The Yahoo Hackers Weren't State-Sponsored, Security Firm Says

itwbennett writes from a report via CSO Online: After Yahoo raised eyebrows in the security community with its claim that state-sponsored hackers were responsible for the history-making breach, security firm InfoArmor now says it has evidence to the contrary. InfoArmor claims to have acquired some of the stolen information as part of its investigation into "Group E," a team of five professional hackers-for-hire believed to be from Eastern Europe. The database that InfoArmor has contains only "millions" of accounts, but it includes the users' login IDs, hashed passwords, mobile phone numbers and zip codes, said Andrew Komarov, InfoArmor's chief intelligence officer. Earlier this week, Chase Cunningham, director of cyber operations at security provider A10 Networks, called Yahoo's claim of state-sponsored actors a convenient, if trumped up, excuse: "If I want to cover my rear end and make it seem like I have plausible deniability, I would say 'nation-state actor' in a heartbeat." "Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations," Scottsdale, Arizona-based InfoArmor said Wednesday in a report. "The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur."

Pretty Bold-Faced Lie

[speedplane]

If it's true that Yahoo had no evidence to suggest a state sponsored attack, then Marissa Meyers should issue an official apology. They are inserting themselves in geopolitics purely for their own financial gain. Sickening.

Re:Pretty Bold-Faced Lie

[freeze128]

When Yahoo announced that they suspected they were hacked by "state-sponsored actors", my first question was "Well, how do they know?".

They don't seem to know who did it, but they already know that the hackers were state sponsored? That seems really fishy.

Re:Pretty Bold-Faced Lie

While I think she is scummy enough to make such a claim with no evidence I would happily bet they were instructed to say that from the US government given current political situations.

Re:Pretty Bold-Faced Lie

[speedplane]

They don't seem to know who did it, but they already know that the hackers were state sponsored? That seems really fishy.

It definitely seemed fishy. But I gave them the benefit of the doubt simply because it is a very serious allegation, one that a sophisticated company would not throw around too quickly. There should be some form of punishment (monetary, public shaming) if it turns out to be baseless.

Re:Pretty Bold-Faced Lie

[Big+Hairy+Ian]

Marissa Meyers should issue an official apology.

Good luck with that she's probably already got a bullet point on her CV (Resume for those across the pond) about how she lied about that

Re:Pretty Bold-Faced Lie

[nehumanuscrede]

I don't think it's for financial gain. Rather an attempt to gain sympathy or to hide their incompetence.

In the mass mindset, even if you secured your networks but were attacked by a " State " actor, then somehow it isn't your fault :|

However, if / when it comes out that you just didn't bother to keep up to date with common security practices and all that personal data gets taken, then your company tends to look bad.

So, just about everyone and their brother is going to claim a " State Sponsored " attack in an attempt to shift the blame from their incompetence to an evil boogey man that no one can defend against.

See just about every high profile hack lately for examples of this.

Re:Pretty Bold-Faced Lie

When Yahoo announced that they suspected they were hacked by "state-sponsored actors", my first question was "Well, how do they know?".

Dammit, stop doing that. Stop asking how we know things. You are endangering religion, and I haven't had time to write my own Hubbard-like book yet. I want to own the next successful religion and I don't appreciate motherfuckers like you destroying the market before I get there.

Even my competitors will join me against you on this. You better fucking back off with your "how do we know things?" questions. Ask what we know, not how we learned it or how we support our assertions. What has infinite market possibilities, and retro-flexibility too. You have to admit it's better in nearly every way that matters.

Re:Pretty Bold-Faced Lie

It's bullshit. Just like the democrat hacks. There is no proof, but it sure makes for good sounding sound bytes.

sc: tiresome

Re:Pretty Bold-Faced Lie

[speedplane]

I don't think it's for financial gain. Rather an attempt to gain sympathy or to hide their incompetence.

It's a corporation. Everything they do is for financial gain.

hack

The cybersecurity part is REALLY hard.

Drumpf told me so.

Re:hack

America has the best cyber.

BritneySpears14: I slip out of my pants, just for you, cheetobenito.
cheetobenito: Oh yeah, aight. Aight, I put on my klan robe and grand wizard hat.
BritneySpears14: Oh, I like to play dress up.
cheetobenito: Me too baby.

...and this is why

clothing should be outlawed, then no one can hide anything.

No Bear code?

[AHuxley]

So no trace of the smart Bear, skilled Bear, deceptive Bear or deep network Bear code?
Give the contractors time, later some ip rage, code fragment or just a timezone will be found showing Bear related entry and vast undetected plain text data flows.
Is work day timezone data flows to some distant nation not proof? Their gov works 9 to 5 so any data moved within their timezone at that time is proof enough....
National ip range logs at anytime over the months? Just one national ip needs to be found?

Adobe Flashplayer direct downloads!

Adobe Flash's direct downloads page is now dead

##

For the longest time, you could download Adobe Flash for your web browser, for Windows and Linux, maybe OS X too I don't recall.

Now it's dead. This is fucking stupid on so many levels.

This was the page: https://www.adobe.com/products...

Now it's: https://www.adobe.com/products...

At least techspot.com offers the [full installs] Mac and Windows binaries in their Downloads section. I didn't see the Linux one there but maybe it is. But do you trust techspot's binaries?

http://www.techspot.com/downlo...

Re:Adobe Flashplayer direct downloads!

Uh... https://get.adobe.com/flashpla...

Re:Adobe Flashplayer direct downloads!

[ewhac]

On Linux: Add the non-free section to your Debian repository, then run:

apt-get install flashplugin-nonfree

Now you never have to visit Adobe's broken Web site again.

