset forgotten passwords. The database also contained cryptographically scrambled data Yahoo normally uses to authorize users as they log in.

    The second was an internal tool for editing information in the user database.

    By December 2014, Yahoo executives and lawyers knew hackers tied to a foreign government had gained access to some of its users' personal information, but didn't dig deeper into the incident, according to a report released earlier this month by the company's board. Yahoo merely notified 26 users that they there information may have been taken and also consulted with law enforcement.


    Severe Thunderstorms in Texas

    [NATL] Severe Thunderstorms in Texas

    Severe thunderstorms struck northern and western Texas overnight, producing wind gusts up to 70 mph and penny-sized hail. A tornado was spotted by residents of Stamford. One person was injured and up to 15 homes were damaged. At mid-day, over 127,000 households were without power.

    (Published Wednesday, March 29, 2017)

    Hackers accessed user accounts by fooling Yahoo into thinking they had already signed in. Companies like Yahoo typically use bits of data called cookies to let you stay signed into an account via a web browser. This is how you keep Gmail, for instance, open even if you close your browser and restart it. Hackers used malware and information from the user database to manufacture fake cookies. To Yahoo, it then appeared that a hacker was the authorized user.

    That method worked so long as users didn't change their passwords after early November 2014. Hackers used this technique to target more than 6,500 user accounts.

    There was nothing particularly fancy about what the Russian hackers did, said Shuman Ghosemajumder, who used to fight fraud at Google and is now chief technology officer for Shape Security. But it still doesn't look as bad as it might have had the heist been engineered by a clever teenager or another digital burglar working without the backing of a foreign government, experts said.

    "The CIA can't even protect against some of these guys, so my sympathies are with Yahoo," Litan said. "I don't know how good Yahoo's security was, but it is really hard to detect these nation-state hackers."

    Prom Dress Guideline Fliers Slammed by Students for Sexism

    [NATL] 'Good Girl': Prom Dress Guideline Fliers Slammed by Students for Sexism

    Fliers posted at Stanton College Prep High sparked outrage from both female and male students in the Jacksonville, Florida, school. Students cited outdated "guidelines", as well as demeaning language, for the outcry.

    (Published Wednesday, March 29, 2017)

    Yahoo has already paid a steep price. Verizon extracted a $350 million discount on the initial purchase price for Yahoo's online services after initially demanding a $925 million reduction for the damage done. Yahoo still faces dozens of lawsuits.


    While Russian intelligence officials were interested only in a limited number of accounts, hackers used access to Yahoo's network for their own financial gain.

    Besides the erectile dysfunction scheme, the hackers also searched email accounts for credit card information and electronic gift cards. The hackers even combed through email accounts looking for gift cards a few week after Yahoo announced the breach.

    Pig Escapes Slaughterhouse Fate, Sells Original Paintings

    [NATL] Pig Escapes Slaughterhouse Fate, Sells Original Paintings

    A pig who escaped slaughter is now living out her life in a South African sanctuary and painting original works that have sold for up to $2,000.

    "She was really small when I rescued her," said Joanne Lefson, who manages the South African Farm Sanctuary, a haven for rescued farm animals where the pig now lives. "She's very smart and intelligent so I placed a few balls and some paintbrushes and things in her pen, and it wasn't long before I discovered that she really liked the bristles and the paintbrush...She just really took a knack for it."

    Funds from the art sales go towards the sanctuary.

    (Published Wednesday, March 29, 2017)

    Attackers also searched emails for contact information of friends and colleagues; such data enabled spam that appeared to originate from those friends and colleagues, making it more likely for the recipient to open the message.


    The 2014 breach was the second of two major breaches at Yahoo and involved at least 500 million user accounts. Yahoo later revealed that it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014. Wednesday's indictment didn't address the 2013 breach.