Tag: yahoo

Canadians refuse bail for “Yahoo hacker”

A Canadian judge denied bail to a 22-year-old man whom the United States wants to extradite to face charges of involvement in a massive hack of Yahoo email accounts.

Karim Baratov, a Canadian citizen who was born in Kazakhstan, was considered a flight risk by Justice Alan Whitten, who remanded Baratov in custody until May 26.

The United States claims that Baratov worked with Russian intelligence agents who paid him to break into at least 80 email accounts, including those of specific targets with non-Yahoo accounts.

The judge said that Baratov had no reason to stick around as he could continue his wealth-generating activities anywhere in the world.

Baratov faces US charges including conspiracy to commit computer fraud, conspiracy to commit wire fraud and identify theft, and could face decades in a US jail if found guilty on all charges.

His lawyer Amedeo DiCarlo says that it was not him, and he would consider appealing the bail decision if the court is unable to schedule a expeditious extradition hearing.

Federal prosecutor Heather Graham told the court that the attorney general of Canada will be ready to proceed with an extradition hearing by June 12, according to media reports.

The United States last month charged two Russian intelligence agents, Baratov and another alleged hacker over the 2014 theft of 500 million Yahoo accounts, the first time the US government had criminally charged Russian spies for cyber offenses.

The other alleged hacker is Alexsey Belan, one of the FBI’s most-wanted cyber criminals, who was arrested in Europe in June 2013 but escaped to Russia before he could be extradited to the United States, according to the US Justice Department.

US about to arrest Yahoo hackers

US Justice Department officials are expected to announce arrests against suspects in at least one of a series of hacking attacks on Yahoo.

The accused men live in Russia and Canada, the source said, with the Canadian far more likely to be forced across the border to face arrest. Russia has no extradition treaty with the United States and Tsar Putin is expected to be a big fan of whoever hacked Yahoo.

It could not immediately be learned whether the group was suspected in the hacking of data about one billion Yahoo users, or a separate hack of 500 million email accounts.

The indictments were first reported by Bloomberg News. The two largest hacks, and Yahoo’s much-criticised slow response and disclosure, forced a discount of $350 million in what had been a $4.83 billion deal to sell Yahoo’s main assets to Verizon Communications.

Marissa Mayer to get a $23 million “golden parachute”

Yahoo is giving its CEO Marissa Mayer a $23 million “golden parachute” and $3 million in cold hard cash in the hope that she might go away with the least amount of fuss.

The search engine has named Thomas McInerney, a former chief financial officer of IAC, as the bearer of the Yahoo poisoned chalice once the merger with Verizon becomes official.

Yahoo said that after it completes the sale of its core search business to Verizon and Mayer and co-founder David Filo step down as board members of Altaba – the new name for the remaining holdings.

Mayer’s golden parachute is the large payment for top executives if they lose their position because of a deal, would include $19.97 million in equity and more than $3 million in cash, according to a regulatory filing.

It would kick in if there is a change in control, as will be the case in the deal, and she is terminated “without cause” or “leaves for good reason” within a year.

There cannot be many people who would be upset at getting $26 million not to go to work.

Marissa Mayer gives her bonus to staff

Yahoo CEO Marissa Mayer announced today via her Tumblr page that she will be redistributing her annual bonus and equity stock grant to Yahoo employees to make up for two security hacks which thumped the company.

An independent committee Yahoo brought on to investigate the hacks found the company to be at fault for not sufficiently responding to the security incidents.

The committee said that while significant additional security measures were implemented in response to those incidents, it appears certain senior executives did not properly comprehend or investigate, or act on information provided internally by the company’s information security team. Because of the hacks, Yahoo’s top lawyer, Ron Bell, was fired.

Mayer has accumulated about $162 million during the five years she’s spent as the company’s CEO in both salary and stock awards. She’s also due about $55 million in severance if she decides to leave the company following its acquisition by Verizon.

While it is nice that Mayer is giving her cash to the employees, most of the victims of the security fiasco were customers and users, who are no doubt organising a class action as we write.

Yahoo being investigated for handling of data breaches

Marissa-Mayer-webex-ART-OLD-SITE (1)The troubled search engine outfit Yahoo is being investigated by Inspector Knacker of the US yard and financial regulators over its handling of two huge data breaches.

Yahoo was hacked in 2014 and huge amounts of personal data was stolen. Yahoo, which was a little concerned about more publicity failed to make the news public.

Now the FBI is looking into whether Yahoo’s two massive data breaches should have been reported sooner to investors. If Yahoo faces any fall-out from the case then it could be a major test in defining when a company is required to disclose a hack.

For those who came in late, the first data breach in 2013 that involved more than one billion users’ accounts. The second was in 2014, an intrusion which involved about 500 million accounts. SEC has requested documents from Yahoo.

The agency has been considering a model case for cybersecurity rules it issued in 2011. Yahoo has said that it was cooperating with the SEC, Federal Trade Commission and other federal, state, and foreign governmental officials and agencies including “several State Attorneys General, and the U.S. Attorney’s office for the Southern District of New York”.

When Yahoo reported the 2014 breach, it said that evidence linked it to a state-sponsored attacker. It has not announced a suspected responsibility for the larger 2013 intrusion, but the company has said it does not believe the two breaches are linked.

 

Yahoo gone, Mayer to quit

Marissa-Mayer-webex-ART-OLD-SITE (1)Yahoo is to rename itself Altaba and Chief Executive Officer Marissa Mayer will quit after the closing of its deal with Verizon.

