Is Facebook the next Yahoo? Russian hackers were there, too, in 2014
Internal Facebook documents seized by a member of British Parliament suggest Facebook was under siege from Russian hackers in late 2014. I can tell you Russian hackers were busy that year (as were Chinese hackers, and North Korean hackers, etc..) I spent months researching the hack of Yahoo -- history's largest, by number of compromised accounts -- which means I spent a lot of time looking into Russian hacking. Below is a timeline of Russian-Yahoo events from around 2014 that I compiled for reference when working on our Breach podcast. I'm sharing it today because it might be useful as we continue to example the Facebook situation. It does make me wonder if Facebook will go the way of Yahoo -- a groundbreaking Web behemoth that becomes fragile under its own hubris, and eventually is finished off by security neglect.
First, just a brief bit of context:
The documents were not released at a hearing held Tuesday in London examining Facebook, but the member, Damion Collins, referenced them during questioning. Collins implied the documents show Facebook had advance warning that Russians were sucking massive amounts of data off the firm’s website, well before Russian interference in the 2016 U.S. election
“An engineer at Facebook notified the company in October 2014 that entities with Russian IP have been using a Pinterest API key to pull over 3 billion data points a day,” he said.
Facebook later told CNN that the firm looked into the claim at the time and found no evidence to support it. That kind of confusion aligns pretty neatly with what happened inside Yahoo. As you read SEC filings about the Yahoo incident, there are seemingly contradictory statements. On the one hand, engineers who knew what was going on didn't do a good enough job informing management; on the other hand, management ignored and misunderstood warnings from engineers. At a bare minimum, I think this shows how difficult it is to communicate threats and bad news inside a company -- particularly when there's so much pressure on the bottom line. Security always takes a back seat to money. At least, until security problems lead to money problems, but then, it's too late. Yahoo went through that; Facebook is going through it now.
My timeline:
Early 2014 – Second Yahoo hack, the one blamed on Russians, occurs. (There were two. The first still remains a mystery) Claim: a Yahoo employee falls for a spear phishing attack; Russian hacker Alexsey Belan uses that access to escalate, and ultimately access user database and account management tool.
Fall 2014 – Yahoo detects hack of 30-40 people; it blames Russia. Ultimately notifies 26 victims
https://www.wsj.com/articles/yahoo-executives-detected-a-hack-tied-to-russia-in-2014-1474666865
Dec. 2014 – Yahoo IT team learns an attacker had exfiltrated copies of user database backup files, but does little. “It is unclear whether and to what extent such evidence of exfiltration was effectively communicated and understood outside the information security team.
https://www.sec.gov/Archives/edgar/data/1011006/000119312517065791/d293630d10k.htm (p. 47)
2015 – Yahoo IT discovers that account management tool had been hacked, and cookie forging had occurred, but did very little. “It appears certain senior executives did not properly comprehend or investigate, and therefore failed to act sufficiently upon, the full extent of knowledge known internally by the Company’s information security team.”
https://www.sec.gov/Archives/edgar/data/1011006/000119312517065791/d293630d10k.htm (p. 47)
You can learn much more about the Yahoo hack by listening to Breach, our five-episode podcast on the 'death' of Yahoo.