So it turns out Yahoo had another gigantic data breach, this time involving the theft of data from over a billion accounts. Once again, they’re blaming state-sponsored actors. According to government officials via The Washington Post, the FBI believes this was the work of Russia.
“State-sponsored hacker from a country we don’t like” is the new designated scapegoat. Every generation needs one. If you were late for work in the 19th century, you would claim that Indians stole your horse. Those who lived in cities blamed immigrant groups and their associated gangs. Last century, anything bad could be attributed to communists, communist sympathizers, Iraq, drugs, and dangerous minorities. Now the go-to fall guy is global warming, terrorists, and state-sponsored hackers. North Korea, Iran, China, Russia, or any former Eastern bloc country will do.
“Hacked by a nation-state” is a great excuse because it invites all sorts of confirmation-seeking. If there’s malware involved, find some similarities it shares with tools used in previous attacks attributed to that country, like
FOR loops. If the hackers sent a phishing email, registered a misspelled domain name, or accessed your database using the internet, point out that that’s consistent with the techniques of state-sponsored hackers. If there’s no evidence at all, it’s because state-sponsored actors have super sophisticated exfiltration techniques that can’t be detected.
Did your company cut corners on the security budget only to get royally pwned? Blame the Russians and instantly escape all liability! It’s like a get-out-of-jail-free card. Instead of dealing with class action lawsuits and demands to fire the CEO, you’ll instantly be treated with sympathy and hailed as a martyr.
(Remember that time Susan Smith drowned her two kids in a lake, and then went on national television and swore that a black guy took them? Is it bad that that’s the first thing I think of whenever someone blames an unpopular nation-state for a big data breach?)
Note: This is not intended to make any implications about the DNC hack. I’m still getting hate mail over this one so let’s just assume the DNC and Podesta are special and leave it at that.