Yahoo has a deal to sell its core internet business, which includes its digital advertising, email and media assets, to Verizon for $4.83 billion.

Five other Yahoo directors would also clean out their desks after the deal closes, Yahoo told regulators. The new company also named Eric Brandt chairman of the board.

The remaining directors will govern Altaba, a holding company whose primary assets will be a 15 percent stake in Chinese e-commerce company Alibaba and 35.5 percent stake in Yahoo Japan.

The terms of that deal could be amended – or the transaction may even be called off – after Yahoo last year disclosed two separate data breaches; one involving some 500 million customer accounts and the second involving over a billion.

Verizon executives have said that while they see a strong strategic fit with Yahoo, they are still investigating the data breaches.

 

Verizon getting cold feet about Yahoo

coldfeet191115Telco Verizon, which was thinking about buying the troubled search engine outfit Yahoo, is getting cold feet.

The deal was all set to go through and then Yahoo was hit by a couple of security scandals including a suppressed data leak which stripped value from the company.

Marni Walden, president of product innovation and new businesses, who is a senior executive of Verizon said that she could not sit “sit here today and say with confidence one way or another because we still don’t know.”

If it wants to get out of the deal, Verizon likely will have to show the overall value of Yahoo has declined as a result of the two hacking disclosures.

“I have to have certain facts in order to be able to make a decision. There’s a lot of stuff we don’t know.”

If only there was a good search engine where you could look up the information you need on that Internet thingee.

Yahoo hacked again

13.-Hacker-1-696x464Yahoo has said that it was hacked again and data from more than a billion user accounts was nicked.

Apparently the attack happened in August 2013, making it the largest breach in history and we just found out about it.

The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion.

Verizon said about the latest attack that it would be reviewing the impact of this new development before reaching any final conclusions.

A Yahoo spokesman said the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.

A spokesYahoo added it believes hackers responsible for the previous breach had also accessed the company’s proprietary code to learn how to forge “cookies” that would allow hackers to access an account without a password.

However some analysts have said that the company has screwed up and was found not to have been taking security seriously enough.

Yahoo said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.

Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc’s Mandiant unit and Aon Plc’s Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.

 

Big Tech reacts in horror to Yahoo’s spying story

A shocked Baby (2)_fullAfter the news got out that Yahoo has been scanning its mail systems for the US spooks, the bigger US ISPs have reacted in horror and said they would never dream of such a thing.

Apple, Facebook, Google, Microsoft, and Twitter have all said they would never do such a thing.

According to Reuters, Yahoo built in 2015, at the US  government’s request, software that scans literally all emails for certain information provided by either the National Security Agency or the FBI. The software was never mentioned in Yahoo’s biannual transparency report. In the latter half of 2015, the company received 4,460 total government data requests, for 9,373 accounts, that it would classify as “Government Data Requests,” a category that includes National Security Letters from the FBI and Foreign Intelligence Surveillance Act requests.

According to the Reuters report, the Yahoo programme was known to only a handful of employees.

A Facebook representative said “Facebook has never received a request like the one described in these news reports from any government, and if we did we would fight it.”

Google said the same: “We’ve never received such a request, but if we did, our response would be simple: ‘no way.’”

A Microsoft spokesperson added: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”

A representative for Twitter replied that: “We’ve never received a request like this, and were we to receive it we’d challenge it in a court. Separately, while federal law prohibits companies from being able to share information about certain types of national security related requests, we are currently suing the Justice Department for the ability to disclose more information about government requests.”

While Apple declined to give a statement on the record it has previously said it would never do anything like that.

Yahoo is coming out looking like the bad guy. It is in talks to be acquired by Verizon, but also facing another scandal for suffering the largest known user data leak in history, with 500 million users’ information exposed. However it failed to mention it to its users.

Yahoo called out on “state sponsored hack”

13.-Hacker-1-696x464Troubled search outfit Yahoo has been called out over its claim that it was the victim of a state sponsored hacker in 2014.

Yahoo got into all sorts of hot water after it was revealed that it had been hacked a while ago and forgot to tell anyone It appeared to make matters worse by implying that it was not a regular common garden hack that bought its security to its knees but one of those government hacks which are impossible to stop.

According to InfoArmor, which claims to have some of the stolen information the hack was carried out by a bunch of hackers whose main clients are spammers.  “Group E,” a team of five professional hackers believed to be from Eastern Europe and are not backed by any government at all.

Andrew Komarov, InfoArmor’s chief intelligence officer claimed that Group E was behind high-profile breaches at LinkedIn, Dropbox and Tumblr. To sell that information, the team has used other hackers, such as Tessa88 and peace_of_mind, to offer the stolen goods on the digital black market.

“The group is really unique,” Komarov said. “They’re responsible for the largest hacks in history, in term of users affected.”

InfoArmor’s claims dispute Yahoo’s contention that a “state-sponsored actor” was behind the data breach, in which information from 500 million user accounts was stolen. Some security experts have been skeptical of Yahoo’s claim and wonder why the company isn’t offering more details.

The database that InfoArmor has contains only “millions” of accounts, but it includes the users’ login IDs, hashed passwords, mobile phone numbers and zip codes, Komarov said.

The security firm says it obtained the data from “operative sources” about a week ago and has verified that the account information is real. Komarov wouldn’t say more about how InfoArmor got the data.

Group E has sold the stolen Yahoo database in three private deals, Komarov said. At one point, the Yahoo database was sold for at least $300,000, he said. His firm has been monitoring the group’s activities for more than three years.