Russians Charged in Yahoo Attack
The U.S. Department of Justice (DOJ) has indicted two Russian spies, another Russian hacker and one Canadian hacker in the 2014 breach of Yahoo's networks. "The indictment unequivocally shows the attacks on Yahoo were state-sponsored," said Chris Madsen, assistant general counsel and head of Global Law Enforcement, Security & Safety at Yahoo. "We appreciate the FBI's diligent investigative work and the DOJ's decisive action to bring to justice those responsible for the crimes against Yahoo and its users."
The indictment also revealed more details about the attack. For example, investigators now say that the breach began with a spear-phishing attack on a "semi-privileged" user at Yahoo. Once the hackers obtained access, they discovered a tool that allowed them to generate fake cookies that gave them access to user accounts.
More surprisingly, the court documents also revealed that one of the hackers was able to manipulate Yahoo search results in a money-making scheme. Reportedly, when people searched for “erectile dysfunction medications,” Yahoo directed them to an online pharmacy company that paid commissions to one of the hackers.