March 16, 2017
Two officers of the Russian Federal Security Service (FSB) along with a fugitive from the FBI’s most wanted list and a Canadian resident have been indicted on a litany of charges connected with hacking attacks against Yahoo that impacted half a billion accounts.
A grand jury in the Northern District of California indicted four men for computer hacking, economic espionage and other criminal offenses connected to the September 2014 Yahoo security breach.
The defendants are FSB officers Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43. Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident; and Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian and Kazakh national and a Canadian resident were also indicted.
“Cyber-crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” said Department of Justice Attorney General Jeff Sessions. “But thanks to the tireless efforts of U.S. prosecutors and investigators, as well as our Canadian partners, today we have identified four individuals, including two Russian FSB officers, responsible for unauthorized access to millions of users’ accounts. The United States will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law.”
The Justice Department is accusing FSB officers Dokuchaev and Sushchin of protecting, directing, facilitating and paying “criminal hackers to collect information through computer intrusions in the U.S. and elsewhere.” In the case of Yahoo’s breach, they are accused of working with co-defendants Belan and Baratov.
Belan was indicted both in September 2012 and June 2013 and was named one of the FBI’s Cyber Most Wanted criminals in November 2013. Belan was arrested in a European country on a request from the U.S. in June 2013, but escaped to Russia before he could be extradited. An Interpol notice seeking his arrest has been in place since July of 2013. The Justice Department is suggesting that rather than turn Belan in, Dokuchaev and Sushchin used him to gain unauthorized access to Yahoo’s network.
Aside from allegedly paying Belan, the FSB agents are said to have paid Baratov to access webmail accounts outside of Yahoo’s systems.
It is thought Baratov also used Yahoo’s network to line his pockets, as well, by searching Yahoo user communications for credit card and gift card account numbers. The hacker responsible also redirected a portion of Yahoo search engine web traffic to make commissions and enable the theft of the contacts of at least 30 million Yahoo accounts for a spam campaign.
“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” National Security Division acting assistant attorney general Mary McCord said. “Once again, the Department and the FBI have demonstrated that hackers around the world can and will be exposed and held accountable. State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat. We commend Yahoo and Google for their sustained and invaluable cooperation in the investigation aimed at obtaining justice for, and protecting the privacy of their users.”
According to the Justice Department, hackers used unauthorized access to Yahoo’s systems to steal information from a minimum of 500 million Yahoo accounts and then used some of the data to gain access to the contents of accounts at Yahoo, Google and other webmail providers, including those of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies.
Dokuchaev, a former hacker who was apparently strong-armed into working for the FSB, is already in jail in Russia on treason charges, making it pretty unlikely that he will ever be extradited to stand trial in the U.S.
Baratov was arrested in Canada and is awaiting extradition while Sushchin and Belan remain at large, likely in Russia.
The four men, if convicted, face lengthy prison sentences in the U.S. Sentences for the various charges range in length from two to 20 years.
Jennifer Cowan is the Managing Editor for SiteProNews.