Re:Adobe Flashplayer direct downloads!

But you do have to check for updates manually, by running
dpkg-reconfigure flashplugin-nonfree
once in a while

Doesn't Matter Now

4 years ago our politicians were laughing at Mitt Romney for suggesting Russia was a geopolitical foe. But now that Trump and Putin exchanged a couple of throwaway texts, Russia is suddenly enemy #1 and responsible for everything. Go search through NBC News, you'll find DOZENS of articles on their "bromance" and now national security could be compromised if Trump gets elected. The scaremongering is insanely out of control.

Re:Doesn't Matter Now

[AHuxley]

Insiders, political active staff, cults, less skilled governments, friendly govs with their own national interests, ex staff, former staff, mil staff, contractors, groups offering corporate espionage will now know to litter any server with well understood code, enter at a set time and have a distant staging server with an expected nations ip range.
The US tech media publishes talking points about easy to find code fragments, time zone, logs, ip range in a nice media release and stops investigating...

Re: Doesn't Matter Now

We *need* that war you know. Now that we have the EU on board, looking to affirm their authority over the whole continent, expand their sphere of influence and in practical terms have cheap workforce at their disposal, we'll attack Russia and conquer. The US-EU bond will be cemented by blood as the Erasmus Generation will be sent to the battlefields to do their part (yes, we have professional armies but they won't suffice, we need numbers). All glory to our Leader, President Hillary Rodham Clinton! Hail!

Re: Doesn't Matter Now

I'm on board. But maybe we should attack your fat ass mommas diabetic swollen legs with anitibiotics.

How would they know?

[ron_ivi]

Considering dozens of Intel agencies buy from black-hat groups ---- and they're good at buying stuff under pseudonyms ---- how would anyone know if they were state sponsored or not?

Re:How would they know?

[bloodhawk]

The only way you would know is if the state sponsoring them actually came clean and told you. I would seriously doubt even the hackers themselves would know who they are working for.

Re:How would they know?

The states have more advanced tools at their disposal. Think Stuxnet vs. a basic remote access trojan.

Re:How would they know?

Considering dozens of Intel agencies buy from black-hat groups ---- and they're good at buying stuff under pseudonyms ---- how would anyone know if they were state sponsored or not?

So the question is really how much you think they care about getting caught versus the likelihood they themselves were hacked in order to make it look state sponsored. If the data is traced back to suspected state sponsored locations for instance: http://flashcritic.com/china-cyber-attacks-traced-to-guangdong/

Then there are two possibilities. The state sponsored hacking groups just don't care about getting caught after the fact. Or the state sponsored hacking groups just don't care about their own security and have gotten hacked by criminal gangs or other state actors and their systems are being used to spoof the attack(s).

Given the NSA itself was apparently hacked I wouldn't rule out either possibility, but I tend to go with the simpler answer that the state sponsored hackers don't care as much about covering their tracks inside their own country because they are working for the government. It takes additional time and effort to cover your tracks, so why bother if you don't really need to.

The criminal gang possibility is a bit more alarming, because you could have criminal gangs looking to pick a fight between two major countries for various reasons which run the range from merely trying to deflect blame for their crimes to actually trying to manipulate state to state relations for other political or financial reasons.

But if we ever trace an attack were there is major damage or loss of life then that might be considered an act of war versus espionage, which usually just strains government to government relationships.

Either way it would be much better for both sides to start playing nice and stop straining relations. Maybe they have already toned down the attacks and this is just two year old information, but the other possibility is that people are just getting fed up and it is coming out now.

At some point it is not just a computer game.

Re:How would they know?

I think it's funny how many "computer people" are simply unable to write the word "intell." You couldn't even lower-case it. And it's not even as though you don't know better; your fingers were simply unable to obey.

This is how I am going to take over the world. One day you'll mean to type something else but you really will have been manipulated into typing the commands of my meticulous choosing. "My missiles are going where?!" you'll scream, but it'll be too late! MUAHAHAAAAHAHAHA!

Re: How would they know?

My bob dole typing tutor

Only one group

Who says there is only one group. Quite possible multiple separate groups could have been in the network at the same time!

This is crazy

Why would any state sponsor a hack on Yahoo? What would they have to gain?

I mean Wichita may do something like, but they probably wouldn't. It's most likely Colorado, they have good Internet there. You need good Internet for a hack on Yahoo.

Re: This is crazy

[ytene]

Very simple. Suppose you have a job in the US government and a foreign state wants access to your government data. They can't achieve a direct assault, because government security is too strong. So they pick a weak target - a user. They figure many govt employees use yahoo ang may reuse passwords. So they crack yahoo, grab the password file and brute-force it. Now they can use that password to access you professional accounts. For all we know, this could have been the pre-cursor to the OPM hack.

State-Sponsored Attack == OMG Don't Blame Us

Of course. 'State-sponsored attacks' have been peddled by the media long enough as a huge doomsday thing that the corporate PR people have realized that everyone will give a pass to any poor company besieged by such a massive, unstoppable attacker. Couldn't have been helped, nosireee.

Of course state attackers *are* extremely powerful and dangerous -- but companies have already clued in that blaming them is a free pass from the public for shoddy security.

Convenient, Trumped-up Excuse

You mean like this?

TRUMP for PRISON 2016

Dog ate my homework?

[erp_consultant]

This "State Sponsored Hackers" thing is now the new "Dog ate my homework" lie. I guess it's better than, you know, telling the truth. But I suppose if she ever had to testify over it then it would be a bunch of take the 5th and "I don't recall".