Yahoo recently disclosed what may become one of the most significant breaches of all time, announcing that it was targeted by hackers based in Russia in 2014 and that as many as 500 million user accounts were compromised. The hackers obtained personal information about those users, including enough information to perpetrate identity theft. This is only the latest example of a worrying trend: large-scale hacking operations that operate in the blurred lines between criminal organizations and foreign governments. Companies of all sizes need to be on the lookout for hack attempts, because the consequences are increasingly dire.
Hacking for Power and Money
The two nations that have dominated recent news about hacking and breaches are Russia and China. Both countries have dedicated cyberwar branches of their military as well as significant numbers of independent hacking groups.
In China, hackers often target human rights activists, Western governments, and other entities that may oppose the Chinese Communist Party, as well as companies with industrial secrets that have economic or military significance.
Russian hackers also target Western military and political victims but have a secondary goal of information warfare and propaganda. Other occasional players include Iran and North Korea. The US itself has also engaged in hacking attacks on foreign targets, with a particular emphasis on disabling systems and surveillance.
This “silent war” has made it difficult for companies of significant size or importance in the US to operate without facing frequent hacking attempts. Smaller and medium-sized companies are also at risk because they tend to have less defense in place, making them softer targets. Hackers can also use smaller hacks as steps up to larger targets by harvesting useful user data from the smaller targets or by employing their computing resources in botnets.
Dangerous Synergy
This escalated assault is worrying because hacking groups now show multiple motives. A foreign nation might have both a cyberwar group dedicated to political targets and criminal organizations with purely financial goals. However, the political groups may contract some of their work out to the criminal groups, pooling resources to attack common targets and share the benefits. The political groups may even moonlight as financial hackers in their downtime.
The lines are increasingly blurry, especially when the foreign power can view the criminal hackers as forwarding their cause by damaging the enemy. That makes these attacks hard to stop, because the odds of the foreign power enforcing the law and stopping the criminal groups is extremely low. Even when they do not collaborate, political and criminal hackers still both pose a significant threat and major companies in sectors like defense, research, and manufacturing still face incursion attempts from both groups at once.
Motive Overlap
The size and scale of the Yahoo attack are cause for concern because the attack could fit any of several motives. For example, a political actor would benefit from hacking Yahoo users because it could search that user data to find people who work in sensitive positions at defense contractors or the government. It could then use the data to attempt to breach those organizations via the compromised user’s account. With 500 million accounts, it is well within the realm of possibility that high-level persons or those with significant security clearance were among the victims. A criminal hacker would obtain 500 million potential identities for fraud, as well as a springboard for further hacking of personal accounts.
The worrying aspect is that because both types of hacking groups would benefit it is entirely possible that they collaborated to breach Yahoo. As a tech company, Yahoo should have been more secure than most, especially against a breach of such massive scale.
Another concerning aspect is the duration. As with many other hacks, it seems clear that the Yahoo breach occurred years before the company discovered it, meaning the hackers had access for several years, during which time they could have attempted any number of other moves or simply waited for more data to fall into their laps. The upper bound for the damage this breach could cause is unknown and probably unknowable, because it isn’t possible to ascertain exactly what the hackers did with that access. But the idea of a foreign power with years of access for one of the Internet’s clearinghouses for identity is quite worrying.
The Future of Security
The key is that every company must now become even more alert to the possibility of hacking, and especially become open to the idea that they may already be compromised. Businesses should enact internal policies not only to make themselves more secure, but also to limit the fallout for breaches that do occur.
This includes moves like creating a completely secure intranet with no Internet access and enforcing that barrier, along with stringent security protocols and strict password governance. This might include automation to minimize the role of user error and to reduce the potential vulnerability to social engineering, which still comprises a common and cheap mode of entry for hackers. The world is only becoming more dangerous as far as hacks go, and proactive responses are necessary to keep pace.