It was the biggest cyberattack ever reported, affecting more than 500 million individuals, but there is currently considerable debate as to who was responsible. Yahoo has announced that a state-sponsored attacker was behind the attack, yet many doubt this to be the case. Now independent security firm infoArmor claims that its research shows that state-sponsored hackers were not involved. Instead, it has been claimed the attack was conducted by criminal hackers.
InfoArmor has been investigating a team of professional hackers for over 3 years. The hackers are believed to come from Eastern Europe. The group of five individuals mostly sell hacked data to spammers and are not understood to be sponsored by any nation state. InfoArmor believes it is these hackers behind the attack.
During the course of InfoArmor’s investigations, a sample database containing millions of Yahoo accounts was obtained from the group. While not the entire hacked database, it did contain users accounts that have been verified as being genuine and from the 2014 Yahoo cyberattack. The data includes Yahoo logins, hashed passwords, zip codes, and mobile phone numbers.
InfoArmor obtained the data from the hack last week. It has been claimed that the hackers have been holding onto the data and is preserving the data’s value.
InfoArmor has found out from its “operative sources” that some of the Yahoo data have already been sold. One deal was reportedly worth $300,000. The elite group of hackers is reportedly behind the Yahoo attack, but also the attacks on LinkedIn, Tumblr, and Dropbox.
InfoArmor claims that while the hacker operating under the name Peace_of_Mind listed the data from these large-scale cyberattacks on Darknet marketplace TheRealDeal, the attacks were actually performed by the group that it is investigating. The data were only supplied to Peace_of_Mind – and some others – to sell on the black market.
Not everyone is convinced by Yahoo’s claims of a state-sponsored attack, but many are also skeptical of InfoArmor’s claims and whether the data have come from the same hack. Yahoo has reported that the stolen data includes hashed passwords, but says they were hashed using the bcrypt algorithm. The data obtained by InfoArmor has been encrypted using the M5 algorithm. It is possible they may have been stolen in separate attacks. InfoArmor may be convinced, but for the time being, the hackers behind the attack remains a mystery.