On Wednesday morning, the United States Justice Department announced the indictment of Russian agents responsible for the 2014 hack into Yahoo and the theft of at least 500 million Yahoo accounts.
According the Justice Department’s news release, the defendants include two officers of the Russian Federal Security Service (FSB), an intelligence and law enforcement agency of the Russian Federation, and two criminal hackers with whom they conspired to accomplish these intrusions.
We’ve known for some time that spies have targeted email accounts as a primary vector to collect information. Global communications, both personal and business, rely on email as often the first method of communication. This creates a detailed record that can be used for a variety of purposes.
Infiltration into email accounts allows spies to collect credentials that provide access to targeted systems. Monitoring government-agency systems informs policy decisions, collects information on defense and attack capability, and can provide an economic boost to foreign nations. Business systems have lost a fortune in intellectual property to foreign spies.
Compromising an email account can also lead to political and ideological attacks. Both the DNC and the Hillary Clinton Campaign were attacked by Russia. Instead of mining information from critical email accounts to inform Russian policy decisions, Russia used the information to embarrass and undermine the campaign.
One vector to access this information is to attack it at the source. Compromising major email account providers circumvents the email security that a user may deploy. I am not surprised that Russia may have set its sights on Yahoo. Theft of email communications has become a primary espionage goal.
This indictment will likely be met with recrimination and denial. Russia will likely use the same playbook that China used when the U.S. charged five Chinese military spies for cyber espionage against U.S. corporations and a labor organization in 2014. In that indictment, the U.S. alleged that China’s Shanghai-based cyber unit had attacked U.S. commercial businesses through cut-out hacker handles named “UglyGorilla” and “KandyGoo.”
One of the Chinese attacks compromised Westinghouse’s network and stole approximately 700,000 pages of emails, including those of its chief executive. China vehemently denounced the indictment and stated that the U.S. used “fabricated facts” and that it “grossly violates the basic norms governing international relations and jeopardizes China-U.S. cooperation.”
China’s fierce denial of the espionage relied on the inherent difficulty in cybersecurity to attribute any attack 100% to a particular foreign actor. The parallels between China’s cyber attacks and Russia’s recent attacks are striking. One can imagine that since Russia has followed China’s playbook thus far, they will walk to the next logical conclusion – that they never attacked Yahoo and that the US is using “fabricated facts.”
To learn how to defend your organization from non-malware attacks, join us at the upcoming webinar: “Beyond AV Webinar: Cb Defense in 20 Minutes.”