Privacy News Latest Theory Says Yahoo Hackers Aren't State-Sponsored, Just Common Crooks

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Security firm InfoArmor has put forward a theory claiming that the group that broke into Yahoo's servers, stole, and then dumped its data is made up of regular hackers and have no affiliation with state agencies, making Yahoo's assessment of "state-sponsored actors" false.

The company says the Yahoo hack is the work of an elite team of hackers, which were also behind the hacks of other high-profile web services, such as LinkedIn, MySpace, Tumblr, VK, and more.

Hackers used Tessa88 and Peaceof_Mind as public spokespersons
InfoArmor says this group used two individuals as public spokespersons and intermediaries to sell the stolen data.

These two are the infamous Tessa88 and Peace_of_Mind, the two persons that put up most of the data for sale online on The Real Deal (TRD) Dark Web marketplace, but also on underground hacking forums.

InfoArmor's theory contradicts Yahoo's explanation, which the company gave in its official press release regarding the incident, saying that a "state-sponsored actor" had compromised its servers, but without presenting any details to sustain this assessment.

In an interview with Wired, but also in a conversation on Jabber with your reporter, Peace_of_Mind said he was representing a larger group of Russian hackers.

Hell Forum users or Eastern European hackers?
InfoArmor is not sure who is this group of hackers, but has two theories. The first is that the group is formed from a nucleus of former Hell Forum users, and the second is that they are professional blackhats from Eastern Europe.

The latter theory also leaves the door open for them to be members of state-sponsored groups, as Yahoo suspected, who are now selling off data that has become obsolete due to its age.

InfoArmor also says that most of the data has been pumped up and injected with fake accounts to boost its market value, a reason why Tessa88 has been banned on several underground forums, and a reason why the TRD marketplace has suffered huge downtime lately due to DDoS.

Additionally, InfoArmor says that the two public figureheads, Tessa88 and Peace_of_Mind appear to have cut ties with the original hackers, but the reason is unknown.

"This approach was 'carefully' orchestrated in order to mask the actual sources of the hacks and to commercialize the data in an anonymous manner, due to the fact that this data had been used by the threat actors for their own purposes, namely, targeted account takeover (ATO) and spam," InfoArmor explains in its report.

A previous report has presented Peace_of_Mind as one of the authors, next to a hacker known as Bestbuy, of the GovRat 2.0 malware.

 

Tony Cole

Level 27
Verified
May 11, 2014
1,639
They probably say it's a state sponsored attack so it looks like they have advanced security that only top experts can access. When it's normal hackers it looks like they do not have enough safe-guards in place.
 

Entreri

Level 7
Verified
May 25, 2015
342
That is why I have gotten into the habit long ago to provide not so accurate information regarding things like birth date to Facebook etc.
 
  • Like
Reactions: Der.Reisende

soccer97

Level 11
Verified
May 22, 2014
517
I had a hard time believing it was a state sponsored attack, considering it was Yahoo. More like the theories in the OP. Yahoo's record is spotty.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top