Yahoo disclosed on Thursday that details belonging to 500m user accounts were stolen by a government-backed hacker in late 2014.
Yahoo did not disclose which country may be behind the attacks, partly because sharing a name publicly would “fluff the ego” of the perpetrator and give away too much about its investigation, according to sources briefed on the process.
The FBI, which is jointly investigating the massive hack, said: “We take these types of breaches very seriously and will determine how this occurred and who is responsible.”
In order to confirm a government was involved, the FBI and Yahoo would have had to trace the attack to where it originated, and examine what techniques were used.
“It’s down to the code they execute on the network, or the infrastructure they are using to exfiltrate the data, down to how they do it,” said Justin Fier, director for cyber intelligence and analysis at cyber security firm Darktrace.
“How frequently are they stealing data, how much data at a time, how many machines at a time? There are lots of fingerprints you can use towards attribution.”
The major governments allegedly involved in previous hacking incidents are China, Russia, and North Korea.
“China is my top suspect,” said Sean Sullivan, security adviser at cyber security firm F-Secure Labs. “China likes to vacuum up all kinds of information. It has a voracious appetite for personal information.”
In 2014, the same year as the Yahoo data theft, China was held responsible for a massive data breach of 18m people from the United States Office of Personnel Management. Federal officials have put it among the largest breaches of government data in US history.
It is unusual for tech companies to announce that an intrusion was the result of a state-level attack. The most notable example was Google’s disclosure in 2010 of Operation Aurora, a series of cyber attacks it said originated in China. The disclosure eventually led to Google’s decision effectively to withdraw from China.
According to Mr Sullivan, Russian hackers tend to perpetrate targeted attacks, either in areas important for their economy — such as the energy sector — and lately to undermine politicians.
Russian government hackers recently broke into the US Democratic National Committee’s computer network and accessed the organisation’s trove of opposition research on Donald Trump, according to a security firm hired by the DNC.
“There have been no past cases of a service provider like Yahoo being targeted [by Russia],” Mr Sullivan said.
Get alerts on Yahoo! Inc when a new story is published