{"id":7015,"date":"2017-03-16T18:30:08","date_gmt":"2017-03-17T02:30:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/16\/news-806\/"},"modified":"2017-03-16T18:30:08","modified_gmt":"2017-03-17T02:30:08","slug":"news-806","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/16\/news-806\/","title":{"rendered":"Yahoo breach shows the drawbacks of state-sponsored hacking"},"content":{"rendered":"

<\/p>\n

Credit to Author: Michael Kan| Date: Thu, 16 Mar 2017 17:57:00 -0700<\/strong><\/p>\n

When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they’re taking a big risk.<\/p>\n

On the one hand, it gives them a bit of plausible deniability while reaping the potential spoils of each attack, but if the hackers aren’t kept on a tight leash things can turn bad.<\/p>\n

Karim Baratov, the 22-year-old Canadian hacker who the FBI alleges Russia’s state security agency hired to carry out the Yahoo breach, didn’t care much for a low profile.<\/p>\n

His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars — the latest an Aston Martin DB9 with the license plate “MR KARIM.”<\/p>\n

But forget those for a moment and consider he wasn’t very careful in hiding his hacking work.<\/p>\n

His name is registered to several Russian-language\u00a0websites<\/a>\u00a0that\u00a0offer<\/a>\u00a0email hacking for between $80 and $90 per account. In the domain name records, he listed his home address.<\/p>\n

\u201cWhen you bring in amateurs who don\u2019t follow standard protocol, that carries risk,\u201d\u00a0said Alex Holden, chief information security officer at Hold Security.<\/p>\n

Pictures from Baratov’s Instagram account.<\/p>\n

The breach of Yahoo happened in 2014. At the time, the company notified the FBI but only believed 26 accounts had been targeted. It wasn’t until mid 2016 that the true enormity of the hack started to become apparent.<\/p>\n

Security experts say it\u2019s possible Baratov or a second hacker hired to help might have bragged online about the hack at some point, tipping off U.S. investigators.<\/p>\n

And then\u00a0in August 2016 a database allegedly stolen from Yahoo was found\u00a0circulating<\/a>\u00a0on the black market.<\/p>\n

\u201cSome of the information about this hack was basically leaked,\u201d Holden said. \u201cThat\u2019s not a sign of a mature intelligence operation.\u201d<\/p>\n

So why did Russia turn to a 22-year-old from Canada? Language might have played a role.<\/p>\n

According to the indictment, Baratov broke into the accounts through\u00a0spear phishing<\/a>\u00a0email attacks, which are often designed to dupe victims into handing over password information.<\/p>\n

However, spear phishing only works best if the emails appear authentic.<\/p>\n

\u201cThe benefit of having Karim, the Canadian, on the team probably allowed creation of far more believable phishing attacks due to his being a native English speaker,\u201d said Chester Wisniewski, a research scientist at security firm Sophos, in an email.<\/p>\n

In addition to Baratov, the Russian agents allegedly hired a 29-year-old Latvian named Aleksey Belan, who pulled off the main hack against Yahoo, and stole the database involving 500 million user accounts.<\/p>\n

By outsourcing the operation to Belan, Russia probably wanted to conceal the true motives for the Yahoo breach, Wisniewski said. Prior to Wednesday\u2019s indictment, Belan himself was already a wanted man for hacks against U.S. e-commerce companies. \u00a0\u00a0<\/p>\n

\u201cWho better to assist in a break-in?\u201d he said.\u00a0\u201cThere is also the \u2018cover\u2019 of criminal actions to potentially obfuscate the spying that was allegedly the real purpose.\u201d<\/p>\n

In response to Wednesday’s criminal indictments by the FBI, the\u00a0Russian government is denying any involvement, and\u00a0calling<\/a>\u00a0the allegations a distraction.<\/p>\n

Baratov, who has been arrested in Canada, is also claiming innocence,\u00a0according<\/a>\u00a0to his lawyer. Meanwhile, Belan remains at large.<\/p>\n

But if the allegations are true, it does show one example of how Russia is harnessing the power of cybercriminals for spying purposes — and how it can get sloppy.\u00a0<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Michael Kan| Date: Thu, 16 Mar 2017 17:57:00 -0700<\/strong><\/p>\n

\n
\n

When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they’re taking a big risk.<\/p>\n

On the one hand, it gives them a bit of plausible deniability while reaping the potential spoils of each attack, but if the hackers aren’t kept on a tight leash things can turn bad.<\/p>\n

Karim Baratov, the 22-year-old Canadian hacker who the FBI alleges Russia’s state security agency hired to carry out the Yahoo breach, didn’t care much for a low profile.<\/p>\n

His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars — the latest an Aston Martin DB9 with the license plate “MR KARIM.”<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714],"class_list":["post-7015","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7015"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7015\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7015"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}