We’re all familiar with the massive data leaks that Yahoo suffered last year. But until recently, we had very little in the way of clues as to who was behind the attacks which started at the beginning of 2014. As more evidence comes to light, it’s becoming increasingly apparent that this is not your run-of-the-mill cybercrime. According to a recent indictment by the US Department of Justice, the folks behind that attack appear to be agents of the Russian Federal Security Service.
The theft of 500 million Yahoo accounts three years ago was allegedly used as a way for the Russian government to access information on a series of targets ranging from the White House itself to cloud computing companies. Military officials, executives of financial companies, and even an airline company were also among the targeted.
In the name of espionage, this attack gave hackers the means of stealing data such as names, email addresses, and credentials. According to information provided by Yahoo in their announcement of the breach, the culprits would not have been able to access data of a more confidential nature, such as sensitive financial information.
In a somewhat ironic turn of events, the information provided by the Justice Department indictment appears to indicate that the stolen data was also used to spy on Russian government officials.
The Yahoo Attack: A Breach to Go Down in History
While this would not be the first time that Russian cybercriminals have been accused of data theft, it is in fact the first time that charges have been filed against officials operating in the shadow of Vladimir Putin. Although the agency is supposed to help agencies of other countries track down Russian cybercriminals, in this case two of its own operatives allegedly collaborated to conceal the robbery from their superiors.
“The involvement and direction of F.S.B. officers with law enforcement responsibilities makes this conduct that much more egregious,” said acting assistant US Attorney General Mary B. McCord.
Although the Russian administration has not given an official response to the US indictment, the country’s press has called into question the US Department of Justice’s movement.
In any case, and regardless of who is responsible for these or other breaches, massive data leaks at services such as Yahoo highlight the need to use secure credentials and a protection that is suited to the needs of your company to prevent the theft of confidential information, or even considerable sums of money, in the event of a cyberattack.