Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday September 26 2016, @02:07AM   Printer-friendly
from the yahoo-user?-intelligence? dept.

If a foreign government is behind the massive computer attack that compromised a half billion user accounts at Yahoo, as the company says, the breach could be part of a long-term strategy that's aimed at gathering intelligence rather than getting rich.

Yahoo says the breach involved users' email addresses, passwords and other information—including birthdates—but not payment card or bank account numbers. Although the stolen data could still be used in financial crimes, such as identity theft, experts say a foreign intelligence agency might combine the Yahoo files with information from other sources to build extensive dossiers on U.S. government or corporate officials in sensitive positions.

"With state-sponsored attacks, it's not just financial information that's of value," said Lance Hoffman, co-director of the Cyberspace Security and Privacy Institute at George Washington University. "In the long run, if the state accumulates a lot of information on you, and especially if it corroborates that with other sources, it can assemble a pretty good profile."

Governments have also been known to hack email accounts to keep tabs on their own citizens or dissidents. Experts believe that was one motive behind a 2010 hacking of Google Gmail accounts used by Chinese human rights activists.

Yahoo hasn't revealed the evidence that led it to blame a "state-sponsored actor" for the latest attack, which the Sunnyvale, California, company said occurred two years ago and was discovered only in recent weeks.

Some analysts warn that "state sponsored" can be a vague term. It might also be an easy excuse to deflect blame for a company's own security lapses, by suggesting it had no hope of defeating hackers who had all the resources of a government intelligence agency behind them, warned Gunter Ollmann, chief security officer at Vectra Networks, a San Jose, California, security firm.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by PizzaRollPlinkett on Monday September 26 2016, @01:23PM

    by PizzaRollPlinkett (4512) on Monday September 26 2016, @01:23PM (#406628)

    A mysterious, unidentified "foreign government" sure is a convenient thing to blame for security problems, isn't it? You sound all "cyber" when you say it. People shudder in fear and jump at shadows. You never have to prove anything. Attention is diverted from your own lack of security. An unlimited number of "experts" selling their education or consulting services to the government will back you up with content-free quotes to the media as article filler, and people don't notice there's no actual substantiation of what you're saying. Basically, you can't lose.

    --
    (E-mail me if you want a pizza roll!)
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Monday September 26 2016, @04:48PM

    by Anonymous Coward on Monday September 26 2016, @04:48PM (#406693)

    Came here to say this. I think parent is right. It's the new "terrorism". We used to say APT (Advanced Persistent Threat), now we say "nation state".
    Shudder citizen, there are things you don't understand... You want the truth? You can't handle the truth... don't ask for the truth (for it is inconvenient to us)

  • (Score: 2) by Scruffy Beard 2 on Tuesday September 27 2016, @02:24AM

    by Scruffy Beard 2 (6030) on Tuesday September 27 2016, @02:24AM (#406816)

    We know it is not the US, because Yahoo! was one of the first providers to open their serverd to the NSA.