If Yahoo is to be believed in its assertion that a nation-state hacked into its network and made off with user data from 500m accounts, then there are a few obvious suspects, including China and Russia.
However, Yahoo has not provided any detailed information about the attack, leading some security experts to raise questions over its origin. Why would nation-states be interested in or motivated to hack Yahoo?
“It doesn’t fit the normal intent or objectives of nation-state attacks. It’s not really espionage, it’s not retaliation, sabotage or for financial gain,” said Constant Karagiannis, chief technology officer of Security Consulting at BT Americas.
It’s less embarrassing for Yahoo to attribute an attack to a nation state, which typically have the most sophisticated hacking capabilities, than to attribute it to a cybercriminal group or individual – particularly as Yahoo is in the middle of being acquired by Verizon for $4.8bn.
“Instead of 10-15 people in a basement working together you are talking about 10,000-15,000 cyber warriors working over the course of a few weeks,” he said.
Another US-based academic security researcher, who did not wish to be named, said: “I don’t buy it at all. I absolutely reject out of hand that it was state sponsored.”
He did not think that Yahoo was being untruthful about the breach, but suspected that the investigation teams may have fallen victim to confirmation bias.
Read more at The Guardian.