This on Marissa Mayer – read this NYT article for why. The only good thing to come out of this mess is a huge public vindication for Alex Stamos.
The newly disclosed Yahoo hack — and revelations about stolen government employee information.
More than 150,000 U.S. government and military employees are
among the victims of Yahoo! Inc.’s newly disclosed data
breach, and their names, passwords, telephone numbers,
security questions, birth dates, and backup e-mail addresses
are now in the hands of cybercriminals. It’s a leak that could
allow foreign intelligence services to identify employees and
hack their personal and work accounts, posing a threat to
national security. These employees had given their official
government accounts to Yahoo in case they were ever locked out
of their e-mail.
In a statement in response to Wednesday’s hacking revelation, a Verizon spokesman said: “As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation. We will review the impact of this new development before reaching any final conclusions.”
Komarov found the database in August. As the chief intelligence officer for InfoArmor, a cybersecurity firm, it’s his job to prowl the internet’s darkest corners, infiltrate cybercrime rings and help law enforcement and his company’s clients track down stolen data. For the last three years, Komarov had been watching a prolific Eastern European hacker group when he saw them offering up a huge database for sale.
The group Komarov had been surveilling, which he calls Group E, was carefully keeping the sale off of public cybercrime forums. They said they had a database of logins for more than 500 million — perhaps up to 1 billion — Yahoo accounts for sale for $300,000.
Komarov watched the hacker group sell the database three times, and he was able to intercept the database during the sales. Two buyers were large spamming groups that are on the Spamhaus Register of Known Spam Operations, or ROKSO, list. The other had an unusual request before completing the purchase. The buyer gave the sellers a list of ten names of U.S. and foreign government officials and business executives, to verify their logins were part of the database. That led Komarov to speculate the buyer was a foreign intelligence agency.
Nearly two months later, Yahoo announced it was hacked — the first revelation of a breach. The company said that in 2014, data on more than 500 million accounts was taken, including users’ names, e-mail addresses, dates of birth, phone numbers, and security questions and answers. The haul also included passwords, the “vast majority” of which were protected with a powerful encryption method called bcrypt, which makes it very difficult to discern passwords, the company said.
Komarov studied Yahoo’s announcement with interest. The database he had was unlike what the company described: it had different, more minimal encryption and also included users’ backup e-mail addresses. He suspected the company may have been the victim of a second major hack. He alerted law enforcement in the U.S. and U.K. in late October, and about a week later, Yahoo disclosed in a regulatory filing that it was investigating a new claim of a hack. This breach was confirmed on Wednesday.
Komarov said the group selling the database he acquired are professional cybercriminals who sell mostly to spammers, leading him to conclude that a nation was not behind this crime. The hackers are Eastern European and Komarov said based on their communications he suspects they may have never met in person. They are prolific hackers, picking major e-mail providers and social media sites to target based on how much they can sell the logins for. Their operations have netted more than 3.5 billion records from companies including MySpace, Dropbox and VK.com, a popular Russian social networking site.
The leak makes government employees especially susceptible to attacks, said Frank Zou, founder of Sunnyvale, California-based startup HoloNet Security. “They’re easy targets,” he said.
Foreign spies will go down the list “one by one” trying to hack government employees, even if they’re low-level, Zou said. Hackers will look for any footholds into secure systems or sensitive files workers have sent to their personal accounts.
The Yahoo attack is different than other hacks, Komarov said, and poses danger to more than just government employees. “The Yahoo hack makes cyber espionage extremely efficient,” he said. “Personal information and contacts, e-mail messages, objects of interest, calendars and travel plans are key elements for intelligence-gathering in the right hands. The difference of Yahoo hack between any other hack is in that it may really destroy your privacy, and potentially have already destroyed it several years ago without your knowledge.”
They got access via phishing scams.
by Bob Lefsetz
Dopes are no match for nerds. And guns are no match for computers.
That’s right, 1’s and 0’s, computer networks revolutionized the music business and the wankers are still screaming… As for the politicians, they had no idea what happened to them.
Every day we get spam. Every day we get e-mails from our banks, our service providers, all kinds of entities that touch our lives…BUT WE KNOW NOT TO CLICK ON THEM!
