FBI: Russian Yahoo hack likely started with ‘spear phishing’

Spread the love

The hack that may have given two Russian spies and two hackers access to 500 million accounts at Internet service Yahoo started with “spear phishing” at an employee of the company. It was not about a top man or top woman, the FBI claims.

The employee had partial access to internal systems that in turn showed the hackers the way to hack into accounts, Ars Technica claims based on an interview with an FBI employee. The Yahoo employee allegedly fell for “spear phishing,” a method of phishing targeting a single person or company. By adapting the phishing method to someone, it is much more targeted and the chance of success is greater than with a regular phishing attack.

Using that method, or perhaps through social engineering, the suspects obtained the Yahoo employee’s username and password, according to the FBI. Then they found out that they could hack into accounts without knowing or changing the password. They were able to use a tool to generate cookies based on a cryptographic number that Yahoo generates after logging in. Anyone who has that cookie in the browser has access to the account. Yahoo previously confirmed that malicious parties had access to accounts via forged cookies.

According to the American intelligence service, the suspects gained access to more than 6,500 accounts through this method. These included accounts of American and Russian diplomats, Russian journalists and employees of American companies with sensitive information, the American justice claimed on Wednesday. In total, the suspects were able to access half a billion accounts.

The four suspects are three Russians and a hacker with passports from Kazakhstan and Canada. They are 43, 44, 29 and 22 years old. It is rare for a country to sue spies from another country for a hack. One of the four suspects has been arrested so far. The hack took place from January 2014 and affected approximately 500 million accounts. This hack is separate from the August 2013 hack, which allowed attackers to obtain data from more than a billion accounts.

You might also like
Exit mobile version