By Robert McMillan and Deepa Seetharaman
The U.S. criminal charges over a major hack against Yahoo Inc.
shed light on an extraordinary spree of cyber skulduggery that
authorities say the alleged perpetrators engaged in after they
obtained access to user info for more than 500 million
accounts.
The indictment unveiled Wednesday, which targets two Russian
intelligence officers and two independent hackers, describes how
the group, once it penetrated Yahoo in 2014, effectively turned the
company's own internal systems against its users.
The hackers broke into accounts of officials and executives
around the world, stole information, and sent millions of spam
messages, according to federal prosecutors and Federal Bureau of
Investigation officials.` Notably, authorities said one of the men,
a hacker named Alexsey Belan, even manipulated the results for some
users' searches on Yahoo to send people to the website of an online
pharmacy that paid him for the traffic.
Mr. Belan and the two Russian agents are believed to be in
Russia. A fourth indicted man, Karim Baratov, taken into custody on
Tuesday in Canada, authorities said. None of the four could be
reached for comment Wednesday. A Russian official said Washington
hadn't consulted Moscow on the case, and suggested the allegations
were related to domestic politics in the U.S.
The indictment doesn't make clear how the hackers were able to
get into Yahoo's systems. Their attack, which Yahoo first disclosed
this past September, is one of two massive breaches at the internet
company. Wednesday's charges don't cover the second one, which
occurred in 2013 and affected more than one billion accounts. In
that earlier attack, the hackers sold a massive database of Yahoo
usernames and passwords, which were protected by weaker
cryptographic techniques than the 2014 data, according to the
security research firm InfoArmor, Inc.
With the 2014 attack, authorities laid out how, once the hackers
breached Yahoo, they used its own internal systems against it --
even employing Yahoo's software to erase their digital footprints
from Yahoo's network.
The attackers specifically targeted accounts of an eclectic
range of individuals -- from investigative reporters to U.S.
technology employees to Russian and U.S. government officials, the
FBI said. Among them: a Nevada gaming official, a consultant who
analyzed Russia's bid for World Trade Organization membership, and
14 employees of a Swiss financial firm specializing in bitcoin.
At the heart of the criminal-information enterprise was an
important Yahoo system called the User Database, U.S. authorities
said. It was a treasure trove of information, containing usernames,
alternative email accounts, phone numbers.
Yahoo had hidden its users' passwords with a cryptographic
technique called "hashing" that would have made them hard to
decrypt. But the hackers didn't need that information, the
indictment states. By stealing a set of unique, near-random numbers
attached to accounts from the Yahoo database, they were able to
create bogus versions of files called session cookies. These are
the files that Yahoo's servers check so that users don't have to
re-enter usernames and passwords every time they visit the site. In
the hackers' hands, this technology was used against those same
users, by tricking Yahoo's servers into thinking that the hackers
were legitimate users who had previously logged in.
The hackers also accessed the Yahoo's Account Management Tool,
which the company used to manage and edit the User Database.
Combining this with the database, the hackers could identify backup
email accounts users' had elsewhere -- effectively creating a road
map for the companies or organizations where Yahoo users might
work. That helped the hackers access the contents of more than
6,500 accounts, including those belonging to diplomats and
lawmakers, investigative reporters, U.S. technology employees and
U.S. government officials, the FBI said.
Separately, Mr. Belan used his virtual cookie-factory to access
more than 30 million Yahoo accounts to steal contact information
and send spam, the FBI said. He also searched through Yahoo
accounts for Google and Apple Inc. passwords, credit card
information and gift card data, searching for phrases such as
"amex," "Google," or "itunes...account," the FBI said.
Perhaps the most remarkable alleged feat was Mr. Belan's alleged
hijacking of Yahoo Search.
A person briefed on the matter said that Mr. Belan altered the
code on a small set of Yahoo's servers, allowing him to change the
results that appeared when users searched for prescription drugs
for erectile dysfunction,
Users were redirected to an online Canadian pharmacy when they
typed in one of three search phrases, according to the person, who
added that the results were altered for two weeks in November
2014.
The precise keywords couldn't be learned. It wasn't clear how
many times those keywords were searched or how prominent the links
were in the results. It is also unclear what layer of the search
server Mr. Belan targeted and if he was able to reach Yahoo's
underlying search algorithms.
One theory is that Mr. Belan attacked the so-called middleware,
or the software that takes the results of the search servers and
feeds them to the user, cybersecurity experts said. Mr. Belan may
have also been able to accomplish this by attacking the paid search
auction results and putting the fraudulent links at the top of the
list.
Write to Robert McMillan at Robert.Mcmillan@wsj.com and Deepa
Seetharaman at Deepa.Seetharaman@wsj.com
(END) Dow Jones Newswires
March 15, 2017 19:43 ET (23:43 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
Altaba (NASDAQ:AABA)
Historical Stock Chart
From Aug 2024 to Sep 2024
Altaba (NASDAQ:AABA)
Historical Stock Chart
From Sep 2023 to Sep 2024