According to unnamed sources that are choosing to remain anonymous, Yahoo has been working hand in hand with US intelligence agencies. The new info, which follows recent revelations about the massive Yahoo hack, is putting renewed strain on the company’s already severely tarnished reputation.
The new allegations claim that Yahoo willingly took part in a secret US intelligence directive. The result? Carefully planned and coordinated snooping into the email inboxes of hundreds of millions of Yahoo account holders.
The new revelations are not only new evidence of the US’ continued will to spy on innocent Internet users but of their concerted efforts to make private sector tech giants work with them as they do so. Sadly, unlike Apple (which last year decided to stand by its product rather than help the FBI in the San Bernadino case), it would appear that Yahoo instead decided to ‘tow the line’ and participate in the obscene and deliberate intrusion.
So what do we know?
To help the US government to spy on its users, Yahoo designed custom software that purposefully searched all account holder email inboxes for certain keywords. According to sources familiar with the case, Yahoo’s software searched for certain ‘characters’ that were handed to them by the NSA.
The allegations have been provided to Reuters by three whistleblowers that are ex-employees of the Internet giant, and one other informant. Cybersecurity experts have come forward to say that this is the first confirmation of a US-based firm helping the NSA with its draconian surveillance practices.
According to those experts, this is the first time that we are hearing about a US corporation searching all emails rather than just combing through stored messages and spying on particular accounts at the behest of US intelligence requests.
Purposefully spying on specific user accounts is already a terrible habit for any tech firm to engage in. The Yahoo program, however, is being condemned for its rude intrusion into every account holder’s emails. Innocent or not – the alarming discovery reveals – Yahoo email accounts were penetrated; no matter where in the world those users reside.
For now, sadly, it is unclear exactly what the NSA asked Yahoo to search for. It is likely that the operation was proposed to Yahoo ‘for national security reasons’, though this remains to be confirmed.
“A string of characters”
The whistleblowers have revealed that it is unknown exactly what the parameters of the search that Yahoo conducted for the NSA involved. All we known is that they were told to search for particular ‘characters’. According to security experts, that means it is possible that they were searching for keywords, phrases, or even attachments contained within emails. Sadly, though, investigative reporters have been unable to determine what info was handed over to US authorities by Yahoo. In theory, however, it means that the NSA could have been preoccupied with finding malware hidden within emails targeted at Yahoo inboxes by foreign intelligence agencies or lone wolf hackers.
It is no secret that the NSA is highly interested in regular folk’s digital communiques. The Edward Snowden revelations from 2011, already brought to light the NSA’s PRISM program. That intelligence directive was designed to perform MITM attacks not only on the messages of foreigners but on all US citizens as well.
While it is now known that Yahoo has been aiding and abetting US intelligence to target all their users, it is not yet known whether other US firms were approached too. However, it seems likely that other US firms may also have been asked to spy on emails. Apple, for one, says “not us”. A statement released by the firm says,
‘We have never received a request of this type. If we were to receive one, we would oppose it in court.’
Some of the incredible information that has emerged in the scandal includes the fact that the ex-Chief Information Security Officer at Yahoo, Alex Stamos, left the company on bad terms last June because of the spying. In what feels like a storyline from Silicon Valley, Alex Stamos (who is now Facebook’s top security man) apparently disagreed with top brass’ decision to comply with the NSA’s requests.
The decision to help the NSA was allegedly made by the CEO of Yahoo Marissa Mayer, whom as yet has failed to make a statement.
What is the deal with Verizon?
In July, Marissa Mayer announced the $4.83 billion dollar sale of Yahoo to Verizon. Since then, Verizon’s decision to acquire the US tech giant has turned into a nightmare.
In late September, Yahoo announced that 500 million Yahoo accounts had been hacked. The scale of the hack was met with both disbelief and apathy. Such is the range of feelings that these large-scale hacks are causing in the world’s population. Some angered by the tech industry’s continued lack of ability at keeping hackers out of their systems. Others bored by the normality of – yet more news – of a big firm being penetrated by hackers.
A harsh coincidence?
What seems particularly suspect is the closeness of Verizon’s Yahoo acquisition to the two sets of revelations that have come since.
Firstly, since the firm admitted being hacked on September 22nd, it has been revealed that Yahoo knew about the hack for years before finally admitting it to the public. Now, the new revelations demonstrate that in addition to knowing Yahoo users were being hacked, the firm was helping to rinse-out it’s trusting subscribers.
What is unclear is whether the NSA’s directive is the very hacking that was admitted to back in September. If not, it is possible that the NSA was hacking email accounts to try and catch whoever it was that hacked Yahoo in the first place.
Yahoo has released only a short statement in response to the latest revelations,
‘Yahoo is a law-abiding company, and complies with the laws of the United States.’
The sudden scandals are cause for concern at Verizon. After the September incident, the telecom giant sent its chief information security officer over to Yahoo to investigate. Chandra McMahon then brought in Verizon’s cyber security team to perform an independent investigation.
Verizon had been hoping to become a digital media behemoth by adding Yahoo to its fold, but with the possibility of a class-action lawsuit now a stark possibility, the world is holding its breath.
Yahoo hack – biggest penetration ever
It is believed that the Yahoo hack is the largest single penetration of a tech giant in history. Now that it has been revealed that Yahoo hacked its own users, one wonders whether the Verizon deal will even happen. Perhaps the formality of the deal is already legally binding, and Verizon owns Yahoo – and it’s problems – no matter what happens. Nobody is sure.
Brian Quinn, a professor at Boston College Law School, however, says the hacking could indeed affect the merger. Verizon could pull out from the entire deal claiming that the hacking nullifies the takeover. Most interesting? According to Quinn (who has looked over the documents for the merger), if high-level management at Yahoo were aware of the hacking during the process of negotiations – the courts could decide that Verizon is permitted to break the deal. So it seems there might be a way out yet for Verizon.