Earlier in the week, reports broke out on software that was installed by Yahoo in its systems to help the United States government search through the emails of all its users from January to June 2015.
It was believed that the tool was a simple program that was a modification of the existing scanning system used by Yahoo to sniff out email for things such as spam, malware and child pornography. However, according to an exclusive Motherboard report, the software was much worse than that.
Two people familiar with the matter told Motherboard that the tool more closely resembled a form of malware known as a rootkit, which embeds itself within a system and essentially provides hackers with full access.
One source, a former employee of Yahoo, said that the tool was found by an internal security testing team of the company during one if its checkups and assumed that it was a rootkit that was installed by a hacker. According to the source who wished to remain anonymous, the tool was not a slight modification on Yahoo’s scanning system, because if it was, the security team would not have noticed it and “freaked out.”
The source went on to say that the program’s contents did not look like something that Yahoo would install, especially as it was installed in such a way that presents a security risk to all the company’s users.
Another source narrated that after the tool was discovered, the report on the security issue moved up to Alex Stamos, the head of security for Yahoo at the time. Stamos then found out that the rootkit-like software was purposely installed and spoke to management about it. Afterward, the report on the tool was quickly closed, preventing other employees working under the security team to even find out about it.
Many questions about the reported tool remain, which is why Democratic Senator Ron Wyden of Oregon, who is a member of the intelligence committee, along with civil groups against surveillance practices, have called for the United States government to publicize the alleged secret order in 2015 that directed Yahoo to scan all the emails of its users.
The order contains interpretations of federal law that the American people could find troubling and surprising, Wyden said, adding that the USA Freedom Act requires the declassification of Foreign Intelligence Surveillance Court opinions, which involve such interpretations.
Among the other unanswered questions surrounding the issue is what exactly the government was looking for in the emails, how long the tool was used and why Yahoo decided to not involve its security team.