Yahoo Servers were hacked by FSB Spies and others

Huge chunks of information from Yahoo's networking service and information was stolen by just four individuals. Personal messages from Yahoo user's were also stolen and have been included in the criminal activity. Out of the group of 4 hackers, two were FSB members (Russian's Federal Security Services), and the other two were previously known hackers that had no relation to the FSB.

Who was behind the hacking?

This investagation has been going on for two years but the attack began in 2014. However, "the U.S. Department of Justice announced charges Wednesday,  March 15th, 2017 against two Russian spies and two hackers for stealing user data from half a billion Yahoo accounts in 2014. The massive cybersecurity breach, the second to affect Yahoo in two years, is believed to have been one of the largest in history."1  The names of the FSB members are Dmitry Dokuchaev and Igor Sushchin and the other two are Aleksey Belan and Karim Baratov.

How was it done?

Aleksey Belan (non FSB member) installed, through a backdoor, an application that allowed him and others to access Yahoo's user database and the account management tool as well.  However the account management tool was not as easily accessible due to the fact that it did not allow text searches of user names. At that point, the hackers decided to go after the recovery email addresses. The recovery emails contained names of Yahoo employees.  After that step was done, the hackers were about to use stolen cryptographic values called "nonces". The cryptographic values allowed them to generate cookies through scripts that were part of the Yahoo server. The outcome allowed the hackers to accessed huge amounts of emails without any verfication or passwords needed.  Once the hacking process was done, Aleskey transfered all of stolen information over to his computer. 

Was there Justice?

"A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts. The defendants are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident; Igor Anatolyevich Sushchin, 43, a Russian national and resident; Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident; and Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian national and a resident of Canada." 2 The only member out of the four that was arrested was Dmitry Dokuchaev. The others still remain at large.

Yahoo's Response

"The company had been investigating another incident involving a hacker when they found out about this particular hacking.  To protect users, the company has forced password resets on all users accounts and has invalidated the forged cookies.

Nevertheless, after the hacking incidents, Yahoo agreed to take off US$350 million from Verizon Communications' original offer to buy the internet company. The deal is expected to close this second quarter.  Because of the breaches, Yahoo said the company is facing about 43 class action lawsuits. 3 

Sources:

1.http://www.vanityfair.com/news/2017/03/the-justice-department-says-it-knows-who-hacked-yahoo

2. https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions

3. http://www.pcworld.com/article/3176306/security/yahoo-execs-botched-its-response-to-2014-breach-investigation-finds.html

4.  http://www.csoonline.com/article/3180762/data-breach/inside-the-russian-hack-of-yahoo-how-they-did-it.html

5.. https://blog.knowbe4.com/a-single-spear-phishing-click-caused-the-yahoo-data-breach