Yahoo may have spied on users of its email platform. The company is believed to have run custom-made software that crawled through millions of emails searching for specific snippets of information security agencies like NSA or FBI were looking for. If true, this would be the first official case of an American internet company agreeing to spy on all incoming emails as per the demands of U.S. intelligence agencies.
Using custom algorithm designed to sniff out mentions of information provided by U.S. intelligence officials, Yahoo spied on unsuspecting users of its email platform, reported Reuters. The reports haven’t been corroborated yet, but Reuters is basing the allegations on “people familiar with the matter.” According to former Yahoo employees, the company scanned “hundreds of millions” of emails at the behest of the National Security Agency (NSA) or FBI.
According to security experts, this would be the first case in which a U.S. Internet company agreed to a spy agency’s request by scanning all incoming email messages as opposed to the standard protocol in which stored messages are scanned, or a small batch of accounts are monitored in real time. Neither confirming or denying the report, Yahoo responded with a brief statement, saying, “Yahoo is a law-abiding company, and complies with the laws of the United States.”
The report even seems to extend the news and link it to Yahoo’s top security guy, Alex Stamos, sudden departure from the company. It appears the decision was taken at the highest level and most likely involved Yahoo’s CEO Marissa Mayer, reported Tech Dirt. Stamos has always advocated end-to-end encryption of communication, and it is quite likely the decision did not sit well with his ideals. It is possible Stamos decided to leave Yahoo over the decision to monitor the emails and join Facebook.
Yahoo’s decision to snoop on the emails happened last year, well after the Snowden disclosures about national-level organized spying programs being operated by national security agencies. Moreover, Yahoo had already challenged NSA’s dragnet attempts, reported Business Insider. If that’s not all, it appears Yahoo had famously rolled out end-to-end encryption on its email platform.
According to the report, Yahoo agreed to create special software for scanning all incoming emails for certain phrases or keywords that the security agencies were looking for. Bizarrely, the report indicates Yahoo did not keep the in-house security agency of the company in the loop. Instead of trusting the security team, Mayer chose to give the task of designing the software to the email engineers. The engineers were instructed to, “write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval,” claimed the sources.
The engineers, similar to the security team, had no idea about the true purpose of the software. In fact, the spying attempts may not have surfaced had the security team not discovered the software and attempted to halt it, thinking it was some sort of malware. The security team discovered the software in May 2015, a few weeks after it was launched.
The security team was convinced a few organized and resourceful hackers had managed to compromise Yahoo’s security. However, when Stamos came to know it was Mayer who had authorized the spying program, he resigned as the chief information security officer, allegedly informing his subordinates that he is leaving because he was left out of a decision that hurt users’ security.
Interestingly, the news come after Yahoo recently announced it was the victim of a “state-sponsored” hack. The enormity of the hack can be gauged by the fact that the company admitted personal details of over 500 million its users had been compromised, reported the New York Times.
It is not immediately clear if other Internet companies like Google, Facebook, Microsoft, Twitter, etc. were similarly approached with a “classified U.S. government directive.” However, if the report pans out to be true and accurate, the spying program sits right beside other espionage initiatives like PRISM and Upstream.
[Featured Image by Justin Sullivan/Getty Images]