SAN FRANCISCO — If a foreign government is behind the massive computer attack that compromised a half billion user accounts at Yahoo, as the company says, the breach could be part of a long-term strategy that’s aimed at gathering intelligence rather than getting rich.
Yahoo says the breach involved users’ email addresses, passwords and other information — including birthdates — but not payment card or bank account numbers. Although the stolen data could still be used in financial crimes, such as identity theft, experts say a foreign intelligence agency might combine the Yahoo files with information from other sources to build extensive dossiers on U.S. government or corporate officials in sensitive positions.
“With state-sponsored attacks, it’s not just financial information that’s of value,” said Lance Hoffman, co-director of the Cyberspace Security and Privacy Institute at George Washington University. “In the long run, if the state accumulates a lot of information on you, and especially if it corroborates that with other sources, it can assemble a pretty good profile.”
Yahoo hasn’t revealed the evidence that led it to blame a “state-sponsored actor” for the latest attack, which the Sunnyvale, California, company said occurred two years ago and was discovered only in recent weeks.
Yahoo declined comment, but its top security official, Bob Lord, has said the company would make that claim only “when we have a high degree of confidence.” In a policy statement last year, Lord also said the company wouldn’t release details about why it believes attacks are state-sponsored because it doesn’t want to risk disclosing its methods of investigating breaches.
This wouldn’t be the first time that governments were implicated in high-profile hacking attacks.
U.S. officials have hinted that China might be to blame for a 2015 breach at the U.S. Office of Personnel Management, in which background files and even fingerprints of millions of federal employees were stolen. China denied any official involvement. More recently, news reports say U.S. intelligence officials have blamed Russian spies for the hack of Democratic National Committee files, although Russia’s government has also denied this.
Some security experts believe the OPM attack was carried out by the same hackers who also stole data files from large U.S. insurance and health-care companies in 2014 and 2015. It may have been part of an effort to gather sensitive or compromising information to blackmail or coerce individuals working at a variety of federal agencies.
Similarly, governments might want to target executives at multi-national corporations, especially if they’re competing with companies based in the country that sponsored the attacks. In such cases, intelligence officials might share useful commercial secrets with their home-grown industries, said Jeremiah Grossman, an official at SentinelOne, a Silicon Valley computer security firm.
In any event, security experts warn that the Yahoo breach could still put ordinary users at risk, particularly if the hacked information finds its way to online marketplaces where stolen data are bought and sold.