San Francisco: In disclosing that at least 500 million of its user accounts had been hacked, Yahoo blamed an unnamed “state-sponsored actor” for the intrusion. While Yahoo customers were caught by surprise, officials in Washington were not.
For more than a year, they had been getting warnings from threat researchers that hackers were targeting their personal Yahoo email. Even the accounts of their friends and family were in the cross hairs. These days, intelligence and security experts say, nearly anyone can be the target of government-sponsored hackers. By perusing the personal accounts of people with even the thinnest thread of a connection to power, hackers can unearth the occasional gold nugget, like the low-level Democratic operative whose private email correspondence, published online by hackers on Thursday, detailed the movements of vice president Joseph Biden Jr. and Hillary Clinton and what appears to be Michelle Obama’s passport.
This expanded hacking strategy presents a new challenge: While top-secret material is usually kept in more secure computer systems, it is hard – if not impossible – to predict what information people are exchanging in personal email accounts. And it is even harder to know if hacking into one person’s account can set off a cascading chain of events that could lead foreign spies to more useful information.
In 2014, Yahoo also investigated attacks by Russian hackers that targeted dozens of private Yahoo accounts, one person with knowledge of Yahoo’s investigation said, but it is not yet clear whether the same hackers were behind the larger hack.
“The Yahoo attack alone may not make sense, but when you combine the stolen data from Yahoo with other stolen data sets, it makes a lot more sense,” said Sean Kanuck, the former national intelligence officer for online security issues at the Office of the Director of National Intelligence.
Hackers working on behalf of governments can match stolen Yahoo account data with their own material or information available on the criminal underground and published on the website WikiLeaks for a variety of purposes, Kanuck and other intelligence officials say.
At this point, they’d have a lot to work with. In the two years since Yahoo believes the hackers first penetrated its network, state-sponsored hackers have stolen tens of millions of records from the insurance companies Anthem and Premera Blue Cross, including Social Security numbers, health records, birth dates, addresses, emails, passwords and employment information – basically, everything you’d need to know about a person.
Hackers amassed a vast collection of security clearance records, even fingerprints, in a yearlong hacking of the US Office of Personnel Management. They have breached law firms and accounting firms, and last year they even made off with flight records for millions of United Airlines passengers.
It may sound like a crazy collection of unrelated information. But it is not that difficult to make connections among seemingly random bits of information using data-sifting technology.
Just as a corporation may use big data to figure out what a consumer might buy based on their past purchases, a spy agency can use big data to make connections to useful intelligence. A Palo Alto, California, company named Palantir sells this technology to American intelligence agencies, allowing them, for example, to match travel records and personal data to identify possible terrorists. Intelligence officials say the Yahoo hack can be seen as just the latest step in an escalating nation-state digital warfare campaign. nyt news service