'China and Russia lead list of Yahoo hack suspects – but some doubt theory' diff viewer (1/2)

This article is from the source 'guardian' and was first published or seen on September 23, 2016 12:30 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/technology/2016/sep/23/yahoo-hack-suspects-china-russia

The article has changed 4 times. There is an RSS feed of changes available.

Previous version 1 2 3 Next version

Previous version 1 2 3 Next version

Version 1	Version 2
China and Russia lead list of Yahoo hack suspects – but some doubt theory	China and Russia lead list of Yahoo hack suspects – but some doubt theory
2016-09-23 13:10:07 UTC	2016-09-23 16:05:17 UTC (about 3 hours later)
If Yahoo is to be believed in its assertion that a nation-state hacked into its network and made off with user data from 500m accounts, then there are a few obvious suspects, including China and Russia.	If Yahoo is to be believed in its assertion that a nation-state hacked into its network and made off with user data from 500m accounts, then there are a few obvious suspects, including China and Russia.
However, Yahoo has not provided any detailed information about the attack, leading some security experts to raise questions over its origin. Why would nation-states be interested in or motivated to hack Yahoo?	However, Yahoo has not provided any detailed information about the attack, leading some security experts to raise questions over its origin. Why would nation-states be interested in or motivated to hack Yahoo?
“It doesn’t fit the normal intent or objectives of nation-state attacks. It’s not really espionage, it’s not retaliation, sabotage or for financial gain,” said Constant Karagiannis, chief technology officer of Security Consulting at BT Americas.	“It doesn’t fit the normal intent or objectives of nation-state attacks. It’s not really espionage, it’s not retaliation, sabotage or for financial gain,” said Constant Karagiannis, chief technology officer of Security Consulting at BT Americas.
It’s less embarrassing for Yahoo to attribute an attack to a nation state, which typically have the most sophisticated hacking capabilities, than to attribute it to a cybercriminal group or individual – particularly as Yahoo is in the middle of being acquired by Verizon for $4.8bn.	It’s less embarrassing for Yahoo to attribute an attack to a nation state, which typically have the most sophisticated hacking capabilities, than to attribute it to a cybercriminal group or individual – particularly as Yahoo is in the middle of being acquired by Verizon for $4.8bn.
“Instead of 10-15 people in a basement working together you are talking about 10,000-15,000 cyber warriors working over the course of a few weeks,” he said.	“Instead of 10-15 people in a basement working together you are talking about 10,000-15,000 cyber warriors working over the course of a few weeks,” he said.
Another US-based academic security researcher, who did not wish to be named, said: “I don’t buy it at all. I absolutely reject out of hand that it was state sponsored.”	Another US-based academic security researcher, who did not wish to be named, said: “I don’t buy it at all. I absolutely reject out of hand that it was state sponsored.”
He did not think that Yahoo was being untruthful about the breach, but suspected that the investigation teams may have fallen victim to confirmation bias.	He did not think that Yahoo was being untruthful about the breach, but suspected that the investigation teams may have fallen victim to confirmation bias.
“They are thinking it must be a state sponsor and they look in their logs as they do forensics with this expectation. It’s very likely they saw something associated with other attacks linked to a state and connected the dots,” he said.	“They are thinking it must be a state sponsor and they look in their logs as they do forensics with this expectation. It’s very likely they saw something associated with other attacks linked to a state and connected the dots,” he said.
Dan Tentler, founder of Phobos Group, used to work with Bob Lord, Yahoo’s chief security officer, when he was at Twitter.	Dan Tentler, founder of Phobos Group, used to work with Bob Lord, Yahoo’s chief security officer, when he was at Twitter.
“In his defense he was handed a pre-compromised infrastructure,” Tentler said, referring to the fact that the Yahoo breach took place in 2014 and Bob Lord only joined Yahoo in October 2015. “But he was unable to detect attackers on the network he inherited.”	“In his defense he was handed a pre-compromised infrastructure,” Tentler said, referring to the fact that the Yahoo breach took place in 2014 and Bob Lord only joined Yahoo in October 2015. “But he was unable to detect attackers on the network he inherited.”
The Guardian understands ~~that~~ Yahoo only detected the breach after investigating an earlier alleged breach of 200m user account details. A hacker called Peace posted the data, claiming it was from Yahoo user accounts, ~~onto~~ a dark web marketplace, the Real Deal.	The Guardian understands Yahoo only detected the breach after investigating an earlier alleged breach of 200m user account details. A hacker called Peace posted the data, claiming it was from Yahoo user accounts, on to a dark web marketplace, the Real Deal.
While investigating this alleged hack, Yahoo discovered the much bigger breach announced on Thursday. The Guardian has learned ~~that~~ Yahoo has consulted “highly respected” forensic friends to deduce that this was a state-sponsored attack.	While investigating this alleged hack, Yahoo discovered the much bigger breach announced on Thursday. The Guardian has learned Yahoo has consulted “highly respected” forensic friends to deduce that this was a state-sponsored attack.
Not everyone is so ~~sceptical~~ about the attribution. Jeremiah Grossman, the chief of security strategy at SentinelOne, said: “There are certainly questions to be answered around Yahoo’s claim that this was a state-sponsored hacker – and they’ve provided no evidence to back up their statement.	Not everyone is so skeptical about the attribution. Jeremiah Grossman, the chief of security strategy at SentinelOne, said: “There are certainly questions to be answered around Yahoo’s claim that this was a state-sponsored hacker – and they’ve provided no evidence to back up their statement.
“That said, I’m very familiar with those who work on Yahoo’s security team, who are very competent and experience. As such, I’m inclined to give them the benefit of the doubt.”	“That said, I’m very familiar with those who work on Yahoo’s security team, who are very competent and experience. As such, I’m inclined to give them the benefit of the doubt.”
He cites Chinese state-sponsored attacks on Google in 2010, dubbed Operation Aurora, as an example of nation states targeting technology companies for data.	He cites Chinese state-sponsored attacks on Google in 2010, dubbed Operation Aurora, as an example of nation states targeting technology companies for data.
Senior research scientist Kenneth Geers from Comodo added: “Yahoo is a strategic player on the world wide web, which makes it a good – and valid – target for nation-state intelligence collection.”	Senior research scientist Kenneth Geers from Comodo added: “Yahoo is a strategic player on the world wide web, which makes it a good – and valid – target for nation-state intelligence collection.”
Yahoo declined to comment.	Yahoo declined to comment.