Cyber specialists doubt Yahoo claims that massive hack is state-sponsored
Yahoo said Thursday a massive attack on its network in 2014 allowed hackers to steal data from half a billion users. It also said the attack may have been "state-sponsored". The comments come after a report earlier this year quoted a security researcher saying some 200 million accounts may have been accessed and that hacked data was being offered for sale online.
This is probably the biggest hack ever, according to cyber security specialists contacted by RFI. But it is not a unique case.
“It seems to happen on a regular basis,” says Graham Cluley, a cyber security specialist based in the UK.
“Many businesses do get hacked and information is stolen. What's different in this particular case is just the scale of the hacks. 500 million user records, half of a billion. We have never seen a hack as big in terms of the number of records.
“But noticing a hack is not so obvious as when something from an art gallery is stolen,” he says. “There is not a gap on the wall where the Mona Lisa used to be. With data, it is just copied and you don't necessarily notice that it's been taken.
Meanwhile, security specialists place question marks with Yahoo’s claim that the hack may be state-sponsored.
“The one thing about the internet, and the hacking phenomenon is to establish who actually did the hack,” says David Livingstone, a security specialist with Chatham House.
“Was this a single hacker wanting to demonstrate his skills in hacking a very large and hopefully fairly secure system, or a single hacker acting on behalf of some organized criminal gangs, or some hackers who are operating together because of individual skills, getting into a complex system, or people coming together and acting for example on behalf of a state?
“I am wondering why a nation state would actually want the details of email accounts. I found it difficult understand why Yahoo has come so definite that this is a nation state attack,” he says.
There is not a gap on the wall where the Mona Lisa used to be. With data, it is just copied and you don't necessarily notice that it's been taken.
But Yahoo may have its own reasons to blame a state for the information heist:
“It is very difficult to be certain that the attack is actually the part of a state, a foreign power hacking, rather than something else,” says Cluley. “The level of attribution is very difficult. And if I was a company, which had been hacked massively, like Yahoo has, it is certainly more attractive to take a message to the public saying: it was a foreign company which hacked us rather than group of 16 year olds.
“So I think it is easier thing to sell to the public. Because the public might think well, if it was a country which hacked them, fair enough, how could they possibly have stopped it. We know in the past that state-sponsored hacking by the likes of Chinese, Russians, and even Americans has taken place. The NSA for instance broke into servers of Google and Yahoo in the past,” he says.
While hacking private companies may be routine, so is cyber warfare on a state-to state level. One of the most notorious recent attacks was when computers of the Iranian nuclear program were attacked by the Stuxnet virus and research pointed at an attack sponsored by “state actors,” possibly Israel or the United States.
“Cyberspace is a complementary part of the domains of conflict,” says Livingstone. “So you have land, sea, airspace and now cyberspace and it has become an integral part of conflict in modern warfare.
"If you look at the events in Georgia, Ukraine as well, land confiscation carried out in concert with paralyzing attacks launched in concert with it. So you have to bring cyber very much into your strategic thinking when planning your responses in conflict in the modern times,” he adds.
Daily newsletterReceive essential international news every morningSubscribe