11/12/2022 0 Comments Hack yahoo password onlineThe hacked users included an assistant to the deputy chairman of Russia, an officer in Russia's Ministry of Internal Affairs and a trainer working in Russia's Ministry of Sports. Of the roughly 500 million accounts they potentially had access to, they only generated cookies for about 6,500 accounts. Throughout the process, Belan and his colleague were clinical in their approach. Those cookies, which were generated many times throughout 20, gave the hackers free access to a user email account without the need for a password. Once the accounts had been identified, the hackers were able to use stolen cryptographic values called "nonces" to generate access cookies through a script that had been installed on a Yahoo server. Sometimes they were able to identify targets based on their recovery email address, and sometimes the email domain tipped them off that the account holder worked at a company or organization of interest. The account management tool didn't allow for simple text searches of user names, so instead the hackers turned to recovery email addresses. District Court endictment for four people accused of hacking Yahoo is seen against FBI wanted posters. It's those last two items that enabled Belan and fellow commercial hacker Karim Baratov to target and access the accounts of certain users requested by the Russian agents, Dmitry Dokuchaev and Igor Sushchin. The database contained names, phone numbers, password challenge questions and answers and, crucially, password recovery emails and a cryptographic value unique to each account. So he wouldn't lose access, he installed a backdoor on a Yahoo server that would allow him access, and in December he stole a backup copy of Yahoo's user database and transferred it to his own computer. Once Aleksey Belan, a Latvian hacker hired by the Russian agents, started poking around the network, he looked for two prizes: Yahoo's user database and the Account Management Tool, which is used to edit the database. It's unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened. The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. In March 2017, the FBI indicted four people for the attack, two of whom are Russian spies. Federal Bureau of Investigation investigated the 2014 intrusion for two years, but it was only in late 2016 that the full scale of the hack became apparent. On Tuesday, Yahoo said that, in fact, all 3 billion user accounts were affected. Of course, that 2014 breach, was soon dwarfed by revelations of a second breach that took place a year earlier and which at the time was said to have compromised 1 billion Yahoo user accounts. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |