Romanian Hackers Allegedly Used The Shellshock Bug To Hack Yahoo's Servers
Stephen Lam/Reuters
The Shellshock bug can be used by hackers to control servers using a vulnerability in Linux and Unix. The problem has existed for over 20 years, but it was only discovered in September. If a hacker gains access to a server using the Shellshock bug, they could see everything that is stored there.
Hall, a technology consultant and Unix expert, outlined in his post the process he used to track down the hacked Yahoo servers. Hall used a Google search to find servers that had been left vulnerable to Shellshock. He discovered that the WinZip.com domain was being used by hackers to track down other servers that could be vulnerable to the bug.
Hall went on to find that Romanian hackers had gained access to Yahoo's servers, and were gradually exploring the network in search of the popular Yahoo! Games servers. Yahoo's games are played by millions of people, making them a target for hackers looking to wreak havoc. Through his research, Hall discovered that two of Yahoo's servers had been breached by hackers, and that more could have already been accessed.
Yahoo's servers were vulnerable to attack because they were using an old version of server technology Bash. Hall emailed and tweeted Marissa Mayer, as well as a member of Yahoo's engineering team. Eventually he received a response from Yahoo that confirmed its servers had been breached and that it was working through its incident response process. Hall claims that Yahoo refused to pay him for the discovery because it claims that it is not part of the company's bug bounty program.
Yahoo has come under fire in the past for its response to security researchers who uncover bugs in its servers. In 2013 the CEO of a security firm was awarded a $25 voucher for Yahoo-branded items after he uncovered three bugs in Yahoo's online services.
Business Insider contacted Yahoo for comment on this story and will update this post when we hear back.
- US buys 81 Soviet-era combat aircraft from Russia's ally costing on average less than $20,000 each, report says
- 2 states where home prices are falling because there are too many houses and not enough buyers
- A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
- Foreign tourist arrivals in India will cross pre-pandemic level in 2024
- Upcoming smartphones launching in India in May 2024
- Markets rebound in early trade amid global rally, buying in ICICI Bank and Reliance
- Women in Leadership
- Rupee declines 5 paise to 83.43 against US dollar in early trade