The fallout from the massive Yahoo hack, considered to be the largest known data breach of its kind, reportedly continues to impact victims globally. Over 3,000 email accounts linked to Australian government officials, including those in high-profile positions such as MPs, judges and federal police, are among the one billion accounts hacked and stolen, according to reports.
According to US-based cybersecurity firm InfoArmor, an Eastern European hacker group dubbed Group E stole data from Yahoo in 2013. InfoArmor reportedly informed the Department of Defence of the data breach in October 2016. The revelations have led Australian Prime Minister Malcolm Turnbull to launch a probe into the incident, the Sydney Morning Herald reported.
A Department of Defence spokesperson told ABC Australia that the department was notified about the breach via an intermediary from NSW police two months prior to Yahoo publicly acknowledging the violation. The department also confirmed it had notified its own employees of the data breach.
The stolen data includes email addresses, passwords, recovery accounts and other personal and sensitive data. Among those affected were high-profile government officials including, Social Services Minister Christian Porter, Shadow Treasurer Chris Bowen, Liberal MP Andrew Hastie, Opposition Health Spokesperson Catherine King and Liberal Senator Cory Bernardi.
Also among those affected are judges, high-ranking AFP officers, AusTrac money laundering analysts and political advisers. Prime Minister Turnbull's cybersecurity Special Adviser Alastair MacGibbon said that the scope of the Yahoo breach was breathtaking.
"It's really what's inside those accounts that matters," MacGibbon added. "If there are compromising activities inside those accounts — again, whether I work for a corporate or government it doesn't really matter — criminals may exploit that. Criminals may exploit me recycling a password."
MacGibbon added that the magnitude of the breach made it difficult to determine how many of the affected accounts currently remain active. Experts have raised concerns about cybercriminals exploiting the data to blackmail officials.
"There's potentially information in there that is blackmail-able," said University of New South Wales Professor Richard Buckland. "Blackmail information is very valuable to other governments for nudging or persuading people to do things."
According to InfoArmor chief intelligence officer Andrew Komarov, the hackers have had years to exploit the stolen data. "The bad actors had enough time to compromise any records they wanted as it's a pretty significant time frame," Komarov said. "That's why today is pretty hard to figure out what exactly happened and how many employees in government could be compromised."
Although reports speculated about the cyberattack having been perpetrated by state-sponsored hackers, Komarov said that Group E were likely motivated by profits. "This group has no presence on any forums or marketplaces. In the past they used two proxies: one for the Russian-speaking underground and another one for the English-speaking," Komarov said.
"They sell their data indirectly using some trusted channels, contacts and proxies. Not through any marketplaces or forums because of their security measures. They don't need it."