This Week: Yahoo Still Has A Problem (And So Does Azerbaijan)

Next: This Week: Hospitals Hit Again (And The Olympics...
Previous: Built On Blind Trust: Risky Business on the...
How long before they notice it was me?
September 30, 2016

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

This week we saw the ongoing coverage of Yahoo’s massive customer breach, and along with it the resurgence of a vendor who looked to make a little money (and a lot of noise). We also saw an attack on Azerbaijani servers coinciding with the 25th Armenian independence anniversary, the latest in a series of retaliatory breaches in the South Caucasus.

Yah-(W)hoo’s Got My Data?

Last week Yahoo confirmed that a breach from 2012 compromised 200 million user accounts. Despite the breach being fairly common knowledge prior to the announcement, Yahoo waited 4 years to publicly acknowledge and act on the breach. The data is available for sale from hacker Peace_of_Mind, the same vendor who previously listed information from MySpace, LinkedIn, and Fling for sale.

Peace_of_Mind asked for 3 BTC, or just shy of USD $2,000 to hand over the file. That’s a small price to pay for 200,000,000 credentials, but with a brand name like Yahoo, Peace can generate enough demand to handily profit on selling the data to anyone with a few bitcoin on hand – buyers who will surely repackage and resell the data as their own. Following the announcement, The Real Deal Marketplace (where the credentials were for sale) was repeatedly unavailable and continued to be down intermittently all of this week.

Yahoo knew about the situation long before it acknowledged the breach to the public, making this a good example of what not to do in a breach. Denying a breach repeatedly only to come back and admit the truth isn’t likely to score points with Yahoo’s customers.

Meanwhile, in Transcaucasia

Following the 25th Anniversary of Armenia’s Independence, Armenian hackers from Monte Melkonian Cyber Army (MMCA) leaked a collection of data they claim belongs to Azerbaijani banks, military, and police servers. The files contained the personal information of Azerbaijani officers and thousands of bank customers. The group also defaced several Azerbaijani embassy websites with pro-Armenian imagery, including the embassies in Bulgaria, Netherlands and Qatar.

The cultural and political divides in the world are increasingly falling along digital lines; online conflicts have become commonplace around important and historical events (see: OpIsrael). The conflict at the heart of the tense Armenian and Azeri relations is the dispute over the mountainous region of Nagorno-Karabakh. The area is under the de facto control of Azerbaijan, but hosts a sizeable ethnic Armenian majority.

On its Twitter page, the MMCA showcases the regional struggle as their motivation for hacking: “If we lose Karabakh, then we will turn the final page in Armenian history.” In the lead up to the most recent leak, the two sides have gone back and forth. The conflicting factions have hacked social media and email accounts, leaked state licenses and passports, and more.

Even in decades-old conflicts, passionate youth are finding ways to weaponize personal information. These private agents take pride in hacking for their country, and are using the data they obtain to harm and humiliate the other side.

One more thing: Text-to-Vote!

US Citizens can now register to vote by texting a new chatbot, known as HelloVote. The bot’s goal is simple - get as many people as possible registered to vote before the presidential election on November 8 (in the last election, about 33 million adults weren’t registered). The SMS service asks for some personal information - including your full name, home address, date of birth, and the last four digits of your Social Security number. HelloVote cross references the information you provide it with existing databases, and can recognize if you’re already registered.

What could go wrong?

RELATED ARTICLES
analysis October 08, 2018
The Nine Lives of a Stolen Payment Card

For financial institutions, simply cancelling and issuing a new card will only prevent fraudulent charges on that specific payment card—a canceled card does nothing to stop future fraudulent activity stemming from other compromised cardholder...

analysis October 02, 2018
The Truth About Dark Web Pricing

Asking how much data costs on the dark web is a good question, but the line of inquiry should not end there. In our research of the dark web, Terbium Labs not only examines...