What was the Yahoo email-scanning tool, really?


When it comes to the tool that Yahoo used to scan its customers’ emails on behalf of U.S. intelligence, we have more questions than answers, at this point. 

A growing pile of anonymous—and, therefore, unaccountable—sources has provided media with vague and conflicting stories about what the scanning tool actually did, what content was being scanned and for how long, under what authority, and how it was ultimately discovered.

The whole saga has left experts frustrated as they try to sort out fact from fiction.

The latest twist is a Motherboard report, which, citing two sources (at least one of whom once worked at Yahoo), says previous descriptions of the hacking tool is wrong, that the tool is actually much more powerful than other sources described. Motherboard writes:

The tool was actually more like a “rootkit,” a powerful type of malware that lives deep inside an infected system and gives hackers essentially unfettered access. 

The Yahoo security team was reportedly kept in the dark for much of the time the scanning took place, resulting in the contentious June 2015 departure of Chief Information Security Officer Alex Stamos, who now works at Facebook.

It’s unclear how closely ex-Yahoo anonymous sources would have been able to examine the software, what the process looked like, or what the immediate reaction of the team and leadership was.

 Adm. Michael Rogers, the head of the NSA, said earlier this week that a mass email searching tool “would be illegal.”

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.