Yahoo reportedly built a custom software programmed to secretly scan all of its users' emails for specific information provided by US intelligence officials, according to a report by Reuters.
The tool was built in 2015 after company complied with a secret court order to scan hundreds of millions of Yahoo Mail account at the behest of either the NSA or the FBI, according to the report that cites three separate sources who are familiar with the matter.
According to some experts, this is the first time when an American Internet company has agreed to such an extensive demand by a spy agency's demand by searching all incoming emails, examining stored emails or scanning a small number of accounts in real time.
The tool was designed to search for a specific set of character strings within Yahoo emails and "store them for remote retrieval," but it's unclear exactly what the spies were looking for.
In 2014, we also reported about a court document that revealed Yahoo, who fought back against NSA, refused to join PRISM surveillance program in 2008 until the US government threatened Yahoo with $250,000 fine per day.
However, the US intelligence agency approached the company again in 2015 with a court order came in the form of a "classified directive" that was sent to Yahoo's legal team.
The email search tool was so secretive that even Yahoo's own security team was unaware of the program.
Yahoo Chief Executive Marissa Mayer and Yahoo General Counsel Ron Bell not only decided to comply with the directive rather than fighting it back, but they also did not even involve Yahoo's security team in the process, the report suggests.
Instead, Mayer and Bell asked Yahoo's email engineers to write a secret software program to siphon off messages containing the specific character string the spies demanded and stored them for remote retrieval, according to the sources.
The tool was designed to search for a specific set of character strings within Yahoo emails and "store them for remote retrieval," but it's unclear exactly what the spies were looking for.
In 2014, we also reported about a court document that revealed Yahoo, who fought back against NSA, refused to join PRISM surveillance program in 2008 until the US government threatened Yahoo with $250,000 fine per day.
However, the US intelligence agency approached the company again in 2015 with a court order came in the form of a "classified directive" that was sent to Yahoo's legal team.
So Secretive Even Yahoo Security Team was Unaware of It
Yahoo Chief Executive Marissa Mayer and Yahoo General Counsel Ron Bell not only decided to comply with the directive rather than fighting it back, but they also did not even involve Yahoo's security team in the process, the report suggests.
Instead, Mayer and Bell asked Yahoo's email engineers to write a secret software program to siphon off messages containing the specific character string the spies demanded and stored them for remote retrieval, according to the sources.
Therefore, when Yahoo's security team discovered the program in May 2015, the team initially thought some hackers had broken in.
When Yahoo's Chief Information Security Officer Alex Stamos found out that Mayer had authorized the surveillance program, he resigned from the company, telling his subordinates that "he had been left out of a decision that hurt users' security."
Stamos now works for Facebook.
Here's what Yahoo said in a brief statement in response to Reuters demand:
It is most likely that other Internet companies may have also received a similar court order because the spy agency did not know which the target was using email service.
And since the NSA usually makes requests for domestic surveillance through the FBI, it is hard to say which agency was seeking the information.
This news comes just weeks after Yahoo announced the company was the victim of a "state-sponsored" cyber attack that leaked the personal details of more than 500 million of its users.
'Unhappy' Chief Information Security Officer Left Yahoo Immediately
When Yahoo's Chief Information Security Officer Alex Stamos found out that Mayer had authorized the surveillance program, he resigned from the company, telling his subordinates that "he had been left out of a decision that hurt users' security."
Stamos now works for Facebook.
Here's what Yahoo said in a brief statement in response to Reuters demand:
"Yahoo is a law-abiding company, and complies with the laws of the United States."The company declined any further comment.
It is most likely that other Internet companies may have also received a similar court order because the spy agency did not know which the target was using email service.
And since the NSA usually makes requests for domestic surveillance through the FBI, it is hard to say which agency was seeking the information.
This news comes just weeks after Yahoo announced the company was the victim of a "state-sponsored" cyber attack that leaked the personal details of more than 500 million of its users.
Share your view.. EmoticonEmoticon