More like common criminals
A version of this post originally appeared in the Cyber Saturday edition of Data Sheet,Fortune‘s daily tech newsletter.
Blame Russia. In a bombshell indictment, the Department of Justice explained this week how Russian spies worked with common criminals to ransack Yahoo’s customer accounts.
The report backs up Yahoo’s claim, which many in the hacking community had doubted, that a “state-sponsored actor” was responsible for a breach that compromised hundreds of millions of accounts.
Yet not everyone is satisfied with this explanation. A former prosecutor complained to me over lunch this week that the Justice Department is helping Yahoo avoid accountability. In his view, framing the breach as a global espionage incident is a distraction from the main story, which is ordinary criminals exploiting Yahoo’s sloppy security practices for financial profit.
He has a point. The Justice Department account leaves some pretty big questions unanswered, including who carried out an earlier hack at Yahoo, and which corporate officials learned about the breach.
More broadly, the feds risk giving Moscow intelligence too much credit: In this must-read New York Times article, Russia’s spies come across not as evil geniuses, but as opportunists who rely on the work of common cyber criminals. That sure seems like the case with the Yahoo breaches.
There’s one more drawback to overstating the Russian role in the hacks. Namely, the focus on attribution can draw attention from what some cyber-types think should be the real priority—securing our systems from future intrusions.
“Pointing fingers at foreign individual won’t change what happened or stop this happening again. Let’s focus on the root cause of problems and get pre-emptive,” said Oren Falkowitz, a former NSA employee who now runs the email security firm AreaOne. Sounds like sound advice.