Tag: intrusion

How did Yahoo get breached? Employee got spear phished, FBI suggests

Enlarge / Dmitry Dokuchaev, Igor Sushchin, Alexsey Belan, and Karim Baratov—the four indicted by the US in the Yahoo hacking case. SAN FRANCISCO—The indictment unsealed Wednesday by US authorities against two agents of the Russian Federal Security Service, or FSB, (Dmitry Dokuchaev and Igor Sushchin) and two hackers (Alexsey Belan and Karim Baratov) provides some details of how Yahoo was pillaged of user data and its own technology over a period of over two years. But at a follow-up briefing at the FBI office here today, officials gave fresh insight into how they think the hack began—with a “spear phishing” e-mail to a Yahoo employee early in 2014. Malcolm Palmore, the FBI special agent in charge of the bureau’s Silicon Valley office, told Ars in an interview that the initial breach that led to the exposure of half a million Yahoo accounts likely started with the targeting of a “semi-privileged” Yahoo employee and not top executives. He said social engineering or spear phishing “was the likely avenue of infiltration” used to gain the credentials of an “unsuspecting employee” at Yahoo. Palmore declined Ars’ request to elaborate during a brief interview inside the San Francisco FBI office, and he would not say whether the government or Yahoo discovered the breach. He also would not say how long the intrusion lasted before it was cut off. Read 11 remaining paragraphs | Comments

Visit link:
How did Yahoo get breached? Employee got spear phished, FBI suggests

OurMine ‘hack’ bombards Variety readers with email

It’s already irritating when a group of self-proclaimed hackers (really, account takeover pranksters) hijack a website … it’s another when they flood your inbox. The OurMine collective managed to not only compromise Variety ‘s website through a post of their own on September 3rd, but blast the entertainment site’s email subscribers with messages steering them to a post bragging about the intrusion. As usual, the group doesn’t really explain its motivations. It claims it’s “just testing [ Variety ‘s] security, ” but that’s not exactly believable. Variety has removed the post in question and, as I write this, is fixing the email assault. However, this is only going to increase the pressure to shut down OurMine. You can safely ignore a defaced website or out-of-character Twitter updates, but email is decidedly more intrusive. Lovely. Looks like @Variety was hacked and now they are sending tons of emails over and over… pic.twitter.com/5dJ43Z2ZuV — Gerry D (@GerryDales) September 3, 2016 Source: Variety (Twitter) , Gerry Dales (Twitter)

Visit site:
OurMine ‘hack’ bombards Variety readers with email