Hacking Yahoo Russian Style
In a recent news story from CNBC, the Justice Department said Wednesday that two Russian intelligence agents and two other people have been indicted on charges stemming from the hacking of at least half a billion Yahoo accounts.
The defendants, including Russian Federal Security Service agents Dmitry Dokuchaev and Igor Sushchin, were able to gain information about “millions of subscribers” at Yahoo, Google, and other webmail providers as late as late last year, the Justice Department said.
Dokuchaev and Sushchin paid co-conspirators Alexsey Belan and Karim Baratov to access email accounts, the Justice Department said.
Acting Assistant Attorney General Mary McCord said that Belan is a “notorious” criminal hacker — one of the FBI’s most wanted — known for hacking U.S. e-commerce companies. Belan used the Yahoo attacks to launch spam campaigns, searched user communications for credit card and gift card numbers, and other schemes to “line his own pockets with money,” McCord said.The FSB, an intelligence and law enforcement agency and a successor to the Soviet KGB — used Belan to break into Yahoo’s network instead of detaining him, McCord said.Baratov, a Canadian, was arrested on Tuesday, the DOJ said. The three others may be in Russia, which doesn’t have an extradition treaty with the United States.Belan was arrested in a European country on a request from the U.S. in June 2013, but he was able to escape to Russia before he could be extradited, the Justice Department said.
Yahoo disclosed two separate data breaches last year, among the biggest in history. A 2013 attack revealed in December affected more than 1 billion user accounts. In a separate 2014 attack, disclosed in September, information was stolen from at least 500 million user accounts.
The Justice Department said the indictments by a federal grand jury in Northern California concerned at least 500 million Yahoo accounts for which account information was stolen, and at least 30 million Yahoo accounts for which account contents. Eighteen accounts with other providers, such as Google, were affected.
Targets included Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies, according to the Justice Department.
“We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible,” Yahoo said in a statement.
Verizon agreed to buy Yahoo before the breaches were disclosed. In February, Verizon cut $350 million from its purchase price for Yahoo. Earlier this month, Yahoo CEO Marissa Mayer said she would forgo her annual bonus in the wake of the intrusions.
Yahoo’s top lawyer, Ronald Bell, resigned this year, after the board of directors concluded that Yahoo’s legal team did not sufficiently pursue information about the hacks.
McCord highlighted the efforts of Yahoo and Google officials, who she said “tirelessly” cooperated with the investigation.
“It is very important for corporations around the country to know, when you are going against the resources and backing of a nation-state, it is not a fair fight, and it is not a fight you are likely to win alone,” McCord said. “But you do not have to go it alone. We can put the full capabilities of the United States behind you to make cases like this, but we cannot do it without your help.”
Brian Stretch, U.S. attorney for the Northern District of California, said technology companies must share a common goal with the DOJ: to protect private communications from cybercriminals under the rule of law.
“Silicon Valley is home to the world’s leading technology companies,” Stretch said. “In recent years, the DOJ has made cybersecurity a top priority. … Part of this effort has involved conducting extensive outreach throughout Silicon Valley.”