11 Oct 2016
According to reports, Yahoo developed software in order to scan the emails of hundreds of millions of its users on behalf of US intelligence services. Additionally, installing this software appears to be the result of a Foreign Intelligence Surveillance Act (FISA) court order.
The program was originally designed to scan for child pornography and emails containing signs of state-sponsored terrorist organizations. Additionally, the email scanner may actually more powerful than originally suspected.
One anonymous source who had worked on Yahoo’s security team, claims that the original backdoor or Rootkit was installed by the NSA or FBI and was poorly designed and buggy. A Rootkit would allow hackers to have administrative control over the systems. Ultimately, the tool was so poorly designed that hackers could have gained complete access to all Yahoo user data without a way for Yahoo or US Intelligence to detect it.
Apparently, Yahoo’s own security team weren’t told about the program so when they discovered it, they immediately assumed hackers had installed malware. Once the team started to take action they were told by executives that they had installed the program on behalf of the US government. Ultimately, this lead to the departure of Chief Information Security Officer Alex Stamos in 2015.
So far this revelation has cost Yahoo at least $1 Billion, since now that Verizon has wind of it they are planning on shaving that amount off the $4.8 Billion they were going to spend in order to acquire the company.