From Boing Boing:
So, that huge hack of 500 million Yahoo user accounts last week that Yahoo blamed on a “state-sponsored actor”? A private internet security firm is calling bullshit on the “state-sponsored” part.
The hack of more than 500 million account credentials was the work of an Eastern European criminal gang, claims InfoArmor.
The Arizona-based firm released a report Wednesday challenging Yahoo’s claims that a nation-state actor was behind the data heist.
InfoArmor, which provides companies with protection against employee identify theft, said the hacked trove of user data was later sold to at least three clients, including one state-sponsored group.
Reuters was unable to verify the report’s findings. Yahoo declined comment. The Federal Bureau of Investigation, which is investigating the hack, did not return a call seeking comment.
A U.S. government source familiar with the Yahoo investigation said there was no hard evidence yet on whether the hack was state-sponsored. Attribution for cyber attacks is widely considered difficult in both the intelligence and research communities.
The task is made especially challenging by the fact that criminal hackers sometimes provide information to government intelligence agencies or offer their services for hire, making it hard to know who the ultimate mastermind of a hack might be.
After examining a small sample of the compromised accounts, InfoArmor decided the hackers known as “Group E” were criminals rather than spies. Andrew Komarov, the firm’s chief intelligence officer, said in an interview Wednesday that “Group E” has a history of offering stolen user data for sale on the so-called “dark web.” Reuters reports that they’re linked to earlier hacks of LinkedIn, Tumblr and MySpace.
“They have never been hired by anyone to hack Yahoo,” Komarov added. “They were simply looking for well known sites that had many users.”
The details of Komarov’s report methodology are interesting reading. …