The U.S. has indicted two Russian intelligence operatives and two hackers for their involvement in the January 2014 theft of data from 500 million Yahoo user accounts.
The Justice Department announced Wednesday that a grand jury in the Northern District of California indicted the individuals for “computer hacking, economic espionage and other criminal offenses in connection with a conspiracy.”
Two of the defendants, Dmitry Dokuchaev and Igor Sushchin, are officers with the Russian Federal Security Service. According to the allegations, the pair paid criminal hackers Alexsey Belan, aka “Magg,” a Russian national and resident and Karim Baratov, a Canadian and Kazakh national and a resident of Canada, to hack the email accounts of thousands of individuals.
Yahoo reported the heist in September 2016. It said it had lost information, both encrypted and unencrypted data, that included personal and contact information, as well as security questions and answers. The company said an internal investigation confirmed the account information was stolen from the company’s network by a third party state-sponsored actor, but didn’t specify which.
Acting Assistant Attorney General Mary McCord of the national security division said during a press conference that the defendants targeted the Yahoo accounts of both Russian and U.S. government and military officials, Russian journalists and employees of other providers whose networks the conspirators sought to exploit.
She also noted that Belan has been indicted twice before in the U.S. for three intrusions into e-commerce companies that victimized millions of customers, and was named one of the FBI’s Cyber Most Wanted criminals in November 2013.
“Belan’s notorious criminal conduct and a pending Interpol Red Notice did not stop the FSB officers who, instead of detaining him, used him to break into Yahoo’s networks,” McCord said.
The FSB officers also allegedly “facilitated” Belan’s other criminal activities, providing him with sensitive FSB information to help him avoid detection by U.S. and other law enforcement agencies outside Russia. Belan then used his access for personal gain, stealing financial information and contact information to facilitate spam campaigns and earn commissions for fraudulently redirecting search engine traffic.
The other hacker, Baratov, was tasked with obtaining access to one the FSB agent’s targets that had a webmail account not with Yahoo. The Justice Department announced that after submitting a provisional arrest warrant to Canadian law enforcement authorities, Baratov was arrested in Canada on March 14. The agency said the matter is still pending with Canadian authorities.
“Cyber crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” said Attorney General Jeff Sessions, who DOJ confirmed is not recussed from this case. “But thanks to the tireless efforts of U.S. prosecutors and investigators, as well as our Canadian partners, today we have identified four individuals, including two Russian FSB officers, responsible for unauthorized access to millions of users’ accounts. The United States will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law.”
FBI Director James Comey also said in a statement that the U.S. is “shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”
McCord thanked both Yahoo and Google for helping in the investigation.
Yahoo put out a statement detailing the company’s response to the hack and thanking the Justice Department and FBI for their work in the investigation.
“This morning’s announcement is consistent with our prior disclosures,” said Chris Madsen, Yahoo’s assistant general counsel and head of global security. “On September 22, 2016, we disclosed our belief that a state-sponsored actor had stolen a copy of certain user account information for approximately 500 million user accounts in late 2014. On December 14, 2016, we provided details on the forging of cookies to gain access to certain user accounts without a password and we linked some of that activity to the same state-sponsored actor.”
He added: “We appreciate the FBI’s diligent investigative work and the DOJ’s decisive action to bring to justice those responsible for the crimes against Yahoo and its users. We’re committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime.”
