A Canadian man born in Kazakhstan has been sentenced to five years in prison for crimes connected to the massive Yahoo security breach that U.S. federal agents say was directed by Russian government spies.
“Karim Baratov, an FSB go-to guy for webmail hacking, was sentenced to 5 years in prison this morning, less than the nearly 8 years sought by the Justice Department,” says Daily Beast's Kevin Poulsen.
Below, why 5 years in prison is actually a good outcome for Baratov, who is 23.
Read the rest
How the once mighty have fallen. Read the rest
Compuserve's sprawling, paleolithic forums were acquired along with Compuserve itself by AOL in 1998, and their fossil remains were augmented, year after year, decade after decade, by die-hard users who continued to participate there.
Read the rest
Just over a year ago, Yahoo admitted that it had been hacked in 2013, and estimated that 500 million accounts had been compromised (the company blamed state-sponsored actors, and federal prosecutors have indicted two Russian spies for ordering the operation). Now the company has admitted that all three billion of its accounts were affected.
Read the rest
Verizon's using its purchase of Yahoo for more than undermining the fight for net neutrality: it's also using its new acquisitions to make anti-competitive moves against its telcoms rivals, deploying the users of Flickr and Tumblr as hostages. Read the rest
Yahoo's sale to Verizon means that Yahoo's sub-companies -- Flickr, Tumblr and a host of others -- are now divisions of a phone company, and as you might expect, being on the payroll of a notorious neutracidal maniac with a long history of sleazy, invasive, privacy-destroying, monopolistic, deceptive, anti-competitive, scumbag shakedowns has changed the public positions these companies are allowed to take. Read the rest
It's been a decade since Yahoo got raked over the coals by Congress for helping the Chinese government spy on journalists and dissidents, some of whom were then arrested and tortured. Read the rest
Information security is a race between peak indifference to surveillance and the point of no return for data-collection and retention. Read the rest
Before today's anticipated announcement by the Justice Department, more details are already leaking out about who they're after: “two Russian spies, and two criminal hackers.” Read the rest
The ACLU raised $24M over the weekend of the #muslimban, six times its usual annual average, and now it is joining the Winter 2017 class at Y Combinator, a startup accelerator that has emerged a mixed bag of great and terrible companies, which has had to contend with controversy over its ties to Peter Thiel. Read the rest
Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether. Read the rest
What do you do if your ailing internet giant has been outed for losing, and then keeping silent about, 500 million user accounts, then letting American spy agencies install a rootkit on its mail service, possibly scuttling its impending, hail-mary acquisition by a risk-averse, old economy phone company? Just cancel your investor call and with it, any chance of awkward, on-the-record questions. (via /.) Read the rest
A week after the revelations that Yahoo illegally allowed American spies to access all Yahoo users' email (possibly via a dangerous rootkit), and two weeks after admitting that 500,000,000 Yahoo Mail users' passwords were leaked years previously, possibly to a "state actor," the company has disabled email forwarding for Yahoo Mail users. Read the rest
Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources -- at least one of whom worked on the security team -- say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool. Read the rest
Yahoo email accounts were scanned by the company on behalf of U.S. intelligence services from last year. This represents the first example of a U.S. service provider providing complete access to "all arriving messages," reports Reuters.
It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.
Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.
According to the two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.
It might not seem terribly meaningful to users, given the revelation that 500m Yahoo accounts (surely all of its users, or close to it) were hacked anyway, but there's a difference between a one-off break-in and a standing invitation. Over four years of Mayer's leadership, Yahoo suffered a "stunning collapse in valuation" and was sold to Verizon for $4.83bn. Completion of the deal is reportedly threatened by the recent stories about Yahoo's security failings. Read the rest
In 2015, Yahoo CEO Marissa Meyer ordered the company's engineers to build a tool that scanned Yahoo Mail messages in realtime for "characters" of interest to a US security agency, either the FBI or the NSA. Read the rest