14 DAY TRIAL // Security firm InfoArmor has put forward a theory claiming that the group that broke into Yahoo's servers, stole, and then dumped its data is made up of regular hackers and have no affiliation with state agencies, making Yahoo's assessment of "state-sponsored actors" false.
The company says the Yahoo hack is the work of an elite team of hackers, which were also behind the hacks of other high-profile web services, such as LinkedIn, MySpace, Tumblr, VK, and more.
Hackers used Tessa88 and Peaceof_Mind as public spokespersons
InfoArmor says this group used two individuals as public spokespersons and intermediaries to sell the stolen data.
These two are the infamous Tessa88 and Peace_of_Mind, the two persons that put up most of the data for sale online on The Real Deal (TRD) Dark Web marketplace, but also on underground hacking forums.
InfoArmor's theory contradicts Yahoo's explanation, which the company gave in its official press release regarding the incident, saying that a "state-sponsored actor" had compromised its servers, but without presenting any details to sustain this assessment.
In an interview with Wired, but also in a conversation on Jabber with your reporter, Peace_of_Mind said he was representing a larger group of Russian hackers.
Hell Forum users or Eastern European hackers?
InfoArmor is not sure who is this group of hackers, but has two theories. The first is that the group is formed from a nucleus of former Hell Forum users, and the second is that they are professional blackhats from Eastern Europe.
The latter theory also leaves the door open for them to be members of state-sponsored groups, as Yahoo suspected, who are now selling off data that has become obsolete due to its age.
InfoArmor also says that most of the data has been pumped up and injected with fake accounts to boost its market value, a reason why Tessa88 has been banned on several underground forums, and a reason why the TRD marketplace has suffered huge downtime lately due to DDoS.
Additionally, InfoArmor says that the two public figureheads, Tessa88 and Peace_of_Mind appear to have cut ties with the original hackers, but the reason is unknown.
"This approach was 'carefully' orchestrated in order to mask the actual sources of the hacks and to commercialize the data in an anonymous manner, due to the fact that this data had been used by the threat actors for their own purposes, namely, targeted account takeover (ATO) and spam," InfoArmor explains in its report.
A previous report has presented Peace_of_Mind as one of the authors, next to a hacker known as Bestbuy, of the GovRat 2.0 malware.
