Cascading Effect: One Attack Led to Another at Yahoo | NBC New York

Cascading Effect: One Attack Led to Another at Yahoo

While Russian intelligence officials were interested only in a limited number of accounts, hackers used access to Yahoo's network for their own financial gain



    Getty Images, File

    Russian hackers working with Russian spies didn't crack Yahoo security all at once.

    Instead, according to an account offered by U.S. officials, they methodically made their way deeper into Yahoo's network over the space of months — maybe years. That allowed them to forge technological skeleton keys that would unlock many Yahoo accounts, steal personal information and then use that data to break into other email services used by their targets, U.S. officials said in announcing charges against four Russians.

    Lawmakers 'Tricked' Into Honoring Ku Klux Klansman

    [NATL] Tennessee Lawmakers 'Tricked' Into Honoring Ku Klux Klansman

    Lawmakers in Tennessee are crying foul after Republican Rep. Mike Sparks sneaked in a resolution to honor former Ku Klux Klansman Nathan Bedford Forrest with a bust under a different name. The resolution passed unanimously, 94-0, and the bust was installed at the state Capitol before lawmakers realized the mistake. 

    (Published Friday, April 28, 2017)

    That Department of Justice indictment fills in some of the blanks surrounding a massive security breach that occurred in 2014, but Yahoo didn't reveal until six months ago. But it doesn't answer why it took Yahoo so long to grasp its seriousness or why it waited so long to tell its users — or Verizon, which is paying $4.5 billion for Yahoo operations now tainted by the biggest security lapses in internet history.

    Yahoo declined to comment beyond a statement thanking law enforcement for its efforts.

    It's also not clear whether the Russian hackers and spies involved in the Yahoo break-in were also involved in other recent hacking attacks, such as the leak of embarrassing emails from the Democratic National Committee during the 2016 election. U.S. intelligence agencies have previously said they believe that Russian hackers were involved in those breaches, too.


    UC Davis Now Sells Plan B and Condoms From a Vending Machine

    [NATL] UC Davis Now Sells Plan B, Pregnancy Tests and Condoms From a Vending Machine

    Students at the University of California, Davis, can now purchase $30 Plan B emergency contraceptives, pregnancy tests, condoms and other personal care products from a vending machine. The idea came from UC Davis senior Parteek Singh, after a friend was unable to buy emergency contraceptives in time. 

    (Published Friday, April 28, 2017)

    "We are in a cyberwar and our government hasn't woken up and done anything about it," said security analyst Avivah Litan of Gartner Inc.

    Although the Yahoo attack compromised more than 500 million user accounts, the hackers appeared mainly interested in sifting through the email of Russian and U.S. government officials, Russian journalists and employees of financial firms and other businesses, according to the indictment.

    When they weren't spying, the hackers also tried to make money on the side with petty scams. In one ruse detailed in the indictment, the hackers are accused of manipulating Yahoo's search results to drive traffic to a company selling erectile dysfunction drugs in exchange for commissions.

    The severity of that breach, the second worst in internet history, was most likely magnified by the fact that it took some two years for Yahoo to disclose the initial attack. Had Yahoo taken more aggressive steps — for instance, asking users to change their passwords, or even expiring the passwords and forcing users to enter new ones — it might have prevented some of the damage.

    Millennials Found Most Susceptible to Robocalls and Scams

    [NATL] Millennials Found Most Susceptible to Robocalls and Scams

    A new study finds that it is not the elderly who are most susceptible to scam phone calls, but millennials, who are six times more likely to give away credit card information than any other age group. 

    (Published Saturday, April 29, 2017)


    Hackers got their initial access to Yahoo's network around early 2014, although it's not clear exactly how. By the end of the year, according to the indictment, they had made two valuable finds.

    The first was a backup copy of Yahoo's user database, current as of early November 2014. It contained a lot of information that could be used to reset passwords and gain entry to Yahoo accounts, such as phone numbers, answers to security questions and recovery email addresses used to reset forgotten passwords. The database also contained cryptographically scrambled data Yahoo normally uses to authorize users as they log in.

    The second was an internal tool for editing information in the user database.

    Girl Scalped on Carnival Ride Talks Recovery One Year Later

    [NATL] Girl Scalped on Carnival Ride Talks Recovery One Year Later

    Elizabeth "Lulu" Gilreath talks about her recovery from a carnival ride gone very wrong. Gilreath was scalped when her hair was caught on the King's Crown ride in Omaha, Nebraska, but she does not dwell on the incident, saying "My scars don't define me."

    (Published Friday, April 28, 2017)

    By December 2014, Yahoo executives and lawyers knew hackers tied to a foreign government had gained access to some of its users' personal information, but didn't dig deeper into the incident, according to a report released earlier this month by the company's board. Yahoo merely notified 26 users that they there information may have been taken and also consulted with law enforcement.


    Hackers accessed user accounts by fooling Yahoo into thinking they had already signed in. Companies like Yahoo typically use bits of data called cookies to let you stay signed into an account via a web browser. This is how you keep Gmail, for instance, open even if you close your browser and restart it. Hackers used malware and information from the user database to manufacture fake cookies. To Yahoo, it then appeared that a hacker was the authorized user.

    That method worked so long as users didn't change their passwords after early November 2014. Hackers used this technique to target more than 6,500 user accounts.

    Man Sees Vera Wang Diamond Ring on Sidewalk, Finds Its Owner

    [NATL] Man Finds Vera Wang Diamond Engagement Ring on Sidewalk, Tracks Down Its Owner

    Imagine looking down and finding a pristine diamond ring lying on the sidewalk. That was how Glenn Weddell found a Vera Wang diamond ring one afternoon in Sacramento, California. But instead of keeping it, Weddell hunted down the distraught owner to return the ring in a happy reunion. His method involved posting a sign to a tree downtown and hoping for the best. 

    (Published Thursday, April 27, 2017)

    There was nothing particularly fancy about what the Russian hackers did, said Shuman Ghosemajumder, who used to fight fraud at Google and is now chief technology officer for Shape Security. But it still doesn't look as bad as it might have had the heist been engineered by a clever teenager or another digital burglar working without the backing of a foreign government, experts said.

    "The CIA can't even protect against some of these guys, so my sympathies are with Yahoo," Litan said. "I don't know how good Yahoo's security was, but it is really hard to detect these nation-state hackers."

    Yahoo has already paid a steep price. Verizon extracted a $350 million discount on the initial purchase price for Yahoo's online services after initially demanding a $925 million reduction for the damage done. Yahoo still faces dozens of lawsuits.


    Inmate Convulses During Execution With Controversial Drug

    [NATL] Fourth Arkansas Inmate Convulses During Execution With Controversial Drug

    The controversy over midazolam, a drug used during state executions of convicted inmates, rises following the execution of a fourth Arkansas inmate in eight days. Witnesses say Kenneth Williams, put on death row for the 1999 murder of two people, moved and shook during his execution Thursday night.

    (Published Friday, April 28, 2017)

    While Russian intelligence officials were interested only in a limited number of accounts, hackers used access to Yahoo's network for their own financial gain.

    Besides the erectile dysfunction scheme, the hackers also searched email accounts for credit card information and electronic gift cards. The hackers even combed through email accounts looking for gift cards a few week after Yahoo announced the breach.

    Attackers also searched emails for contact information of friends and colleagues; such data enabled spam that appeared to originate from those friends and colleagues, making it more likely for the recipient to open the message.


    The 2014 breach was the second of two major breaches at Yahoo and involved at least 500 million user accounts. Yahoo later revealed that it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014. Wednesday's indictment didn't address the 2013 breach.