Today Yahoo! is all over the Internet, but in a way the company would never have expected.

It all started days ago when Reuters cited some anonymous sources and reported that Yahoo built a secret software to scan the emails of hundreds of millions of its users at the request of a U.S. intelligence service.

At this point, we were not much clear about the intelligence agency: the National Security Agency or the FBI?

The news outlet then reported that the company installed the software at the behest of Foreign Intelligence Surveillance Act (FISA) court order.

Following the report, the New York Times reported that Yahoo used its system developed to scan for child p*rnography and spam to search for emails containing an undisclosed digital "signature" of a certain method of communication employed by a state-sponsored terrorist organization.

Although Yahoo denied the reports, saying they are "misleading," a series of anonymous sources, therefore, unaccountable, provided media with vague and conflicting info about the scanning tool, its working, for how long and under what authority it was used, and ultimately how it was discovered.

Not an Email Scanner, It was a 'Rootkit' Installed by Government

Yes, now the whole Yahoo saga is getting worse day by day, leaving experts frustrated who are trying to figure out facts from fiction.

The latest twist is a recent Motherboard report, which again cited two anonymous sources, which held previous descriptions of the email scanning tool wrong, saying the tool was much more powerful than other sources reported.

These sources — at least one of whom once worked with Yahoo security team — said that in reality, the NSA or FBI had secretly installed a "buggy" and poorly designed "backdoor" or "Rootkit" on Yahoo's mail servers.

In technical term, Rootkit is a software program that modifies the operating system in such a way that it gives hackers administrative or "root" control over systems without being detected by the actual administrator of the system.

The backdoor was so secretive that even Yahoo's own security team was kept in the dark about the program. So, when the security team discovered this tool, they believed some hackers had installed a sophisticated and dangerous piece of malware.

The team sounded the alarm, after which the company executives tell them they had installed the tool on the US government request, which resulted in the contentious June 2015 departure of Chief Information Security Officer Alex Stamos, who now works at Facebook.
"If it was just a slight modification to the spam and child pornography filters, the security team wouldn't have noticed and freaked out," an anonymous source told Motherboard. "It definitely contained something that did not look like anything Yahoo mail would have installed. This backdoor was installed in a way that endangered all of Yahoo users."
And, apparently it has been reported that the custom-built rootkit/malware code was super buggy and "poorly designed," suggesting that hackers could have exploited it to gain unlimited access to all Yahoo users' data as well as Yahoo's network, the ex-Yahoo source told Motherboard.

And the worst part is that these attacks would be virtually undetectable by either Yahoo's team or the US intelligence agency because the malicious program was designed in a way that administrators can't see what programs are running under a rootkit cloak.

A separate report at the Intercept also has similar claims. So, it could be possible that the same source is going to multiple publications.
"The program that was installed for interception was very carelessly implemented, in a way that if someone like an outside hacker got control of it, they could have basically read everyone's Yahoo mail," an anonymous ex-Yahoo source told The Intercept.

The Whole Yahoo Saga is Getting Worse

Yahoo Chief Executive Marissa Mayer has been criticized over the Internet to comply with the US government rather than fighting it back. Internet users are saying it's the latest corporate witch-hunt and, unfortunately, it all arrive just in time for Halloween fun.

This whole saga has already cost Yahoo 1 Billion in losses, according to recent reports. After Verizon had learned about the recent disclosures about hacking and spying in the past few weeks, it is expecting a Billion discount in the Yahoo acquisition deal, which was initially finalized for $4.8 Billion.

The 2014 hack the company admitted recently exposed over 500 Million accounts, which marked it as the biggest data breach in history. However, some unknown sources claimed that the number might be between 1 Billion and 3 Billion.

There are still many unanswered questions like:
  • What programs the US government ran on Yahoo's mail servers?
  • How long was the rootkit in place?
  • Who actually wrote the rootkit/malware code?
  • How interconnected Yahoo's other services -- like sports, finance, and photo sharing -- were with its Mail product?
  • What exactly the government was looking for?
  • Why Yahoo kept its own security team in the dark?
Forcing Yahoo to actually install a rootkit is a very big deal, which is an indigestible thing because info on individuals could be kept secret but forcing a company to install a backdoor on its server is not supposed to be a secret. That's not how things work.

Yahoo has yet to comment on the issue.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.