Cascading Effect: One Attack Led to Another at Yahoo | NBC4 Washington

Cascading Effect: One Attack Led to Another at Yahoo

While Russian intelligence officials were interested only in a limited number of accounts, hackers used access to Yahoo's network for their own financial gain

    processing...

    NEWSLETTERS

    Getty Images, File

    Russian hackers working with Russian spies didn't crack Yahoo security all at once.

    Instead, according to an account offered by U.S. officials, they methodically made their way deeper into Yahoo's network over the space of months — maybe years. That allowed them to forge technological skeleton keys that would unlock many Yahoo accounts, steal personal information and then use that data to break into other email services used by their targets, U.S. officials said in announcing charges against four Russians.

    Flyer Protections on Overbooked Plane Flights

    [NATL] Flyer Protections on Overbooked Plane Flights

    NBC reports on the steps that flyers and travelers can take to protect themselves, and their vacation, from an overbooked flight.

    (Published Wednesday, April 26, 2017)

    That Department of Justice indictment fills in some of the blanks surrounding a massive security breach that occurred in 2014, but Yahoo didn't reveal until six months ago. But it doesn't answer why it took Yahoo so long to grasp its seriousness or why it waited so long to tell its users — or Verizon, which is paying $4.5 billion for Yahoo operations now tainted by the biggest security lapses in internet history.

    Yahoo declined to comment beyond a statement thanking law enforcement for its efforts.

    It's also not clear whether the Russian hackers and spies involved in the Yahoo break-in were also involved in other recent hacking attacks, such as the leak of embarrassing emails from the Democratic National Committee during the 2016 election. U.S. intelligence agencies have previously said they believe that Russian hackers were involved in those breaches, too.

    SECOND-BIGGEST BREACH

    New Artificial Wombs Stimulates Mom for Preemies

    [NATL] New Artificial Wombs Stimulates Mom for Preemies

    A new invention from the Children's Hospital of Philadelphia may soon care for extremely premature babies. Artificial wombs stimulate an environment similar to a mother's womb - a method that researchers say is gentler than ventilators and incubators. 

    (Published Wednesday, April 26, 2017)

    "We are in a cyberwar and our government hasn't woken up and done anything about it," said security analyst Avivah Litan of Gartner Inc.

    Although the Yahoo attack compromised more than 500 million user accounts, the hackers appeared mainly interested in sifting through the email of Russian and U.S. government officials, Russian journalists and employees of financial firms and other businesses, according to the indictment.

    When they weren't spying, the hackers also tried to make money on the side with petty scams. In one ruse detailed in the indictment, the hackers are accused of manipulating Yahoo's search results to drive traffic to a company selling erectile dysfunction drugs in exchange for commissions.

    The severity of that breach, the second worst in internet history, was most likely magnified by the fact that it took some two years for Yahoo to disclose the initial attack. Had Yahoo taken more aggressive steps — for instance, asking users to change their passwords, or even expiring the passwords and forcing users to enter new ones — it might have prevented some of the damage.

    Teens Overcoming Opioids Seek Treatment in Recovery Schools

    [NATL] Teens Overcoming Opioid Dependence Seek Treatment in 'Recovery Schools'

    A new method for battling teenage opioid abuse comes not in the form of a new drug or counseling method, but in special "recovery schools" that emphasize communal support and positive peer pressure. 

    (Published Tuesday, April 25, 2017)

    USER ACCOUNTS

    Hackers got their initial access to Yahoo's network around early 2014, although it's not clear exactly how. By the end of the year, according to the indictment, they had made two valuable finds.

    The first was a backup copy of Yahoo's user database, current as of early November 2014. It contained a lot of information that could be used to reset passwords and gain entry to Yahoo accounts, such as phone numbers, answers to security questions and recovery email addresses used to reset forgotten passwords. The database also contained cryptographically scrambled data Yahoo normally uses to authorize users as they log in.

    The second was an internal tool for editing information in the user database.

    New Orleans to Remove Confederate-Era Monuments

    [NATL] New Orleans to Remove Confederate-Era Monuments

    The city of New Orleans will remove four statues of Confederate-era events and figures in an effort to divorce itself from symbols that some see as problematic. The first statue, the Liberty Place Monument, was taken down early Monday morning. 

    (Published Monday, April 24, 2017)

    By December 2014, Yahoo executives and lawyers knew hackers tied to a foreign government had gained access to some of its users' personal information, but didn't dig deeper into the incident, according to a report released earlier this month by the company's board. Yahoo merely notified 26 users that they there information may have been taken and also consulted with law enforcement.

    FOOL ME ONCE, FOOL ME TWICE

    Hackers accessed user accounts by fooling Yahoo into thinking they had already signed in. Companies like Yahoo typically use bits of data called cookies to let you stay signed into an account via a web browser. This is how you keep Gmail, for instance, open even if you close your browser and restart it. Hackers used malware and information from the user database to manufacture fake cookies. To Yahoo, it then appeared that a hacker was the authorized user.

    That method worked so long as users didn't change their passwords after early November 2014. Hackers used this technique to target more than 6,500 user accounts.

    Driver Flees Traffic Stop, Dragging Police Officer

    [NATL-DFW] Driver Flees Traffic Stop, Dragging Police Officer

    Body camera footage shows a Florida police officer being dragged by a driver attempting to flee a traffic stop.

    Police said Frank Wetzel, 61, was pulled over after blowing through a stop sign. Police said he started fidgeting with something next to him, making the officer suspicious. He was allegedly later found with a machete and handgun.

    (Published Monday, April 24, 2017)

    There was nothing particularly fancy about what the Russian hackers did, said Shuman Ghosemajumder, who used to fight fraud at Google and is now chief technology officer for Shape Security. But it still doesn't look as bad as it might have had the heist been engineered by a clever teenager or another digital burglar working without the backing of a foreign government, experts said.

    "The CIA can't even protect against some of these guys, so my sympathies are with Yahoo," Litan said. "I don't know how good Yahoo's security was, but it is really hard to detect these nation-state hackers."

    Yahoo has already paid a steep price. Verizon extracted a $350 million discount on the initial purchase price for Yahoo's online services after initially demanding a $925 million reduction for the damage done. Yahoo still faces dozens of lawsuits.

    MAKING MONEY

    While Russian intelligence officials were interested only in a limited number of accounts, hackers used access to Yahoo's network for their own financial gain.

    Besides the erectile dysfunction scheme, the hackers also searched email accounts for credit card information and electronic gift cards. The hackers even combed through email accounts looking for gift cards a few week after Yahoo announced the breach.

    Attackers also searched emails for contact information of friends and colleagues; such data enabled spam that appeared to originate from those friends and colleagues, making it more likely for the recipient to open the message.

    THE OTHER BREACH

    Flight Attendant's Behavior Questioned Following Altercation

    [NATL-BAY] Flight Attendant's Behavior Questioned Following Altercation

    One day after an American Airlines flight attendant became entangled in an altercation with passengers, his employer is investigating whether or not he was out of line. Thom Jensen reports.

    (Published Sunday, April 23, 2017)

    The 2014 breach was the second of two major breaches at Yahoo and involved at least 500 million user accounts. Yahoo later revealed that it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014. Wednesday's indictment didn't address the 2013 breach.