Former Yandex CISO weighs in on alleged Five Eyes hack

It's not known which of the alliance's five countries is behind the espionage operation

Russian hack concept

A former Yandex CISO has addressed the allegations made against the Five Eyes intelligence alliance which allegedly used a rare strain of malware to spy on user accounts relating to Russia's leading search engine.

The malware called Regin is known to have been used by Five Eyes in previous operations, according to information that was previously unearthed in the 2014 Edward Snowden leak of NSA documents.

According to sources familiar with the matter, who spoke to Reuters which first broke the story, it couldn't be determined which country launched the attack on Russia's leading search engine which was discovered between October and November 2018.

The Five Eyes intelligence alliance is formed of the UK, US, Canada, Australia and New Zealand and operates under the agreement that all information can be shared without fear of it being leaked outside of the alliance.

The former CISO of Yandex, which is often referred to as Russia's Google, took to Twitter upon reading the news to offer some interesting insights into the attack.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Taking a more offensive stance, Vladimir Ivanov exclusively and repeatedly addressed the attackers as "NSA" instead of speculating the true origin of the attack like the sources of the information did.

"NSA is not an easy fish to catch, so kudos to you-know-how-you-are at Yandex security team," he said.

"As a former Yandex CISO I am extremely proud of the team that was able to detect and respond to NSA hacking attack," he added.

Ivanov quoted a section of the article which claimed the purpose of the attack wasn't strictly to spy on Yandex users, but to understand how Yandex authenticates user accounts before saying how the information has been in plain sight.

He alluded to Yandex being transparent in its methods of account authentication which included two-factor authentication and a proprietary Yandex Key application, according to self-written posts to Russian website Habr.

Advertisement - Article continues below

Addressing the NSA directly over Twitter, Ivanov said if they wanted to know how Yandex authenticates user accounts "you could've just asked".

"Yandex does not enrich Uranium, is not a critical infrastructure company, not a military agency," he said. "It's a NASDAQ trading commercial company. I wonder what's the justification to hack into it. Cannot avoid seeing similarities with Chinese attack on Google."

"This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done," Yandex spokesperson Ilya Grabovsky said to Reuters. "The Yandex security team's response ensured that no user data was compromised by the attack."

The sources said the hack was for espionage purposes and not to steal intellectual property or disrupt system operations. The hackers were able to remain concealed on the Yandex network for "several weeks" before being discovered.

Yandex recruited Kaspersky to help clean up the situation and it was the antivirus software company which was able to establish that the attackers were targeting a group of developers inside Yandex, according to the sources.

Advertisement
Advertisement - Article continues below

The Regin malware used in the attack was reportedly modified from previous versions with never before seen code compared to the previous iterations. Reports tied older version of Regin to GCHQ and NSA joint hacking operations on a Belgian telco in 2013.

Advertisement - Article continues below

GCHQ and the NSA declined to comment while the Home Office did not reply to requests for comment at the time of publication.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/security/28170/what-is-cyber-warfare
Security

What is cyber warfare?

20 Sep 2019
Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/security/antivirus/354328/microsoft-to-scrap-security-essentials-when-windows-7-reaches-end-of-life
antivirus

Microsoft to scrap Security Essentials when Windows 7 reaches end-of-life

13 Dec 2019