Yahoo’s claim that it is the victim of a gigantic state-sponsored hack raises the question of whether it is the latest target for hackers with the backing of Russia, China or even North Korea, experts say.
The US internet giant was under pressure on Friday to explain how it sustained such a massive breach in 2014, which possibly affected 500 million accounts.
Yahoo said the stolen information may have included email addresses and scrambled passwords, along with both encrypted or unencrypted security questions and answers that could help gain access to victims’ other online accounts.
Sometimes the link between the target of a hack and a particular state may suggest itself easily.
One of the highest-profile hacks came when North Korea is thought to have targeted entertainment titan Sony in 2014, apparently in revenge for producing the comedy film “The Interview” about a CIA plot to assassinate leader Kim Jong-Un.
More recently, a mysterious group calling itself Fancy Bears hacked the medical records of athletes held by the World Anti-Doping Agency (WADA). It is still dripping the information out.
Many experts believe that cyberattack was carried out by Russia after its track and field athletes were banned from the Olympics and its entire Paralympics team turfed out of their Games over evidence of state-sponsored doping.
While motivation for those cyberattacks seems clear, it might initially appear less obvious why countries such as Russia, North Korea or even China would target a company like Yahoo.
Chinese hackers have been accused of plundering industrial and corporate secrets and of orchestrating a breach of US government files on its employees that affected more than 21 million people and reportedly led to the hasty withdrawal of US intelligence operatives from China to protect their lives.
But political motives can be as strong as commercial ones, analysts note.
“Would, for example, Russian intelligence wish to conduct a large-scale hack on a major internet company like Yahoo? Absolutely they would,” Shashank Joshi, senior research fellow at the London-based Royal United Services Institute, told AFP.
“It is an incredibly valuable commodity. The ability to access email addresses for US persons, perhaps a Russian dissident -- any intelligence agency worth its salt would want that sort of data, although it is very hard to use because of the encrypted passwords,” he said.
Julien Nocetti, of the French Institute of International Relations (IFRI), said the hack was too big for an independent group to carry out.
“Given the scale of the revelations about Yahoo, it indicates that a lot of resources, technical equipment and coordination were required -- this definitely comes from a state,” he said.
Given the tensions between Russia and the United States over the Syrian war “you could put forward the theory that this could be a Russian attempt to test the Americans’ cyber defences”, he said.
Finding the source
Yahoo has so far given no evidence to support its claim that it has been targeted by a state.
RUSI’s Joshi said finding the source “is the most fundamental problem when it comes to cyber-attacks”.
“This completely bedevils even the most well-resourced people,” he said.
However, he believes Yahoo would only have pointed the finger at state involvement if it had some evidence.
“The way you identify responsibility for a hack is to look for signatures that correspond to earlier known facts and then see what you know about them,” he said.
For example, in case of the hacking of Democratic National Committee (DNC) emails this year which exposed bias within the party in favour of Hillary Clinton, cyber-security experts found evidence of a so-called Advanced Persistent Threat (APT).
“That is a code word for state hackers who were clearly operating in a system and matched up with earlier such hacks” carried out by Russia’s state and military intelligence agencies, Joshi said.
But in Russia, so often accused of state-sponsored hacking, one expert said it was naive to immediately blame a state and scoffed at the suggestion the hackers were sophisticated spies.
“Anyone could have hacked a database of users like Yahoo because it’s a classic commercial server,” said Oleg Demidov, a consultant at the Moscow-based independent think-tank PIR Center.
“At the moment, this looks like a traditional hack aimed at making money or carving out a reputation by selling a load of personal data,” he added.