The fact that it was revealed this week that the breach of over 500 million user accounts at Yahoo was to one degree or another state-sponsored shouldn’t come as much of a surprise to most IT security professionals. The line between cyber criminals and cyber espionage has been blurring for years. Unfortunately, intelligence agencies that already operate outside of the law have few qualms about hiring cyber criminals to achieve their primary goal. It’s apparently only when some of those spies attempt to use those cyber criminals to enrich themselves or blackmail other government officials that any official form of outrage manifests itself.
Of course, it’s hard to say with absolute certainty who did what to whom first in the case of the Yahoo breach. One of the alleged masterminds of the attack is already supposedly in a Russian prison for also using the cybercriminal techniques to hack into both Russian commercial businesses and government agencies and then allegedly sharing those secrets with foreign intelligence agencies.