Reuters – Yahoo allowed US government to secretly scanning customer emails

Yahoo may have allowed US government to search user emails by using a secret software program that scanned hundreds of millions of Mail accounts.

Yahoo is still in trouble, this time the company  has reportedly scanned all of its users’ incoming emails with a secret software program that is designed to gather information for the US Government agencies.

According to the Reuters agency, the software was created last year and it was used by IT giant to search emails in hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency and FBI.

“Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.” reported the article from the Reuters Agency.

“The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.”

If confirmed, this is the firm time of a US Internet company agreeing to an intelligence agency’s request by scanning all incoming email messages in real time. In the past, other cases showed the US agencies to examining stored messages or scanning only  a small number of accounts in real time.

The NSA PRISM surveillance program revealed by the whistleblower Edward Snowden is probably the most popular surveillance initiative that involved US IT giants that have handed over customer data before.

Yahoo was one of the companies that took part of the NSA’s PRISM intelligence-gathering programme.programme.

It is not clear if the company is still using the powerful surveillance program to comply with a U.S. classified government requests.classified government requests.classified government requests.classified government requests.

Yahoo is a law abiding company, and complies with the laws of the United States,” is the official reply of the company.

It’s still unclear what US intelligence agencies were exactly searching for, it seems the surveillance program was scanning for a certain “set of characters,” possibly a phrase in an email or attachment.

I believe it is important to highlight that according to two of the former employees, the decision of company to obey the government directive led the departure of Chief Information Security Officer Alex Stamos in June 2015.

The Reuters reported Yahoo’s security team discovered the surveillance program in May 2015, a few weeks after its deployment in the company systems. In a first time, the security team thought hackers had broken in, later they discovered that the installation was authorized by the CEO.

“When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.” reported the Reuters “Stamos’s announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo.”

Both the NSA and the FBI didn’t immediately respond to a request for comment.

The news arrived a few days after a former Yahoo executive revealed the number of affected user accounts in the 2012 Yahoo data breach may be between 1 Billion and 3 Billion.

Patrick Toomey, a staff attorney with the American Civil Liberties Union used the following statements to comment the news:

“Based on this report, the order issued to Yahoo appears to be unprecedented and unconstitutional. The government appears to have compelled Yahoo to conduct precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit.”

“It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court. If this surveillance was conducted under Section 702 of the Foreign Intelligence Surveillance Act, this story reinforces the urgent need for Congress to reform the law to prevent dragnet surveillance and require increased transparency.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Yahoo, surveillance program)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Empire Market owners charged with operating $430M dark web marketplace

Federal authorities charged two individuals with operating the dark web marketplace Empire Market that facilitated…

1 hour ago

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances…

3 hours ago

LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that…

10 hours ago

Spanish police arrested an alleged member of the Scattered Spider group

A joint law enforcement operation led to the arrest of a key member of the…

12 hours ago

Online job offers, the reshipping and money mule scams

Offers that promise easy earnings can also bring with them a host of scams that…

14 hours ago

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

1 day ago

This website uses cookies.