One of the hackers alleged to be responsible for a 2014 hack of Yahoo that affected half a billion users also manipulated search results in his favor to make some money on the side, according to the indictment filed today by the Justice Department.
Alexsey Belan has been charged multiple times with e-commerce fraud and hacking offenses, but managed to escape to Russia in 2013 — after his arrest in Europe but before he could be extradited. His alleged offenses in the Yahoo case appear to be more opportunistic than those of his colleagues.
DoJ accuses two Russian spies and two criminals of 2014 Yahoo hackMarissa Mayer forgoes bonus and equity in wake of Yahoo security incidentsYahoo offers new details on breaches to Senate committee
One of his schemes was to manipulate some of Yahoo’s search engine servers so that when people searched for “erectile dysfunction medications,” (as the indictment puts it, but perhaps less formal inquiries were also included) they were forwarded to an “online pharmacy company” that paid commissions to traffic-drivers. This was done using an unnamed cloud computing company that apparently (and no doubt unknowingly) acted as intermediary between the Yahoo link and the pharmacy.
This rather expands the access hypothetically enjoyed by the hackers; whereas before it was certain that emails, hashed passwords and security questions (among other common data) were stolen, this implies interference at a considerably deeper level. If Belan could plant search results for what must be a closely monitored market and query set, what else could he have tweaked to his or a client’s advantage?
Two weeks ago a Yahoo SEC filing also revealed new details about the hack, namely that the intrusion had exposed “proprietary code.” What code? How? At the current rate Yahoo is hemorrhaging unflattering information about the hacks, it may not be long before we find out.