Scary to think that those who want to run the world are clueless.
There’s a great divide in our culture akin to the one in the sixties. A generation gap. But this is one between those who know how to use computers, mobile phones, the internet, and those who don’t. Eventually we’ll get to the point where computers are secure, but we’re far from that point today. But baby boomers and Gen-X’ers think since they can touch the screen of their mobile phone they’re tech-savvy.
Ask an oldster how to use Snapchat. Even better, ask them if they have a Snapchat account. Or you can even ask them if they use Twitter, the world’s breaking news service. They don’t because they think it’s too complicated, they’re too busy trying to impress each other on Facebook, being left behind all the while online.
Shawn Fanning was public enemy number one. Until he was replaced by a bunch of forgotten personages and now musicians blame Daniel Ek, as if he single-handedly stole their lunch. No, that is not true, by trying to live in the past they got left behind. When you hear someone wax rhapsodic about physical formats, when they talk about record company advances and sales, you know they’re clueless. Kind of like the mainstream media trumpeting first week sales. It’s all about constant streams, everybody under thirty knows that, but the old farts need that number one for their bio, not knowing that identities are fluid in the twenty first century and it’s not what you’ve done in the past but what you are continuing to do now, keep playing, keep evolving. You bought that sports car and your friends bought Priuses, then Teslas, and soon they won’t own any cars at all.
But at least you can see automobiles. You can’t see what’s going on behind the screen. Not unless you want to, not unless you’re savvy. Not unless you know how to do your own tech support. Isn’t it amazing, there’s no help left. Unless you want to overpay Apple, but even they can’t answer every question. But frequently the answer is as simple as PLUG IT IN!
And I’m not saying a gun won’t kill you, but I am saying it won’t help you stand up to the government, the rationalization of these right wing blowhards. You’d be better off enlisting the fifteen year old with glasses. He or she can bring a corporation to its knees, turn off the power grid, all with the stroke of a few keys.
How could these politicians be so CLUELESS!
So busy puffing themselves up, they don’t live in the real world, they’ve got no idea what’s going on, they need to see themselves in the papers no one reads, it’s a club I tell you, meanwhile they’re missing out on real life all together.
I’d like to tell you the Russians were geniuses, educated sleuths who make your jaw drop. But the truth is they employed rudimentary techniques to crack the DNC and the rest of our government. Because the people manning those networks, using those networks, were so dumb and inexperienced they not only did not see what was happening, they essentially fed the enemy the information.
So, if you don’t know how to sync music for offline listening on Spotify…
You’re two steps behind.
Educate yourself. It’s your only hope to stay relevant.
Or you can bitch to your contemporaries as you’re wiped off the map.
Will this happen to the USA?
I certainly hope not.
But it could.
Because despite different parties, despite different viewpoints, the government is run by people who think they know but don’t.
Because something is happening here
And you don’t know what it is.
Do you, Mister Jones?
P.S. This is all laid out in this “New York Times” article
“The Perfect Weapon: How Russian Cyberpower Invaded the U.S.” http://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html
It’s long, and in truth you don’t have to read all of it, but give it a start, to see how rudimentary the Russians’ techniques were. Someone’s got to speak the truth, someone’s got to do the investigation, and I applaud the “Times” here, but that does not mean anyone will read it. Want to know what’s going on? Then turn off your TV and read. The problem isn’t fake news, but the fact that people aren’t reading any news at all. (If you’re still getting your news from television, you’re old, you’re out of the loop. News happens online, where even the papers live. The “Times” may be boosting bookstores, but the people reading paper are the same people who are coughing up passwords via phishing scams. Stop holding on to the past, being holier-than-thou, shoot me for my position, but I’m right. At least I’m telling you, the younger generation is just ignoring you.)
Reuters dropped a news story revealing that Yahoo installed a backdoor on their own infrastructure in 2015 in compliance with a secret order from either the FBI or the NSA.
Yahoo installed a backdoor for the NSA behind the back of the security team
US intelligence activities are actively harmful to American commercial interests because they destroy trust, particularly from customers elsewhere in the world.