The massive data breach that Yahoo revealed last week is said by the company to have been carried out by a state-sponsored group. However, an information security firm has refuted the claim, stating that there is no evidence that the hackers acted on behalf of any government.
Yahoo has blamed a "state-sponsored actor" for the security breach that leaked the account information of 500 million users, including names, email addresses, phone numbers, encrypted passwords and security questions. According to Yahoo, the attack occurred in late 2014.
However, Yahoo has not stated how it arrived at the conclusion that the data breach was sponsored by a government, nor has it shown any evidence for such a claim. Yahoo has previously stated that it has systems in place to be able to detect state-sponsored attacks.
"I think there's a lot of fishiness going on here," said Securonix chief security strategist Michael Lipinski, a feeling that is shared by A10 Networks director of cyber operations Chase Cunningham.
According to Cunningham, blaming a high-profile security breach on a state-sponsored group could be a way of reducing culpability for the situation, especially as hackers backed by governments are perceived to be among the best ones in the world.
Cunningham believes that cyber criminals, and not a state-sponsored hacking group, are the ones behind the security breach, as governments are only interested in intellectual property that they can utilize and not the personal information from Yahoo users.
Information security company InfoArmor has also stated the same thing, believing that criminals are behind the data breach and not state-sponsored hackers as Yahoo claims.
According to InfoArmor, the hackers have sold the database containing the leaked information from the security breach at least three times, with one of the transactions involving a state-sponsored actor.
However, the hackers, which the company has named Group E, have a significant track record on crime and have created a moneymaking enterprise. Group E sells data to other criminals for spam and to affiliate marketers who are not supported by any government, said InfoArmor chief intelligence officer Andrew Komarov.
Komarov said that the dealings of Group E do not fit the profile of state-backed hackers. While their clients may be backed by governments, the hackers themselves are not.
Komarov claims that the attack on Yahoo is part of a wider campaign to breach the email accounts of prominent officials not just in the United States, but in all parts of the world. While the attacks might not have targeted the officials directly, the hackers were looking for information from the Yahoo accounts of family and friends of the officials.