American business has entered Never-Never Land, a bizarre place where our own government changes all the rules. Yahoo is the latest example.
Reuters reported last week that Yahoo (YHOO) had complied with a classified U.S. government order to scan all Yahoo Mail traffic for certain information demanded by intelligence agencies. We don’t know what kind of information they wanted.
Perhaps not coincidentally, Yahoo recently said that foreign hackers had obtained millions of user passwords. Such things happen when a company intentionally weakens or bypasses its own cybersecurity measures.
Even more interesting, it appears Yahoo hid the government-directed security breach from its own cybersecurity team. Technology news site Motherboard, citing anonymous former employees, said Yahoo security staff found the scanning tool during a routine checkup.
The company already had a mail scanning system that looked for malware, child pornography, etc. The sources said the U.S. spyware wasn’t simply an addition to that scanner. They described it as a poorly designed, buggy “rootkit.” Executives then told them about the intelligence request.
The engineers were angry, to say the least. Their own government was hacking them with their own company’s permission. Yahoo security chief Alex Stamos appears to have resigned over the issue.