eVestigator® Cyber Forensics Private Investigator Simon Smith questions Yahoo's consumer integrity who only now announced a cybersecurity breach exposing

"This is to me, beyond a disaster. Consumers have an automatic trust in the use of these services. They truly believe that due to the brand they are dealing with, they are protected."

"In Yahoo's announcement it states that they are taking action to protect their users." Mr. Smith said. However Mr. Smith, having several Qualifications in Cyber Security, Risk Management, Investigations and Mitigation has expressed concerns that this does not seem fit with the 'timeliness' and 'priorities' of some of the high-tech computer crimes he has investigated from the 'other' large search engine and email provider.

"They have accused the 2014 hacking to be the work of a 'state sponsored actor'. Is there evidence of this? I note that this accusation of cyber-terrorism still does not deflect the fact that there were insufficient mechanisms to protect user data. However, in looking at the history of this word, I checked out who else has used been the 'victim' of a 'state sponsored actor'."

Mr. Smith performed a minor investigation to see if this may be a typical scapegoat that is used, and if it can even be proven. It has not been disclosed in this case that it has been proven. It seems that in Mr. Smith's experience, "I have noticed this in reverse with so-called cybercrime and banking fraud. Consumers forget that banks guarantee their credit cards against fraud, yet certain banks in cases I have investigated have diverted their customers to police (which is certainly what should happen) but have failed to advise them that they may have a legal liability to reimburse them for their loss."

In Mr. Smith's investigation into the 'state sponsored actor' theory, he found that economic sabotage is a cause that some countries have used in the past that has been proven, but facts are scarce. In Verizon’s 2013 Data Breach Investigations Report (DBIR), on their word it was estimated that a figure of 20 percent of above 47,000 analysed security reports were attributed to state affiliated actors. In the real world most of the major cyber crimes seem to lead to cyber-terrorism and cyber-warfare.

"I am not comfortable in making a statement about that until Yahoo can show evidence. However, I can say that the following questions should be asked:

1. Why does it take a leak and a potential extortion attempt to tell your customers almost two years later their data is stolen? It is uncertain if Yahoo were fully aware. They have stated it is an 'ongoing investigation'. For yahoo to immediately claim that it is a 'state sponsored actor' does indicate that there must have been prior knowledge; so

2. Why weren't the 500 million users made aware of the breach of their privacy and password and personal information enforcements made mandatory?

3. Why does it take a potential or purported criminal activity to spark exposure to the media. Yahoo is a commercial company subject to the same Corporation and Privacy and Consumer Protection laws as any other."

"It is my opinion that a cyber-security breach starts and ends in the hands of the company", Mr. Smith said.

As a financially equipped company, experts are and should be engaged to monitor and block cyber attacks, and at the very minimum, there are standard protocols that every cyber-security trained expert knows to do on immediate attack to avoid damage and mitigate losses, Mr. Smith asserted. 

"It is, in my opinion, no excuse to blame others. The public should have known, Yahoo should have their own experts, and if it is going to be labelled a 'state sponsored actor' attack, it would be more comforting if there was evidence in support of this, like a finding of fact from a court." Mr. Smith, Cyber Forensics Private Investigator from www.evestigator.com.au stated confidently.