Revelation: How did Yahoo hack?

Let's talk about hack at Yahoo. In the digital world, it takes only one click to collapse or suffer irreparable damage large and small businesses.

Do you know that Yahoo was not the victim of a complicated attack by a ninja hacker, and that a simple spear-phishing attack was the only weapon used for the biggest data breach in history?

Yes, one of Yahoo's employees has been the victim of a simple phishing attack by clicking on a wrong link sent to it by the hackers. With this click they managed to gain access to the company's internal networks.

Phishing attacks are used to intercept user names and passwords. Spear-phishing is a targeted phishing form in which attackers target company employees who want to gain access to seize their credentials. yahoo

Usually the opening of a malicious attachment file is enough to lose a lot of personal data from the victim's computer. If this victim had now been stored on his computer and access credentials to the systems of the company he is working with, we have the phenomenon of Yahoo.

Mass interception of her data Yahoo was human error according to indictment of the FBI.

On Wednesday, the US government accused two Russian spies (Dmitry Dokuchaev and Igor Sushchin) and two hackers (Alexsey Belan and Karim Baratov) for hacking at Yahoo 2014. From this hack, nearly 500 million user accounts of the company leaked.

The indictment provides enough details about it hack of 2014, and FBI officials recently gave a fresh insight into how two Russian FSB officers hired two hackers to gain initial access to Yahoo at the beginning of 2014.

Let's see how the hack happened at Yahoo:

The attack began with a "Spear Phishing" e-mail sent to "semi-privileged" Yahoo employees rather than top executives at the beginning of 2014.

Although it is unclear how many Yahoo employees received the email, it only took a click on the malicious attachment or a link to get the attackers into Yahoo's internal networks.

Alexsey Belan, who is already on their list Most Wanted hackers of the FBI, began exploring the network and, according to the FBI, discovered two key elements:

  • Yahoo's User Database (UDB) (a database containing personal information for all Yahoo users).
  • And the Account Management Tool - a management tool used to edit the database.

Belan used the file transfer protocol (FTP) to download the Yahoo database, which contained names, phone numbers, security questions and answers, and worse, password recovery emails with a cryptic value, unique for each Yahoo account.

With account recovery messages and unique encryption rates, Belan and Baratov gained access to the accounts of some users who wanted the Russian spies Dokuchaev and Sushchin.

Once the accounts were discovered, the hackers used the stolen encryption values ​​called "nonces" to create fake access cookies to those user accounts, giving FSB agents access to their users' email accounts without the need for a password.

According to the FBI, these cookies created between 2015 and 2016 gave them access to "more than 6.500 Yahoo accounts."

Who wanted the Russian spies:

According to the indictment, besides foreign webmail providers, Russian spies gained access to Yahoo accounts belonging to:

An Assistant Deputy Assistant to the President of Russia.
An officer in the Russian Ministry of Interior.
An instructor working in the Russian Ministry of Sport.
Russian journalists.
Employees of states bordering on Russia.
US government officials.
An employee in a Bitcoin wallet in Switzerland.
A worker in a US airline.

FBI Special Agent John Bennett said in a press conference that Yahoo first approached the FBI in 2014 for the hack and that they were "great collaborators" during their investigation.

However, the company announced the hack two years after it December of 2016, informing hundreds of millions of customers to change their codes.

iGuRu.gr The Best Technology Site in Greecegns

every publication, directly to your inbox

Join the 2.107 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).