Yahoo "scanned customer emails" under top-secret order

[steven36]

Yahoo was forced by a secret court order to build a tool that scanned all of its customers' emails for specific information supplied by US intelligence agencies.

 

 

 

The report comes from Reuters, citing three sources who are familiar with the events.

 

According to the report, the tool was built in 2015 at the behest of either the NSA or the FBI (it's not clear which, given the NSA usually funnels its requests through the FBI), according to the sources.

 

Engineers at the company were told to build the tool "to siphon off messages containing the character string the spies sought and store them for remote retrieval," the report said.

 

But weeks later, the company's internal security team -- at the time led by Alex Stamos, who left the company to work for Facebook in mid-2015 -- found out about the program. The team is said to have thought that hackers broke in. The report also said that a programming flaw could have allowed hackers into the stored emails.

 

Stamos reportedly resigned as chief information security officer, said Reuters. (Stamos did not respond to the news outlet's request for comment, but we asked the company to comment regardless.)

 

An NSA spokesperson did not immediately return a request for comment.

 

The Foreign Intelligence Surveillance Court, which authorizes the government's surveillance requests, signed off on the unusual request, which is thought to be the first of its kind.

 

But it's not known exactly who was the target of the broad request. Other companies may have also been served a similar demand, because it wasn't known which service the target's email account was hosted with.

 

The court's work -- usually conducted in secret -- first became public after a FISA court order, leaked by whistleblower Edward Snowden, was published by reporters in June 2013, which detailed how Verizon was forced to turn over metadata on all its customers on a rolling basis.

 

However, the government has used the court to push for more from US tech companies, including their source code.

 

The vast majority of requests made by the government are accepted. At the last count, just 12 requests have been denied in the past four decades that the court has been operational.

 

Source:

http://www.zdnet.com/article/yahoo-secretly-scanned-customer-emails-for-us-intelligence/

 

 

[jabrwky]

Is this the "databreach" from *foreign nationals*? Will Verizon still pay full price for Yahoo! -- or risk more exposure for treachery?

[steven36]

11 minutes ago, jabrwky said:

Is this the "databreach" from *foreign nationals*? Will Verizon still pay full price for Yahoo! -- or risk more exposure for treachery?

At the rate yahoo is headed  they will have to file bankruptcy , Whats so scary  about this is if Yahoo was doing  it was many more was doing too , but if you was not bothered  by now there's nothing too fear  I never made no account  with my real name no ways .  You should have more than one email anyways,  if you need one with you're real name only use it for business.  For anything  use one with fake info .

 

[marinegirl]

Yahoo Admits It Secretly Hacked All User Accounts For US Intelligence

ust days after admitting that some 500 millions of its email accounts were hacked (allegedly Russians, of course), the Yahoo confessional continues as Reuters reports, somewhat stunningly that, Yahoo secretly built software to search all of its customers' incoming emails for US intel officials. Yahoo's reaction to this: we are "a law abiding company."

Following claims of state-sponsored attacks of its customers' email accounts, Reuters reports, Yahoo also hacked its own customers' accounts...

 

 

Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

 

The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI,said two former employees and a third person apprised of the events.

 

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to a spy agency's demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

According to the two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook. This suggests that the previous news of a massive hack at Yahoo previously blamed on Russians may have been all the doing of Marissa Meyer herself, under pressure by the NSA.

 

 

Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo's challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent directive and thought the company could have prevailed, the sources said.

 

 

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company's security team in the process, instead asking Yahoo's email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

 

The sources said the program was discovered by Yahoo's security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

 

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users' security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad directive for real-time Web collection or one that required the creation of a new computer program.

 

 

"I've never seen that, a wiretap in real time on a 'selector,'" said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.

 

"It would be really difficult for a provider to do that," he added.

But don't think for a minute it was only Yahoo: as Reuters adds, "it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information."

 

 

Alphabet Inc's Google and Microsoft Corp, two major U.S. email service providers, did not respond to requests for comment.

Which probably means we can expect more dramatic revalations at that "other" free email company.

"Yahoo is a law abiding company, and complies with the laws of the United States," the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

So - to clarify - after "Russian" hackers hacked 500 million Yahoo accounts, Yahoo itself hacked ALL user accounts.

Paging Verizon? Is this material enough to break the deal?

http://www.zerohedge.com/news/2016-10-04/yahoo-admits-secretly-hacking-customer-accounts-us-intelligence

http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT

It just keep,s coming.......(all accounts not just the US).

 

 

 

 

 

[Batu69]

Topic moved from The Chat Bar forum & merged.

[JeffDunhill]

These are the secrets which nobody likes, but can't do much cause 'free service' and 'I agree to the terms and conditions'

[OrbingStorm]

There is not one government in this world to trust,just as there is no corporation or company that can be trusted. 

I'm wondering if its time to start paying for services with money not data.

 

[pc71520]

When Security violates Privacy.

[Reefa]

Quote

Yahoo on email spying: sources were ‘misleading’ with claims

A report yesterday claimed Yahoo built custom software to spy on its users’ emails on behalf of U.S. intelligence agencies, something that reportedly caused disagreements behind closed doors and at least one resignation. In a statement issued today, Yahoo downplayed the report, saying that it “narrowly interpret every government request for user data to minimize disclosure.” The company also said, “The mail scanning described in the article does not exist on our systems.”

 

Yahoo’s statement has left some uneasy, as it called the report ‘misleading’ rather than false. Though it says the “mail scanning” software reported by Reuters yesterday doesn’t exist on its system, some have questioned whether it did in the past, and if so, how long it was in operation. If that’s not the case, clarification is needed on which parts of the report, exactly, were misleading.

 

According to three sources cited in the report, two of whom were reportedly Yahoo employees, the company received a government directive that supposedly resulted in Yahoo’s email engineers creating and deploying spying software without the knowledge of Yahoo’s security team. The security team allegedly discovered the software in early summer 2015 and initially believed it to be the work of an outside hacker.

 

Per the sources’ statements, this software looks for certain strings of government-provided characters in all inbound Yahoo Mail emails, siphoning those with the string into a separate remotely accessible system. U.S. spies working for the NSA and/or FBI can then reportedly access those emails.

 

The allegations surfaced mere days after Yahoo disclosed a massive state-sponsored hacking of more than 500 million user accounts. See the timeline below for related information.

http://www.slashgear.com/yahoo-on-email-spying-sources-were-misleading-with-claims-05458986/

 

 

[flash48]

I wonder if the FBI would knock on my door if I create a Yahoo Email with certain trigger words as 'dirty bomb', fly a plane into the White house, 'kill Americans', attack malls and places of worship.

[SnakeMasteR]

Try it out? In case for what you wrote, that could indeed happen and you really shouldn't play with your freedom.

[humble3d]

What a world we live in...deplorable at times...