In a previous post, we talked about the now infamous Yahoo data breach and how you improve your level of security. Now, I’m going to attempt to dive deeper into how this infiltration happened.
According to Yahoo’s Tumblr account, the attackers accessed their proprietary coding and learned to create ‘forged cookies’ which allowed them to access accounts without typing in a password.
What Methods Do Hackers Use to Pilfer Information?
The explanation here is more complex than just one idea. When you’re logged into a website, take Yahoo for example, you have what is called a unique ‘Active Session’ or ‘Active Session Key’.
Hackers can glean this information through the use of a public Wi-Fi network by collecting session information when users log-in to a website. If a website is using an unsecured version of the HTTP, without SSL, the attacker can steal the unique session ID through the ‘HTTP GET’ method by using programs like Wireshark. The HTTP GET method is important because it contains both web-caching and logging information.
Information can also be stolen through the sending of a phishing e-mail with a forced session ID; activated by clicking a link within the e-mail. This is also similar to the methodology used by the hackers in the Target Data Breach.
Using Unsecured HTTP Data Against Its Own Environment:
Once the hackers have the Session Key, they can then modify a URL to include the stolen session ID, and log-in to said user’s account without ever having to enter a password.